Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Zeroaccess.B. and Trojan.Gen.2. and Trojan.backdoor


  • This topic is locked This topic is locked
19 replies to this topic

#1 toobaq

toobaq

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 16 July 2012 - 02:38 PM

Hi there,
I keep recieving notifications from Norton saying it has blocked the Trojan.Zeroaccess.B., Trojan.Gen.2., and Trojan.backdoor. Can I remove the threat from my computer?
DDS logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Zubair at 13:57:05 on 2012-07-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1538 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcxcoms.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Tooba\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.4.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.4.0.12\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.4.0.12\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11g_Plugin.exe -update plugin
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{143B274A-C497-4579-8462-83FE84060C31} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{98BDDF24-30A5-4127-B70D-DB4115A3978B} : DhcpNameServer = 163.244.52.49 163.244.52.50 143.166.33.44
TCP: Interfaces\{E22E9E87-A57D-4DF8-A799-AC1F71C546C8} : DhcpNameServer = 192.168.0.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files\cozi express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\zubair\appdata\roaming\mozilla\firefox\profiles\eeyn2p1p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn_2010_9_0_6\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coFFPlgn_2010_9_0_6
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0404000.00c\symds.sys [2011-10-31 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0404000.00c\symefa.sys [2011-10-31 173176]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0404000.00c\cchpx86.sys [2011-10-31 485512]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20120713.001\IDSvix86.sys [2012-7-13 382624]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-8 214664]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-4-23 25896]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0404000.00c\ironx86.sys [2011-10-31 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0404000.00c\symtdiv.sys [2011-10-31 340088]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\adobe\elements 10 organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-7 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-30 106656]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-8-12 289280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\drivers\AGUx86.sys [2009-4-7 892416]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-8 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-8 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-8 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-8 40552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-12 18:04:21 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 18:55:39 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 18:55:38 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 18:55:38 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 18:55:37 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 18:55:37 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 18:55:37 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-21 18:50:24 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 18:49:54 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 18:49:49 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 18:49:49 171904 ----a-w- c:\windows\system32\wuwebv.dll
.
==================== Find3M ====================
.
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00:53 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll
.
============= FINISH: 13:58:07.89 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 17 July 2012 - 12:52 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 toobaq

toobaq
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 18 July 2012 - 07:25 PM

Security Check log:
Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 26
Java™ SE Development Kit 6 Update 26
Java DB 10.6.2.1
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.63
Adobe Reader X (10.1.2)
Mozilla Firefox (3.6.3) Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````


Combofix:
aComboFix 12-07-18.04 - Tooba 07/18/2012 16:42:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1871 [GMT -5:00]
Running from: c:\users\Tooba\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET3C0.tmp
c:\windows\system32\SET604.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
.
.
2012-07-18 21:49 . 2012-07-18 21:49 -------- d-----w- c:\users\Tooba\AppData\Local\temp
2012-07-18 21:49 . 2012-07-18 21:49 -------- d-----w- c:\users\Zubair\AppData\Local\temp
2012-07-18 21:49 . 2012-07-18 21:49 -------- d-----w- c:\users\Temp\AppData\Local\temp
2012-07-18 21:49 . 2012-07-18 21:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-18 21:49 . 2012-07-18 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 01:18 . 2012-07-17 01:19 -------- d-----w- c:\users\Zubair\AppData\Local\NPE
2012-07-12 18:04 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 18:55 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 18:55 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 18:55 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 18:55 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 18:55 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 18:55 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-21 18:50 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 18:50 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 18:50 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 18:50 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 18:49 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 18:49 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 18:49 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 18:49 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 18:49 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-01 14:03 . 2012-06-12 20:33 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-12 20:33 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-12 20:33 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-12 20:33 133120 ----a-w- c:\windows\system32\cryptsvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 02:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SanDiskSecureAccess_Manager.exe"="c:\users\Tooba\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2011-09-09 27306624]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-24 4452352]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
c:\users\Tooba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-3-9 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2498560]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-09 21:25 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx86.sys [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Tooba\AppData\Roaming\Mozilla\Firefox\Profiles\ifjg4n8d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-oeqvxfh - c:\users\Tooba\AppData\Roaming\s5sf.exe
HKCU-Run-AdobeBridge - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-18 16:49
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,54,bf,11,32,1e,84,e8,45,9f,58,d9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,54,bf,11,32,1e,84,e8,45,9f,58,d9,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-07-18 16:51:34
ComboFix-quarantined-files.txt 2012-07-18 21:51
ComboFix2.txt 2011-06-27 20:01
.
Pre-Run: 245,955,387,392 bytes free
Post-Run: 249,809,154,048 bytes free
.
- - End Of File - - 49EF2648C9DBA7F664C605F808F0463F


I'm not sure of whether the computer is still infected. I recieved a notification from Norton on Monday the 16th saying that the Trojan.Zeroaccess.B. would need to be manually removed, but the trojan removal tool Norton supplied failed to remove the infection. Since then, Norton has stopped sending me notifications saying that it had blocked the trojan, as it was doing before.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 18 July 2012 - 08:13 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 toobaq

toobaq
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 20 July 2012 - 12:56 PM

11:22:47.0093 3776 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
11:22:47.0535 3776 ============================================================
11:22:47.0535 3776 Current date / time: 2012/07/20 11:22:47.0535
11:22:47.0535 3776 SystemInfo:
11:22:47.0535 3776
11:22:47.0535 3776 OS Version: 6.0.6002 ServicePack: 2.0
11:22:47.0535 3776 Product type: Workstation
11:22:47.0535 3776 ComputerName: ZUBAIR-PC
11:22:47.0536 3776 UserName: Tooba
11:22:47.0536 3776 Windows directory: C:\Windows
11:22:47.0536 3776 System windows directory: C:\Windows
11:22:47.0536 3776 Processor architecture: Intel x86
11:22:47.0536 3776 Number of processors: 2
11:22:47.0536 3776 Page size: 0x1000
11:22:47.0536 3776 Boot type: Normal boot
11:22:47.0536 3776 ============================================================
11:22:47.0971 3776 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:22:47.0973 3776 ============================================================
11:22:47.0973 3776 \Device\Harddisk0\DR0:
11:22:47.0973 3776 MBR partitions:
11:22:47.0973 3776 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
11:22:47.0973 3776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x24012800
11:22:47.0973 3776 ============================================================
11:22:48.0002 3776 C: <-> \Device\Harddisk0\DR0\Partition1
11:22:48.0044 3776 D: <-> \Device\Harddisk0\DR0\Partition0
11:22:48.0044 3776 ============================================================
11:22:48.0044 3776 Initialize success
11:22:48.0044 3776 ============================================================
11:22:49.0638 4440 ============================================================
11:22:49.0638 4440 Scan started
11:22:49.0638 4440 Mode: Manual;
11:22:49.0638 4440 ============================================================
11:22:52.0731 4440 A5AGU (2fe5c496b5d731e4a512caa45a9d9ec3) C:\Windows\system32\DRIVERS\AGUx86.sys
11:22:52.0778 4440 A5AGU - ok
11:22:52.0834 4440 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
11:22:52.0838 4440 ACPI - ok
11:22:52.0930 4440 AdobeActiveFileMonitor10.0 (047bd1eb681453a7fe492a71802ac9f3) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
11:22:52.0932 4440 AdobeActiveFileMonitor10.0 - ok
11:22:53.0006 4440 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:22:53.0008 4440 AdobeARMservice - ok
11:22:53.0074 4440 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:22:53.0096 4440 adp94xx - ok
11:22:53.0145 4440 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:22:53.0166 4440 adpahci - ok
11:22:53.0196 4440 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:22:53.0198 4440 adpu160m - ok
11:22:53.0229 4440 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:22:53.0241 4440 adpu320 - ok
11:22:53.0273 4440 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
11:22:53.0274 4440 AeLookupSvc - ok
11:22:53.0329 4440 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
11:22:53.0332 4440 AFD - ok
11:22:53.0383 4440 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:22:53.0397 4440 agp440 - ok
11:22:53.0432 4440 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:22:53.0435 4440 aic78xx - ok
11:22:53.0464 4440 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
11:22:53.0465 4440 ALG - ok
11:22:53.0480 4440 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:22:53.0483 4440 aliide - ok
11:22:53.0508 4440 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:22:53.0511 4440 amdagp - ok
11:22:53.0533 4440 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
11:22:53.0536 4440 amdide - ok
11:22:53.0552 4440 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:22:53.0555 4440 AmdK7 - ok
11:22:53.0576 4440 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
11:22:53.0577 4440 AmdK8 - ok
11:22:53.0611 4440 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
11:22:53.0613 4440 Appinfo - ok
11:22:53.0695 4440 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:22:53.0698 4440 Apple Mobile Device - ok
11:22:53.0739 4440 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:22:53.0765 4440 arc - ok
11:22:53.0806 4440 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:22:53.0810 4440 arcsas - ok
11:22:53.0832 4440 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:22:53.0835 4440 AsyncMac - ok
11:22:53.0862 4440 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
11:22:53.0863 4440 atapi - ok
11:22:53.0907 4440 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:22:53.0912 4440 AudioEndpointBuilder - ok
11:22:53.0920 4440 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:22:53.0924 4440 Audiosrv - ok
11:22:53.0985 4440 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
11:22:54.0220 4440 BBSvc - ok
11:22:54.0259 4440 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
11:22:54.0269 4440 BBUpdate - ok
11:22:54.0292 4440 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:22:54.0292 4440 Beep - ok
11:22:54.0341 4440 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
11:22:54.0346 4440 BFE - ok
11:22:54.0491 4440 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
11:22:54.0508 4440 BHDrvx86 - ok
11:22:54.0582 4440 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
11:22:54.0593 4440 BITS - ok
11:22:54.0638 4440 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:22:54.0654 4440 blbdrive - ok
11:22:54.0740 4440 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe
11:22:54.0755 4440 Bonjour Service - ok
11:22:54.0790 4440 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
11:22:54.0792 4440 bowser - ok
11:22:54.0818 4440 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:22:54.0821 4440 BrFiltLo - ok
11:22:54.0836 4440 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:22:54.0838 4440 BrFiltUp - ok
11:22:54.0865 4440 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
11:22:54.0867 4440 Browser - ok
11:22:54.0954 4440 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:22:54.0960 4440 Brserid - ok
11:22:55.0021 4440 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:22:55.0025 4440 BrSerWdm - ok
11:22:55.0044 4440 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:22:55.0046 4440 BrUsbMdm - ok
11:22:55.0060 4440 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:22:55.0063 4440 BrUsbSer - ok
11:22:55.0080 4440 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:22:55.0083 4440 BTHMODEM - ok
11:22:55.0151 4440 catchme - ok
11:22:55.0245 4440 ccHP (1fa1c0e73eca849bed29a47c508f7f17) C:\Windows\system32\drivers\N360\0404000.00C\ccHPx86.sys
11:22:55.0256 4440 ccHP - ok
11:22:55.0286 4440 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:22:55.0288 4440 cdfs - ok
11:22:55.0317 4440 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
11:22:55.0342 4440 cdrom - ok
11:22:55.0386 4440 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:22:55.0388 4440 CertPropSvc - ok
11:22:55.0414 4440 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
11:22:55.0418 4440 circlass - ok
11:22:55.0452 4440 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
11:22:55.0457 4440 CLFS - ok
11:22:55.0531 4440 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:22:55.0535 4440 clr_optimization_v2.0.50727_32 - ok
11:22:55.0599 4440 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:22:55.0601 4440 clr_optimization_v4.0.30319_32 - ok
11:22:55.0624 4440 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:22:55.0627 4440 cmdide - ok
11:22:55.0642 4440 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
11:22:55.0646 4440 Compbatt - ok
11:22:55.0651 4440 COMSysApp - ok
11:22:55.0678 4440 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:22:55.0680 4440 crcdisk - ok
11:22:55.0694 4440 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:22:55.0698 4440 Crusoe - ok
11:22:55.0737 4440 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
11:22:55.0739 4440 CryptSvc - ok
11:22:55.0804 4440 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:22:55.0813 4440 DcomLaunch - ok
11:22:55.0846 4440 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
11:22:55.0848 4440 DfsC - ok
11:22:55.0977 4440 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
11:22:56.0038 4440 DFSR - ok
11:22:56.0150 4440 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
11:22:56.0153 4440 Dhcp - ok
11:22:56.0197 4440 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
11:22:56.0198 4440 disk - ok
11:22:56.0218 4440 dlcx_device - ok
11:22:56.0260 4440 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
11:22:56.0262 4440 Dnscache - ok
11:22:56.0315 4440 DockLoginService (db29915209770d8b59654345ec2d943a) C:\Program Files\Dell\DellDock\DockLogin.exe
11:22:56.0317 4440 DockLoginService - ok
11:22:56.0354 4440 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
11:22:56.0366 4440 dot3svc - ok
11:22:56.0395 4440 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
11:22:56.0438 4440 Dot4 - ok
11:22:56.0460 4440 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:22:56.0463 4440 Dot4Print - ok
11:22:56.0491 4440 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
11:22:56.0494 4440 dot4usb - ok
11:22:56.0530 4440 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
11:22:56.0532 4440 DPS - ok
11:22:56.0557 4440 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:22:56.0559 4440 drmkaud - ok
11:22:56.0610 4440 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
11:22:56.0618 4440 DXGKrnl - ok
11:22:56.0655 4440 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
11:22:56.0665 4440 e1express - ok
11:22:56.0702 4440 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:22:56.0716 4440 E1G60 - ok
11:22:56.0746 4440 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
11:22:56.0747 4440 EapHost - ok
11:22:56.0797 4440 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
11:22:56.0799 4440 Ecache - ok
11:22:56.0883 4440 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:22:56.0892 4440 eeCtrl - ok
11:22:56.0930 4440 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
11:22:56.0937 4440 ehRecvr - ok
11:22:56.0956 4440 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
11:22:56.0958 4440 ehSched - ok
11:22:56.0977 4440 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
11:22:56.0978 4440 ehstart - ok
11:22:57.0020 4440 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
11:22:57.0077 4440 elxstor - ok
11:22:57.0135 4440 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
11:22:57.0144 4440 EMDMgmt - ok
11:22:57.0229 4440 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:22:57.0233 4440 EraserUtilRebootDrv - ok
11:22:57.0260 4440 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
11:22:57.0279 4440 ErrDev - ok
11:22:57.0322 4440 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
11:22:57.0327 4440 EventSystem - ok
11:22:57.0386 4440 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
11:22:57.0391 4440 exfat - ok
11:22:57.0446 4440 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
11:22:57.0457 4440 fastfat - ok
11:22:57.0478 4440 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:22:57.0482 4440 fdc - ok
11:22:57.0507 4440 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
11:22:57.0510 4440 fdPHost - ok
11:22:57.0528 4440 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
11:22:57.0530 4440 FDResPub - ok
11:22:57.0547 4440 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:22:57.0552 4440 FileInfo - ok
11:22:57.0583 4440 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:22:57.0586 4440 Filetrace - ok
11:22:57.0606 4440 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:22:57.0630 4440 flpydisk - ok
11:22:57.0663 4440 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
11:22:57.0666 4440 FltMgr - ok
11:22:57.0750 4440 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
11:22:57.0760 4440 FontCache - ok
11:22:57.0822 4440 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:22:57.0838 4440 FontCache3.0.0.0 - ok
11:22:57.0876 4440 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
11:22:57.0877 4440 Fs_Rec - ok
11:22:57.0912 4440 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
11:22:57.0916 4440 gagp30kx - ok
11:22:57.0983 4440 GameConsoleService (311acfcdd2c9a99481e91fa4cb028d70) C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
11:22:58.0004 4440 GameConsoleService - ok
11:22:58.0029 4440 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:22:58.0052 4440 GEARAspiWDM - ok
11:22:58.0086 4440 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
11:22:58.0105 4440 GoToAssist - ok
11:22:58.0171 4440 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
11:22:58.0181 4440 gpsvc - ok
11:22:58.0246 4440 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:22:58.0253 4440 HDAudBus - ok
11:22:58.0284 4440 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:22:58.0287 4440 HidBth - ok
11:22:58.0314 4440 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:22:58.0317 4440 HidIr - ok
11:22:58.0345 4440 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
11:22:58.0348 4440 hidserv - ok
11:22:58.0379 4440 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
11:22:58.0382 4440 HidUsb - ok
11:22:58.0414 4440 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
11:22:58.0416 4440 hkmsvc - ok
11:22:58.0444 4440 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
11:22:58.0448 4440 HpCISSs - ok
11:22:58.0549 4440 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:22:58.0553 4440 hpqcxs08 - ok
11:22:58.0605 4440 hpqddsvc (7da3211ac63edd90b8eca1ca1abfd43b) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:22:58.0608 4440 hpqddsvc - ok
11:22:58.0686 4440 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:22:58.0749 4440 HSF_DPV - ok
11:22:58.0786 4440 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
11:22:58.0793 4440 HSXHWBS2 - ok
11:22:58.0842 4440 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
11:22:58.0898 4440 HTTP - ok
11:22:58.0943 4440 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
11:22:58.0968 4440 i2omp - ok
11:22:59.0013 4440 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:22:59.0048 4440 i8042prt - ok
11:22:59.0102 4440 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
11:22:59.0135 4440 iaStorV - ok
11:22:59.0231 4440 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:22:59.0248 4440 idsvc - ok
11:22:59.0396 4440 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120718.001\IDSvix86.sys
11:22:59.0418 4440 IDSVix86 - ok
11:22:59.0496 4440 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:22:59.0513 4440 iirsp - ok
11:22:59.0559 4440 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
11:22:59.0565 4440 IKEEXT - ok
11:22:59.0680 4440 IntcAzAudAddService (e26bd63077d804d0fc71d29a71151010) C:\Windows\system32\drivers\RTKVHDA.sys
11:22:59.0750 4440 IntcAzAudAddService - ok
11:22:59.0843 4440 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:22:59.0863 4440 intelide - ok
11:22:59.0899 4440 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:22:59.0902 4440 intelppm - ok
11:22:59.0928 4440 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
11:22:59.0934 4440 IPBusEnum - ok
11:22:59.0962 4440 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:22:59.0965 4440 IpFilterDriver - ok
11:22:59.0998 4440 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
11:23:00.0001 4440 iphlpsvc - ok
11:23:00.0005 4440 IpInIp - ok
11:23:00.0040 4440 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
11:23:00.0046 4440 IPMIDRV - ok
11:23:00.0080 4440 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:23:00.0083 4440 IPNAT - ok
11:23:00.0155 4440 iPod Service (630d74599070824af3dc63a894adcdfc) C:\Program Files\iPod\bin\iPodService.exe
11:23:00.0161 4440 iPod Service - ok
11:23:00.0192 4440 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:23:00.0195 4440 IRENUM - ok
11:23:00.0214 4440 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
11:23:00.0217 4440 isapnp - ok
11:23:00.0261 4440 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
11:23:00.0265 4440 iScsiPrt - ok
11:23:00.0309 4440 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:23:00.0312 4440 iteatapi - ok
11:23:00.0330 4440 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:23:00.0333 4440 iteraid - ok
11:23:00.0345 4440 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:23:00.0347 4440 kbdclass - ok
11:23:00.0371 4440 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
11:23:00.0372 4440 kbdhid - ok
11:23:00.0398 4440 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:23:00.0400 4440 KeyIso - ok
11:23:00.0455 4440 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
11:23:00.0492 4440 KSecDD - ok
11:23:00.0564 4440 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
11:23:00.0571 4440 KtmRm - ok
11:23:00.0620 4440 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
11:23:00.0624 4440 LanmanServer - ok
11:23:00.0683 4440 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
11:23:00.0687 4440 LanmanWorkstation - ok
11:23:00.0729 4440 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:23:00.0730 4440 lltdio - ok
11:23:00.0771 4440 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
11:23:00.0799 4440 lltdsvc - ok
11:23:00.0827 4440 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
11:23:00.0829 4440 lmhosts - ok
11:23:00.0900 4440 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
11:23:00.0904 4440 LSI_FC - ok
11:23:00.0934 4440 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
11:23:00.0940 4440 LSI_SAS - ok
11:23:00.0976 4440 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
11:23:00.0988 4440 LSI_SCSI - ok
11:23:01.0018 4440 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:23:01.0019 4440 luafv - ok
11:23:01.0055 4440 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
11:23:01.0105 4440 Mcx2Svc - ok
11:23:01.0138 4440 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:23:01.0139 4440 mdmxsdk - ok
11:23:01.0170 4440 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
11:23:01.0173 4440 megasas - ok
11:23:01.0233 4440 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
11:23:01.0247 4440 MegaSR - ok
11:23:01.0308 4440 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys
11:23:01.0328 4440 mfeavfk - ok
11:23:01.0359 4440 mfebopk (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys
11:23:01.0379 4440 mfebopk - ok
11:23:01.0414 4440 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\Windows\system32\drivers\mfehidk.sys
11:23:01.0416 4440 mfehidk - ok
11:23:01.0462 4440 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
11:23:01.0482 4440 mferkdk - ok
11:23:01.0526 4440 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
11:23:01.0565 4440 mfesmfk - ok
11:23:01.0588 4440 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:23:01.0589 4440 MMCSS - ok
11:23:01.0643 4440 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:23:01.0643 4440 Modem - ok
11:23:01.0666 4440 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:23:01.0667 4440 monitor - ok
11:23:01.0677 4440 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:23:01.0680 4440 mouclass - ok
11:23:01.0687 4440 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:23:01.0689 4440 mouhid - ok
11:23:01.0889 4440 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:23:01.0890 4440 MountMgr - ok
11:23:01.0927 4440 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
11:23:01.0946 4440 mpio - ok
11:23:01.0973 4440 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:23:01.0974 4440 mpsdrv - ok
11:23:02.0015 4440 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
11:23:02.0021 4440 MpsSvc - ok
11:23:02.0058 4440 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:23:02.0060 4440 Mraid35x - ok
11:23:02.0089 4440 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
11:23:02.0094 4440 MRxDAV - ok
11:23:02.0140 4440 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:23:02.0145 4440 mrxsmb - ok
11:23:02.0183 4440 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:23:02.0215 4440 mrxsmb10 - ok
11:23:02.0225 4440 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:23:02.0227 4440 mrxsmb20 - ok
11:23:02.0270 4440 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
11:23:02.0290 4440 msahci - ok
11:23:02.0320 4440 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
11:23:02.0323 4440 msdsm - ok
11:23:02.0372 4440 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
11:23:02.0386 4440 MSDTC - ok
11:23:02.0430 4440 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:23:02.0431 4440 Msfs - ok
11:23:02.0448 4440 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:23:02.0449 4440 msisadrv - ok
11:23:02.0481 4440 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
11:23:02.0494 4440 MSiSCSI - ok
11:23:02.0510 4440 msiserver - ok
11:23:02.0549 4440 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:23:02.0552 4440 MSKSSRV - ok
11:23:02.0565 4440 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:23:02.0567 4440 MSPCLOCK - ok
11:23:02.0585 4440 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:23:02.0587 4440 MSPQM - ok
11:23:02.0617 4440 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
11:23:02.0628 4440 MsRPC - ok
11:23:02.0669 4440 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:23:02.0670 4440 mssmbios - ok
11:23:02.0686 4440 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:23:02.0704 4440 MSTEE - ok
11:23:02.0730 4440 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
11:23:02.0731 4440 Mup - ok
11:23:02.0801 4440 N360 (b4187346f54e362daffe647b25a58d50) C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
11:23:02.0802 4440 N360 - ok
11:23:02.0890 4440 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
11:23:02.0897 4440 napagent - ok
11:23:02.0968 4440 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
11:23:02.0978 4440 NativeWifiP - ok
11:23:03.0069 4440 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120718.002\NAVENG.SYS
11:23:03.0116 4440 NAVENG - ok
11:23:03.0334 4440 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120718.002\NAVEX15.SYS
11:23:03.0394 4440 NAVEX15 - ok
11:23:03.0559 4440 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
11:23:03.0564 4440 NDIS - ok
11:23:03.0596 4440 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:23:03.0598 4440 NdisTapi - ok
11:23:03.0617 4440 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:23:03.0618 4440 Ndisuio - ok
11:23:03.0653 4440 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:23:03.0666 4440 NdisWan - ok
11:23:03.0694 4440 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:23:03.0697 4440 NDProxy - ok
11:23:03.0735 4440 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
11:23:03.0736 4440 Net Driver HPZ12 - ok
11:23:03.0765 4440 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:23:03.0767 4440 NetBIOS - ok
11:23:03.0800 4440 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
11:23:03.0804 4440 netbt - ok
11:23:03.0831 4440 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:23:03.0833 4440 Netlogon - ok
11:23:03.0867 4440 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
11:23:03.0878 4440 Netman - ok
11:23:03.0913 4440 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
11:23:03.0917 4440 netprofm - ok
11:23:03.0982 4440 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:23:04.0203 4440 NetTcpPortSharing - ok
11:23:04.0224 4440 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:23:04.0227 4440 nfrd960 - ok
11:23:04.0265 4440 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
11:23:04.0268 4440 NlaSvc - ok
11:23:04.0326 4440 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
11:23:04.0328 4440 Npfs - ok
11:23:04.0355 4440 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
11:23:04.0358 4440 nsi - ok
11:23:04.0371 4440 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:23:04.0372 4440 nsiproxy - ok
11:23:04.0584 4440 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
11:23:04.0628 4440 Ntfs - ok
11:23:04.0644 4440 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:23:04.0663 4440 ntrigdigi - ok
11:23:04.0689 4440 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:23:04.0690 4440 Null - ok
11:23:04.0775 4440 NVENETFD (19055a1c1076ef48e738d26ea7fb8017) C:\Windows\system32\DRIVERS\nvmfdx32.sys
11:23:04.0836 4440 NVENETFD - ok
11:23:05.0612 4440 nvlddmkm (e572ebf0a86a76e7cfcaab00648f0f83) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:23:05.0683 4440 nvlddmkm - ok
11:23:05.0826 4440 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
11:23:05.0828 4440 nvraid - ok
11:23:05.0879 4440 nvrd32 (049e81b6fb41c73619ed3fe4df7d8638) C:\Windows\system32\drivers\nvrd32.sys
11:23:05.0902 4440 nvrd32 - ok
11:23:05.0928 4440 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
11:23:05.0931 4440 nvstor - ok
11:23:05.0939 4440 nvstor32 (7eba6c9a0a295b1559efb9062e701218) C:\Windows\system32\drivers\nvstor32.sys
11:23:05.0941 4440 nvstor32 - ok
11:23:05.0972 4440 nvsvc (f397a6fa4b83d243ad25a1dc401237a0) C:\Windows\system32\nvvsvc.exe
11:23:05.0977 4440 nvsvc - ok
11:23:06.0016 4440 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
11:23:06.0029 4440 nv_agp - ok
11:23:06.0034 4440 NwlnkFlt - ok
11:23:06.0043 4440 NwlnkFwd - ok
11:23:06.0166 4440 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:23:06.0188 4440 odserv - ok
11:23:06.0281 4440 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
11:23:06.0287 4440 ohci1394 - ok
11:23:06.0331 4440 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:23:06.0348 4440 ose - ok
11:23:06.0410 4440 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:23:06.0434 4440 p2pimsvc - ok
11:23:06.0447 4440 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:23:06.0453 4440 p2psvc - ok
11:23:06.0475 4440 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:23:06.0477 4440 Parport - ok
11:23:06.0533 4440 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
11:23:06.0534 4440 partmgr - ok
11:23:06.0549 4440 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:23:06.0551 4440 Parvdm - ok
11:23:06.0579 4440 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
11:23:06.0581 4440 PcaSvc - ok
11:23:06.0618 4440 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
11:23:06.0620 4440 pci - ok
11:23:06.0631 4440 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
11:23:06.0632 4440 pciide - ok
11:23:06.0677 4440 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:23:06.0686 4440 pcmcia - ok
11:23:06.0757 4440 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:23:06.0774 4440 PEAUTH - ok
11:23:06.0903 4440 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
11:23:06.0949 4440 pla - ok
11:23:07.0080 4440 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
11:23:07.0086 4440 PlugPlay - ok
11:23:07.0170 4440 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
11:23:07.0172 4440 Pml Driver HPZ12 - ok
11:23:07.0229 4440 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:23:07.0237 4440 PNRPAutoReg - ok
11:23:07.0255 4440 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:23:07.0264 4440 PNRPsvc - ok
11:23:07.0351 4440 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
11:23:07.0358 4440 PolicyAgent - ok
11:23:07.0419 4440 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:23:07.0438 4440 PptpMiniport - ok
11:23:07.0474 4440 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
11:23:07.0477 4440 Processor - ok
11:23:07.0534 4440 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
11:23:07.0537 4440 ProfSvc - ok
11:23:07.0565 4440 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:23:07.0566 4440 ProtectedStorage - ok
11:23:07.0597 4440 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
11:23:07.0600 4440 PSched - ok
11:23:07.0664 4440 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
11:23:07.0668 4440 PxHelp20 - ok
11:23:07.0774 4440 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
11:23:07.0801 4440 ql2300 - ok
11:23:07.0831 4440 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:23:07.0837 4440 ql40xx - ok
11:23:07.0870 4440 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
11:23:07.0922 4440 QWAVE - ok
11:23:07.0964 4440 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:23:07.0965 4440 QWAVEdrv - ok
11:23:08.0080 4440 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
11:23:08.0143 4440 R300 - ok
11:23:08.0236 4440 RapiMgr (70dbdab246c18b78e2200d6401d038be) C:\Windows\WindowsMobile\rapimgr.dll
11:23:08.0238 4440 RapiMgr - ok
11:23:08.0336 4440 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:23:08.0337 4440 RasAcd - ok
11:23:08.0355 4440 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
11:23:08.0359 4440 RasAuto - ok
11:23:08.0410 4440 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:23:08.0413 4440 Rasl2tp - ok
11:23:08.0455 4440 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
11:23:08.0461 4440 RasMan - ok
11:23:08.0489 4440 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
11:23:08.0492 4440 RasPppoe - ok
11:23:08.0519 4440 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
11:23:08.0522 4440 RasSstp - ok
11:23:08.0550 4440 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
11:23:08.0552 4440 rdbss - ok
11:23:08.0592 4440 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:23:08.0593 4440 RDPCDD - ok
11:23:08.0631 4440 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
11:23:08.0639 4440 rdpdr - ok
11:23:08.0644 4440 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:23:08.0645 4440 RDPENCDD - ok
11:23:08.0704 4440 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
11:23:08.0723 4440 RDPWD - ok
11:23:08.0761 4440 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
11:23:08.0764 4440 RemoteAccess - ok
11:23:08.0798 4440 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
11:23:08.0811 4440 RemoteRegistry - ok
11:23:08.0856 4440 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
11:23:08.0858 4440 RpcLocator - ok
11:23:08.0947 4440 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:23:08.0954 4440 RpcSs - ok
11:23:08.0967 4440 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:23:08.0968 4440 rspndr - ok
11:23:09.0016 4440 RTL8187B (318f4f327190b2aee7aae9cafd19bb19) C:\Windows\system32\DRIVERS\wg111v3.sys
11:23:09.0019 4440 RTL8187B - ok
11:23:09.0068 4440 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
11:23:09.0069 4440 RtlProt - ok
11:23:09.0085 4440 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:23:09.0087 4440 SamSs - ok
11:23:09.0131 4440 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:23:09.0137 4440 sbp2port - ok
11:23:09.0193 4440 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
11:23:09.0207 4440 SCardSvr - ok
11:23:09.0267 4440 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
11:23:09.0279 4440 Schedule - ok
11:23:09.0320 4440 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:23:09.0321 4440 SCPolicySvc - ok
11:23:09.0371 4440 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
11:23:09.0384 4440 SDRSVC - ok
11:23:09.0417 4440 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:23:09.0418 4440 secdrv - ok
11:23:09.0428 4440 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
11:23:09.0431 4440 seclogon - ok
11:23:09.0450 4440 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
11:23:09.0453 4440 SENS - ok
11:23:09.0495 4440 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:23:09.0499 4440 Serenum - ok
11:23:09.0545 4440 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:23:09.0547 4440 Serial - ok
11:23:09.0588 4440 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:23:09.0591 4440 sermouse - ok
11:23:09.0653 4440 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
11:23:09.0657 4440 SessionEnv - ok
11:23:09.0683 4440 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\Windows\system32\drivers\sfdrv01.sys
11:23:09.0685 4440 sfdrv01 - ok
11:23:09.0731 4440 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
11:23:09.0735 4440 sffdisk - ok
11:23:09.0751 4440 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
11:23:09.0755 4440 sffp_mmc - ok
11:23:09.0778 4440 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
11:23:09.0782 4440 sffp_sd - ok
11:23:09.0811 4440 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\Windows\system32\drivers\sfhlp02.sys
11:23:09.0812 4440 sfhlp02 - ok
11:23:09.0831 4440 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:23:09.0835 4440 sfloppy - ok
11:23:09.0857 4440 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\Windows\system32\drivers\sfvfs02.sys
11:23:09.0860 4440 sfvfs02 - ok
11:23:09.0923 4440 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
11:23:09.0930 4440 SharedAccess - ok
11:23:09.0993 4440 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
11:23:09.0999 4440 ShellHWDetection - ok
11:23:10.0033 4440 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
11:23:10.0039 4440 sisagp - ok
11:23:10.0054 4440 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
11:23:10.0057 4440 SiSRaid2 - ok
11:23:10.0073 4440 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
11:23:10.0087 4440 SiSRaid4 - ok
11:23:10.0303 4440 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
11:23:10.0378 4440 slsvc - ok
11:23:10.0466 4440 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
11:23:10.0468 4440 SLUINotify - ok
11:23:10.0501 4440 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
11:23:10.0502 4440 Smb - ok
11:23:10.0566 4440 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
11:23:10.0568 4440 SNMPTRAP - ok
11:23:10.0614 4440 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:23:10.0616 4440 spldr - ok
11:23:10.0654 4440 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
11:23:10.0666 4440 Spooler - ok
11:23:10.0721 4440 sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
11:23:10.0723 4440 sprtsvc_DellSupportCenter - ok
11:23:10.0823 4440 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\N360\0404000.00C\SRTSP.SYS
11:23:10.0878 4440 SRTSP - ok
11:23:10.0906 4440 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\N360\0404000.00C\SRTSPX.SYS
11:23:10.0923 4440 SRTSPX - ok
11:23:10.0974 4440 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
11:23:10.0977 4440 srv - ok
11:23:11.0009 4440 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
11:23:11.0011 4440 srv2 - ok
11:23:11.0091 4440 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
11:23:11.0093 4440 srvnet - ok
11:23:11.0117 4440 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
11:23:11.0138 4440 sscdbus - ok
11:23:11.0187 4440 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
11:23:11.0210 4440 sscdmdfl - ok
11:23:11.0256 4440 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
11:23:11.0273 4440 sscdmdm - ok
11:23:11.0326 4440 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
11:23:11.0334 4440 sscdserd - ok
11:23:11.0371 4440 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
11:23:11.0375 4440 SSDPSRV - ok
11:23:11.0407 4440 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
11:23:11.0411 4440 SstpSvc - ok
11:23:11.0463 4440 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
11:23:11.0471 4440 stisvc - ok
11:23:11.0576 4440 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
11:23:11.0597 4440 stllssvr - ok
11:23:11.0636 4440 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:23:11.0657 4440 swenum - ok
11:23:11.0706 4440 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
11:23:11.0711 4440 swprv - ok
11:23:11.0747 4440 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:23:11.0750 4440 Symc8xx - ok
11:23:11.0826 4440 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0404000.00C\SYMDS.SYS
11:23:11.0881 4440 SymDS - ok
11:23:11.0951 4440 SymEFA (10ba64273feff4df0a7ccb0ff3b9b26b) C:\Windows\system32\drivers\N360\0404000.00C\SYMEFA.SYS
11:23:11.0963 4440 SymEFA - ok
11:23:12.0016 4440 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
11:23:12.0043 4440 SymEvent - ok
11:23:12.0085 4440 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\N360\0404000.00C\Ironx86.SYS
11:23:12.0096 4440 SymIRON - ok
11:23:12.0130 4440 SYMTDIv (b501d61792d8355eae7eb4f7449a9d99) C:\Windows\System32\Drivers\N360\0404000.00C\SYMTDIV.SYS
11:23:12.0137 4440 SYMTDIv - ok
11:23:12.0149 4440 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:23:12.0151 4440 Sym_hi - ok
11:23:12.0165 4440 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:23:12.0167 4440 Sym_u3 - ok
11:23:12.0238 4440 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
11:23:12.0246 4440 SysMain - ok
11:23:12.0265 4440 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
11:23:12.0267 4440 TabletInputService - ok
11:23:12.0307 4440 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
11:23:12.0312 4440 TapiSrv - ok
11:23:12.0348 4440 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
11:23:12.0350 4440 TBS - ok
11:23:12.0417 4440 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
11:23:12.0424 4440 Tcpip - ok
11:23:12.0437 4440 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
11:23:12.0447 4440 Tcpip6 - ok
11:23:12.0473 4440 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
11:23:12.0474 4440 tcpipreg - ok
11:23:12.0487 4440 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:23:12.0489 4440 TDPIPE - ok
11:23:12.0509 4440 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:23:12.0513 4440 TDTCP - ok
11:23:12.0544 4440 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
11:23:12.0546 4440 tdx - ok
11:23:12.0580 4440 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
11:23:12.0602 4440 TermDD - ok
11:23:12.0658 4440 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
11:23:12.0666 4440 TermService - ok
11:23:12.0705 4440 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
11:23:12.0709 4440 Themes - ok
11:23:12.0738 4440 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:23:12.0740 4440 THREADORDER - ok
11:23:12.0763 4440 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
11:23:12.0766 4440 TrkWks - ok
11:23:12.0837 4440 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
11:23:12.0838 4440 TrustedInstaller - ok
11:23:12.0882 4440 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:23:12.0885 4440 tssecsrv - ok
11:23:12.0944 4440 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:23:12.0946 4440 tunmp - ok
11:23:12.0974 4440 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
11:23:12.0975 4440 tunnel - ok
11:23:12.0984 4440 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
11:23:12.0987 4440 uagp35 - ok
11:23:13.0018 4440 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
11:23:13.0021 4440 udfs - ok
11:23:13.0035 4440 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
11:23:13.0038 4440 UI0Detect - ok
11:23:13.0060 4440 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
11:23:13.0085 4440 uliagpkx - ok
11:23:13.0113 4440 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
11:23:13.0121 4440 uliahci - ok
11:23:13.0151 4440 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:23:13.0156 4440 UlSata - ok
11:23:13.0175 4440 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:23:13.0185 4440 ulsata2 - ok
11:23:13.0208 4440 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:23:13.0212 4440 umbus - ok
11:23:13.0232 4440 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
11:23:13.0238 4440 upnphost - ok
11:23:13.0272 4440 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:23:13.0279 4440 usbccgp - ok
11:23:13.0322 4440 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:23:13.0325 4440 usbcir - ok
11:23:13.0354 4440 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
11:23:13.0376 4440 usbehci - ok
11:23:13.0405 4440 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
11:23:13.0426 4440 usbhub - ok
11:23:13.0461 4440 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
11:23:13.0464 4440 usbohci - ok
11:23:13.0493 4440 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
11:23:13.0515 4440 usbprint - ok
11:23:13.0563 4440 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
11:23:13.0566 4440 usbscan - ok
11:23:13.0586 4440 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:23:13.0588 4440 USBSTOR - ok
11:23:13.0610 4440 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:23:13.0617 4440 usbuhci - ok
11:23:13.0644 4440 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
11:23:13.0648 4440 usb_rndisx - ok
11:23:13.0668 4440 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
11:23:13.0671 4440 UxSms - ok
11:23:13.0724 4440 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
11:23:13.0746 4440 vds - ok
11:23:13.0766 4440 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:23:13.0770 4440 vga - ok
11:23:13.0791 4440 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:23:13.0793 4440 VgaSave - ok
11:23:13.0814 4440 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
11:23:13.0818 4440 viaagp - ok
11:23:13.0847 4440 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
11:23:13.0851 4440 ViaC7 - ok
11:23:13.0876 4440 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
11:23:13.0881 4440 viaide - ok
11:23:13.0980 4440 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
11:23:13.0981 4440 Viewpoint Manager Service - ok
11:23:13.0996 4440 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:23:13.0998 4440 volmgr - ok
11:23:14.0034 4440 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
11:23:14.0067 4440 volmgrx - ok
11:23:14.0098 4440 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
11:23:14.0100 4440 volsnap - ok
11:23:14.0120 4440 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
11:23:14.0133 4440 vsmraid - ok
11:23:14.0244 4440 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
11:23:14.0269 4440 VSS - ok
11:23:14.0301 4440 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
11:23:14.0306 4440 W32Time - ok
11:23:14.0347 4440 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:23:14.0349 4440 WacomPen - ok
11:23:14.0364 4440 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:23:14.0366 4440 Wanarp - ok
11:23:14.0370 4440 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:23:14.0371 4440 Wanarpv6 - ok
11:23:14.0476 4440 WcesComm (779f9c90d3fe9c70b6ffd8ef035f3e83) C:\Windows\WindowsMobile\wcescomm.dll
11:23:14.0481 4440 WcesComm - ok
11:23:14.0512 4440 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
11:23:14.0519 4440 wcncsvc - ok
11:23:14.0583 4440 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
11:23:14.0587 4440 WcsPlugInService - ok
11:23:14.0599 4440 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
11:23:14.0602 4440 Wd - ok
11:23:14.0658 4440 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
11:23:14.0670 4440 Wdf01000 - ok
11:23:14.0683 4440 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:23:14.0686 4440 WdiServiceHost - ok
11:23:14.0691 4440 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:23:14.0695 4440 WdiSystemHost - ok
11:23:14.0734 4440 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
11:23:14.0739 4440 WebClient - ok
11:23:14.0773 4440 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
11:23:14.0776 4440 Wecsvc - ok
11:23:14.0807 4440 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
11:23:14.0810 4440 wercplsupport - ok
11:23:14.0840 4440 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
11:23:14.0844 4440 WerSvc - ok
11:23:14.0923 4440 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:23:14.0929 4440 winachsf - ok
11:23:15.0058 4440 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
11:23:15.0095 4440 WinDefend - ok
11:23:15.0102 4440 WinHttpAutoProxySvc - ok
11:23:15.0203 4440 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
11:23:15.0205 4440 Winmgmt - ok
11:23:15.0328 4440 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
11:23:15.0388 4440 WinRM - ok
11:23:15.0490 4440 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
11:23:15.0498 4440 Wlansvc - ok
11:23:15.0542 4440 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
11:23:15.0545 4440 WmiAcpi - ok
11:23:15.0580 4440 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
11:23:15.0581 4440 wmiApSrv - ok
11:23:15.0677 4440 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:23:15.0689 4440 WMPNetworkSvc - ok
11:23:15.0727 4440 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
11:23:15.0740 4440 WPCSvc - ok
11:23:15.0765 4440 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
11:23:15.0768 4440 WPDBusEnum - ok
11:23:15.0882 4440 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:23:15.0890 4440 WPFFontCache_v0400 - ok
11:23:15.0942 4440 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:23:15.0943 4440 ws2ifsl - ok
11:23:15.0981 4440 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
11:23:15.0984 4440 wscsvc - ok
11:23:15.0995 4440 WSearch - ok
11:23:16.0211 4440 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
11:23:16.0240 4440 wuauserv - ok
11:23:16.0325 4440 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:23:16.0327 4440 WUDFRd - ok
11:23:16.0354 4440 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
11:23:16.0357 4440 wudfsvc - ok
11:23:16.0394 4440 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
11:23:16.0395 4440 XAudio - ok
11:23:16.0461 4440 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
11:23:16.0468 4440 XAudioService - ok
11:23:16.0521 4440 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:23:16.0953 4440 \Device\Harddisk0\DR0 - ok
11:23:16.0965 4440 Boot (0x1200) (b62b572d61042360c52ba57fcfc493a9) \Device\Harddisk0\DR0\Partition0
11:23:16.0966 4440 \Device\Harddisk0\DR0\Partition0 - ok
11:23:16.0970 4440 Boot (0x1200) (a4140c4cd205cf4678514c9c421b1f85) \Device\Harddisk0\DR0\Partition1
11:23:16.0971 4440 \Device\Harddisk0\DR0\Partition1 - ok
11:23:16.0975 4440 ============================================================
11:23:16.0975 4440 Scan finished
11:23:16.0975 4440 ============================================================
11:23:16.0997 1848 Detected object count: 0
11:23:16.0997 1848 Actual detected object count: 0





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-20 11:30:25
-----------------------------
11:30:25.512 OS Version: Windows 6.0.6002 Service Pack 2
11:30:25.512 Number of processors: 2 586 0x6B02
11:30:25.513 ComputerName: ZUBAIR-PC UserName: Tooba
11:30:26.290 Initialize success
11:30:33.951 AVAST engine defs: 12072000
11:30:43.800 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
11:30:43.806 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 6
11:30:43.827 Disk 0 MBR read successfully
11:30:43.838 Disk 0 MBR scan
11:30:43.881 Disk 0 Windows VISTA default MBR code
11:30:43.889 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
11:30:43.944 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
11:30:43.977 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294949 MB offset 21084160
11:30:44.026 Disk 0 scanning sectors +625139712
11:30:44.133 Disk 0 scanning C:\Windows\system32\drivers
11:31:06.147 Service scanning
11:31:31.081 Modules scanning
11:31:36.070 Disk 0 trace - called modules:
11:31:36.433 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
11:31:36.439 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c15308]
11:31:36.446 3 CLASSPNP.SYS[807308b3] -> nt!IofCallDriver -> [0x84d1c958]
11:31:36.452 5 acpi.sys[8060c6bc] -> nt!IofCallDriver -> \Device\00000063[0x84d03298]
11:31:37.610 AVAST engine scan C:\Windows
11:31:45.302 AVAST engine scan C:\Windows\system32
11:36:01.468 AVAST engine scan C:\Windows\system32\drivers
11:36:22.712 AVAST engine scan C:\Users\Tooba
11:46:04.162 AVAST engine scan C:\ProgramData
11:57:21.095 Scan finished successfully
12:53:25.535 Disk 0 MBR has been saved successfully to "C:\Users\Tooba\Desktop\MBR.dat"
12:53:25.550 The log file has been saved successfully to "C:\Users\Tooba\Desktop\aswMBR.txt"


Additionally, Norton sent me some notifications saying that Trojan.Zeroaccess.B. is still an unresolved security risk

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 20 July 2012 - 08:55 PM

Greetings


Norton is going to keep doing that so I think you will need to uninstall it and then reinstall it



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 toobaq

toobaq
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 21 July 2012 - 01:00 PM

Okay I will, so is everything fixed then?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 21 July 2012 - 01:24 PM

Greetings

things look allot better and I was hoping you have had a chance to do the reinstall so let me know when you have done it


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 toobaq

toobaq
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 23 July 2012 - 05:07 PM

ComboFix 12-07-21.01 - Tooba 07/22/2012 16:04:56.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1770 [GMT -5:00]
Running from: c:\users\Tooba\Desktop\ComboFix.exe
Command switches used :: c:\users\Tooba\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 21:12 . 2012-07-22 21:12 -------- d-----w- c:\users\Tooba\AppData\Local\temp
2012-07-22 21:12 . 2012-07-22 21:12 -------- d-----w- c:\users\Zubair\AppData\Local\temp
2012-07-22 21:12 . 2012-07-22 21:12 -------- d-----w- c:\users\Temp\AppData\Local\temp
2012-07-22 21:12 . 2012-07-22 21:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-22 21:12 . 2012-07-22 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 20:48 . 2012-07-22 20:47 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-07-22 20:48 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-22 20:48 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2012-07-22 20:47 . 2012-07-22 20:48 -------- d-----w- c:\program files\Symantec
2012-07-22 20:47 . 2012-07-22 20:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-07-22 20:47 . 2012-07-22 20:47 -------- d-----w- c:\windows\system32\drivers\N360
2012-07-22 20:47 . 2012-07-22 20:47 -------- d-----w- c:\program files\Norton Security Suite
2012-07-22 20:47 . 2012-07-22 20:47 -------- d-----w- c:\program files\NortonInstaller
2012-07-17 01:18 . 2012-07-17 01:19 -------- d-----w- c:\users\Zubair\AppData\Local\NPE
2012-07-12 18:04 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 18:55 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 18:55 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 18:55 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 18:55 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 18:55 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 18:55 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 22:19 . 2012-06-21 18:50 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 18:50 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 18:49 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 18:49 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 18:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 18:50 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 18:49 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 18:49 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12 . 2012-06-21 18:49 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-01 14:03 . 2012-06-12 20:33 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 02:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SanDiskSecureAccess_Manager.exe"="c:\users\Tooba\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2011-09-09 27306624]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-24 4452352]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
c:\users\Tooba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-3-9 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2498560]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-09 21:25 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx86.sys [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Tooba\AppData\Roaming\Mozilla\Firefox\Profiles\ifjg4n8d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-22 16:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.0.0.127\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.0.0.127\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,54,bf,11,32,1e,84,e8,45,9f,58,d9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,54,bf,11,32,1e,84,e8,45,9f,58,d9,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1564)
c:\windows\System32\QAgent.dll
.
Completion time: 2012-07-22 16:14:20
ComboFix-quarantined-files.txt 2012-07-22 21:14
ComboFix2.txt 2012-07-18 21:51
ComboFix3.txt 2011-06-27 20:01
.
Pre-Run: 246,573,088,768 bytes free
Post-Run: 250,426,105,856 bytes free
.
- - End Of File - - AFE43186045B80FD3B55EA0B0ED6ABE5


The computer seems to be running fine at this point

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 23 July 2012 - 05:32 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Ask Toolbar
Bing Bar
Java DB 10.6.2.1
Java™ 6 Update 26
Java™ SE Development Kit 6 Update 26
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 toobaq

toobaq
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 25 July 2012 - 02:43 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.25.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Tooba :: ZUBAIR-PC [administrator]

7/25/2012 2:12:19 PM
mbam-log-2012-07-25 (14-12-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219217
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:42:20 PM, on 7/25/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Tooba\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\pcaui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Users\Tooba\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\Tooba\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9082 bytes

Everything is running well at this point

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 25 July 2012 - 03:01 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
      O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\Tooba\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 27 July 2012 - 11:21 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 toobaq

toobaq
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 28 July 2012 - 12:50 AM

I'm sorry I haven't posted in a few days, I got a little busy. But I'm working on the part you posted last, so I'll let you know the information once I'm done.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 28 July 2012 - 01:05 AM

No problem


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users