Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus TrojanDownloader:Win32/Adload.DA help


  • This topic is locked This topic is locked
17 replies to this topic

#1 kuleke

kuleke

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester/Lagos
  • Local time:05:02 AM

Posted 20 July 2012 - 06:07 AM

Ok so I got the notification from the action centre asking me to remove that virus (TrojanDownloader:Win32/Adload.DA). I ran the Microsoft tool it asked me to download but that didnt find anything. I found a software called SpyHunter on a website and its supposed to be trusted but I havent run it yet. Help please!

EDIT: I realise I may have posted this in the wrong forum in my panic, I'll move it to the right one now.

Edited by kuleke, 20 July 2012 - 06:11 AM.


BC AdBot (Login to Remove)

 


#2 kuleke

kuleke
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester/Lagos
  • Local time:05:02 AM

Posted 20 July 2012 - 06:19 AM

i cant seem to download the dds software, its just not downloading

#3 kuleke

kuleke
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester/Lagos
  • Local time:05:02 AM

Posted 20 July 2012 - 06:24 AM

used the 'save file as..' option, below are the results.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Ahmed Oyeleke at 12:20:52 on 2012-07-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4021.1213 [GMT 1:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Common Files\SingleClick Systems\MySQL\bin\mysqld.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\SingleClick Systems\Advanced Networking Service\ans.exe
C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files (x86)\Common Files\SingleClick Systems\apache\bin\httpd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Common Files\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Common Files\SingleClick Systems\apache\bin\httpd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Athan\Athan.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FAUpdateClient.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Temp\FAInstallV2.004.097.Dell.exe
C:\Users\AHMEDO~1.KUL\AppData\Local\Temp\ckz_OPPG\FAInstall.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\SingleClick Systems\apache\php.exe
C:\Windows\system32\conhost.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=my&l=en&s=gen
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
uRun: [Google Update] "C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [FAStartup]
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Athan] C:\Program Files (x86)\Athan\Athan.exe
mRun: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 8.8.4.4 198.6.1.1
TCP: Interfaces\{47B174ED-BCF2-411C-9B18-2AB40748485C} : DhcpNameServer = 8.8.4.4 198.6.1.1
TCP: Interfaces\{47B174ED-BCF2-411C-9B18-2AB40748485C}\3575946445024374022425F414442414E444 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{47B174ED-BCF2-411C-9B18-2AB40748485C}\57C647271626F6F6B6 : DhcpNameServer = 192.168.137.1
TCP: Interfaces\{47B174ED-BCF2-411C-9B18-2AB40748485C}\F4C6F67626F6E6 : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [FAStartup]
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [Athan] C:\Program Files (x86)\Athan\Athan.exe
mRun-x64: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Roaming\Mozilla\Firefox\Profiles\8bl8ep4f.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Autograph 3.3\WebPlayer\npagraph.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF - plugin: C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Facebook\Messenger\2.1.4570.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-12 1161376]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120719.002\IDSviA64.sys [2012-7-20 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Apache2.2;Remote Access Media Server;C:\Program Files (x86)\Common Files\SingleClick Systems\apache\bin\httpd.exe [2011-9-9 20549]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 dsl-db;Remote Access DB;C:\Program Files (x86)\Common Files\SingleClick Systems\MySQL\bin\mysqld.exe [2010-12-1 6098944]
R2 dsl-fs-sync;Remote Access File Sync Service;C:\Program Files (x86)\Common Files\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [2011-10-28 230248]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-6-24 2368776]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccsvchst.exe [2012-6-19 138232]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-20 1692480]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-19 138912]
R3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-3-20 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-3-20 79360]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.188\McCHSvc.exe [2010-10-5 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-29 113120]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-3-20 79360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
.
=============== Created Last 30 ================
.
2012-07-19 08:32:50 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\{24B41020-0F83-4317-959E-4A2B1B49F4D0}
2012-07-19 08:32:21 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\{1BC42D89-DA6C-474A-91EA-7642B825E526}
2012-07-16 14:10:08 -------- d-----w- C:\Windows\pss
2012-07-15 13:37:26 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\SKIDROW
2012-07-12 16:37:01 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\RockMelt
2012-07-11 23:16:57 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 17:34:20 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-07-11 17:34:20 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2012-07-11 17:34:20 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 17:34:20 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-07-11 17:34:20 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-07-11 17:34:20 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 17:34:20 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 17:34:20 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-07-11 17:34:20 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 17:34:20 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-11 17:34:20 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 17:34:20 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-07-11 17:34:20 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 17:00:29 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 17:00:29 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 17:00:28 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 17:00:28 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 17:00:28 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 17:00:28 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-11 16:31:07 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-11 16:31:06 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-07-11 16:31:06 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-11 16:31:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-07-11 16:31:06 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-11 16:31:06 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-11 16:31:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-11 16:31:06 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-11 16:31:06 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-07-11 00:34:36 -------- d-sh--w- C:\Users\Ahmed Oyeleke.Kuleke-PC\wc
2012-07-11 00:34:05 -------- d-sh--w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Roaming\wyUpdate AU
2012-07-11 00:28:54 424960 ----a-w- C:\Windows\System32\hpb64.dll
2012-07-11 00:28:49 311296 ----a-w- C:\Windows\SysWow64\hpb.dll
2012-07-05 17:45:34 5030088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-02 21:19:09 -------- d-----w- C:\Program Files\iPod
2012-07-02 21:19:08 -------- d-----w- C:\Program Files\iTunes
2012-07-01 14:37:49 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-01 14:37:49 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-27 17:30:42 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\CrashDumps
2012-06-27 13:03:59 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2012-06-23 00:23:15 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{411F5FB0-B98A-440D-B43F-8F72F1CC9AC5}\mpengine.dll
2012-06-23 00:18:44 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-23 00:18:06 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-23 00:17:44 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-23 00:17:44 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-06-19 14:08:19 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 12:21:38.51 ===============

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 25 July 2012 - 06:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461571 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 kuleke

kuleke
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester/Lagos
  • Local time:05:02 AM

Posted 25 July 2012 - 06:28 AM

Thanks for the response, I have yet to get rid of it. Here's the new DDS log.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Ahmed Oyeleke at 12:23:52 on 2012-07-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4021.1793 [GMT 1:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Common Files\SingleClick Systems\MySQL\bin\mysqld.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\SingleClick Systems\Advanced Networking Service\ans.exe
C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\SingleClick Systems\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\SingleClick Systems\apache\bin\httpd.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Facebook\Messenger\2.1.4587.0\FacebookMessenger.exe
C:\Program Files (x86)\Athan\Athan.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\jusched.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\prevhost.exe
C:\PROGRA~2\MICROS~2\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Common Files\SingleClick Systems\apache\php.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=my&l=en&s=gen
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Face recognition web login for FastAccess: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
uRun: [Google Update] "C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [FAStartup]
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Athan] C:\Program Files (x86)\Athan\Athan.exe
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
StartupFolder: C:\Users\AHMEDO~1.KUL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Facebook\Messenger\2.1.4587.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 8.8.4.4 198.6.1.1
TCP: Interfaces\{47B174ED-BCF2-411C-9B18-2AB40748485C} : DhcpNameServer = 8.8.4.4 198.6.1.1
TCP: Interfaces\{47B174ED-BCF2-411C-9B18-2AB40748485C}\3575946445024374022425F414442414E444 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{47B174ED-BCF2-411C-9B18-2AB40748485C}\57C647271626F6F6B6 : DhcpNameServer = 192.168.137.1
TCP: Interfaces\{47B174ED-BCF2-411C-9B18-2AB40748485C}\F4C6F67626F6E6 : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Face recognition web login for FastAccess: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: SSOIEAddonBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [FAStartup]
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [Athan] C:\Program Files (x86)\Athan\Athan.exe
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Roaming\Mozilla\Firefox\Profiles\8bl8ep4f.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Autograph 3.3\WebPlayer\npagraph.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF - plugin: C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Facebook\Messenger\2.1.4587.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-12 1161376]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120724.001\IDSviA64.sys [2012-7-25 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Apache2.2;Remote Access Media Server;C:\Program Files (x86)\Common Files\SingleClick Systems\apache\bin\httpd.exe [2011-9-9 20549]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 dsl-db;Remote Access DB;C:\Program Files (x86)\Common Files\SingleClick Systems\MySQL\bin\mysqld.exe [2010-12-1 6098944]
R2 dsl-fs-sync;Remote Access File Sync Service;C:\Program Files (x86)\Common Files\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [2011-10-28 230248]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-4-23 2412728]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccsvchst.exe [2012-6-19 138232]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-20 1692480]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-19 138912]
R3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-22 250056]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-3-20 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-3-20 79360]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.188\McCHSvc.exe [2010-10-5 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-29 113120]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-3-20 79360]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
.
=============== Created Last 30 ================
.
2012-07-24 08:36:17 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Roaming\Edraw Max
2012-07-24 08:35:10 -------- d-----w- C:\Program Files (x86)\Edraw Max
2012-07-24 05:06:07 -------- d-----w- C:\Temp
2012-07-24 04:52:16 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Samsung
2012-07-24 04:52:05 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Roaming\Samsung
2012-07-24 04:50:22 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-07-24 04:50:22 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-07-24 04:48:21 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-07-24 04:47:53 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2012-07-24 04:47:53 -------- d-----w- C:\Program Files (x86)\MarkAny
2012-07-24 04:47:21 -------- d-----w- C:\ProgramData\Samsung
2012-07-24 04:47:21 -------- d-----w- C:\Program Files (x86)\Samsung
2012-07-23 12:57:11 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\{2D796DBA-2838-41F2-BDBF-E58214BF427D}
2012-07-23 12:56:50 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\{63B0C7B5-023A-4B73-A369-5466D0FF9260}
2012-07-22 12:22:15 9226440 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-07-22 11:52:47 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-19 08:32:50 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\{24B41020-0F83-4317-959E-4A2B1B49F4D0}
2012-07-19 08:32:21 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\{1BC42D89-DA6C-474A-91EA-7642B825E526}
2012-07-16 14:10:08 -------- d-----w- C:\Windows\pss
2012-07-15 13:37:26 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\SKIDROW
2012-07-12 16:37:01 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\RockMelt
2012-07-11 23:16:57 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 17:34:20 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-07-11 17:34:20 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2012-07-11 17:34:20 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 17:34:20 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-07-11 17:34:20 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-07-11 17:34:20 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 17:34:20 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 17:34:20 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-07-11 17:34:20 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 17:34:20 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-11 17:34:20 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 17:34:20 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-07-11 17:34:20 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 17:00:29 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 17:00:29 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 17:00:28 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 17:00:28 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 17:00:28 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 17:00:28 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-11 16:31:07 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-11 16:31:06 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-07-11 16:31:06 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-11 16:31:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-07-11 16:31:06 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-11 16:31:06 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-11 16:31:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-11 16:31:06 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-11 16:31:06 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-07-11 00:34:36 -------- d-sh--w- C:\Users\Ahmed Oyeleke.Kuleke-PC\wc
2012-07-11 00:34:05 -------- d-sh--w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Roaming\wyUpdate AU
2012-07-11 00:28:54 424960 ----a-w- C:\Windows\System32\hpb64.dll
2012-07-11 00:28:49 311296 ----a-w- C:\Windows\SysWow64\hpb.dll
2012-07-05 17:45:34 5030088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-02 21:19:09 -------- d-----w- C:\Program Files\iPod
2012-07-02 21:19:08 -------- d-----w- C:\Program Files\iTunes
2012-07-01 14:37:49 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-01 14:37:49 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-27 17:30:42 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\CrashDumps
2012-06-27 13:03:59 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
.
==================== Find3M ====================
.
2012-07-22 12:22:53 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-19 14:08:19 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-28 23:38:50 330240 ----a-w- C:\Windows\MASetupCaller.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
============= FINISH: 12:24:47.61 ===============

Attached Files



#6 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:07:02 AM

Posted 25 July 2012 - 07:30 AM

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.




Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#7 kuleke

kuleke
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester/Lagos
  • Local time:05:02 AM

Posted 25 July 2012 - 07:45 AM

Hi Daniel,

Thanks for your time. Here's the log from TDSKiller:


13:42:27.0023 8736 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:42:29.0025 8736 ============================================================
13:42:29.0026 8736 Current date / time: 2012/07/25 13:42:29.0025
13:42:29.0026 8736 SystemInfo:
13:42:29.0026 8736
13:42:29.0026 8736 OS Version: 6.1.7601 ServicePack: 1.0
13:42:29.0026 8736 Product type: Workstation
13:42:29.0026 8736 ComputerName: KULEKE-PC
13:42:29.0026 8736 UserName: Ahmed Oyeleke
13:42:29.0026 8736 Windows directory: C:\Windows
13:42:29.0026 8736 System windows directory: C:\Windows
13:42:29.0026 8736 Running under WOW64
13:42:29.0026 8736 Processor architecture: Intel x64
13:42:29.0026 8736 Number of processors: 4
13:42:29.0026 8736 Page size: 0x1000
13:42:29.0026 8736 Boot type: Normal boot
13:42:29.0026 8736 ============================================================
13:42:32.0865 8736 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:42:32.0926 8736 ============================================================
13:42:32.0926 8736 \Device\Harddisk0\DR0:
13:42:32.0933 8736 MBR partitions:
13:42:32.0933 8736 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
13:42:32.0933 8736 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x3247D66B
13:42:32.0963 8736 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x341DE800, BlocksNum 0x61A7000
13:42:32.0963 8736 ============================================================
13:42:33.0146 8736 C: <-> \Device\Harddisk0\DR0\Partition1
13:42:33.0439 8736 E: <-> \Device\Harddisk0\DR0\Partition2
13:42:33.0439 8736 ============================================================
13:42:33.0439 8736 Initialize success
13:42:33.0439 8736 ============================================================
13:42:38.0234 0340 ============================================================
13:42:38.0234 0340 Scan started
13:42:38.0234 0340 Mode: Manual;
13:42:38.0234 0340 ============================================================
13:42:39.0728 0340 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:42:39.0739 0340 1394ohci - ok
13:42:39.0786 0340 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:42:39.0799 0340 ACPI - ok
13:42:39.0818 0340 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:42:39.0820 0340 AcpiPmi - ok
13:42:39.0929 0340 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:42:39.0931 0340 AdobeARMservice - ok
13:42:40.0093 0340 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:42:40.0102 0340 AdobeFlashPlayerUpdateSvc - ok
13:42:40.0197 0340 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:42:40.0225 0340 adp94xx - ok
13:42:40.0275 0340 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:42:40.0288 0340 adpahci - ok
13:42:40.0318 0340 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:42:40.0331 0340 adpu320 - ok
13:42:40.0361 0340 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:42:40.0364 0340 AeLookupSvc - ok
13:42:40.0442 0340 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:42:40.0498 0340 AFD - ok
13:42:40.0538 0340 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:42:40.0542 0340 agp440 - ok
13:42:40.0560 0340 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:42:40.0562 0340 ALG - ok
13:42:40.0578 0340 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:42:40.0580 0340 aliide - ok
13:42:40.0623 0340 AMD External Events Utility (5989d711769200f0f3e145319250472b) C:\Windows\system32\atiesrxx.exe
13:42:40.0625 0340 AMD External Events Utility - ok
13:42:40.0643 0340 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:42:40.0645 0340 amdide - ok
13:42:40.0679 0340 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:42:40.0682 0340 AmdK8 - ok
13:42:40.0701 0340 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:42:40.0703 0340 AmdPPM - ok
13:42:40.0736 0340 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:42:40.0739 0340 amdsata - ok
13:42:40.0765 0340 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:42:40.0780 0340 amdsbs - ok
13:42:40.0793 0340 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:42:40.0795 0340 amdxata - ok
13:42:40.0875 0340 Apache2.2 (44ceaff41ede4297f30913ddf80d17c1) C:\Program Files (x86)\Common Files\SingleClick Systems\apache\bin\httpd.exe
13:42:40.0876 0340 Apache2.2 - ok
13:42:40.0995 0340 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:42:40.0996 0340 AppID - ok
13:42:41.0039 0340 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:42:41.0042 0340 AppIDSvc - ok
13:42:41.0081 0340 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:42:41.0083 0340 Appinfo - ok
13:42:41.0171 0340 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:42:41.0174 0340 Apple Mobile Device - ok
13:42:41.0207 0340 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:42:41.0210 0340 arc - ok
13:42:41.0231 0340 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:42:41.0233 0340 arcsas - ok
13:42:41.0259 0340 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:42:41.0261 0340 AsyncMac - ok
13:42:41.0301 0340 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:42:41.0302 0340 atapi - ok
13:42:41.0343 0340 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
13:42:41.0352 0340 AtiHdmiService - ok
13:42:41.0878 0340 atikmdag (b5fb227a09a9ec28163fa4b45487c3c7) C:\Windows\system32\DRIVERS\atikmdag.sys
13:42:41.0979 0340 atikmdag - ok
13:42:42.0274 0340 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:42:42.0292 0340 AudioEndpointBuilder - ok
13:42:42.0298 0340 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:42:42.0302 0340 AudioSrv - ok
13:42:42.0346 0340 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:42:42.0350 0340 AxInstSV - ok
13:42:42.0408 0340 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:42:42.0423 0340 b06bdrv - ok
13:42:42.0465 0340 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:42:42.0478 0340 b57nd60a - ok
13:42:42.0492 0340 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
13:42:42.0495 0340 BCM42RLY - ok
13:42:42.0721 0340 BCM43XX (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys
13:42:42.0791 0340 BCM43XX - ok
13:42:43.0191 0340 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:42:43.0218 0340 BDESVC - ok
13:42:43.0254 0340 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:42:43.0256 0340 Beep - ok
13:42:43.0351 0340 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:42:43.0367 0340 BFE - ok
13:42:43.0570 0340 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
13:42:43.0592 0340 BHDrvx64 - ok
13:42:43.0775 0340 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:42:43.0797 0340 BITS - ok
13:42:43.0836 0340 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:42:43.0838 0340 blbdrive - ok
13:42:43.0914 0340 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:42:43.0927 0340 Bonjour Service - ok
13:42:43.0962 0340 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:42:43.0965 0340 bowser - ok
13:42:43.0989 0340 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:42:43.0993 0340 BrFiltLo - ok
13:42:44.0007 0340 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:42:44.0009 0340 BrFiltUp - ok
13:42:44.0060 0340 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:42:44.0064 0340 Browser - ok
13:42:44.0095 0340 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:42:44.0109 0340 Brserid - ok
13:42:44.0126 0340 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:42:44.0128 0340 BrSerWdm - ok
13:42:44.0140 0340 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:42:44.0142 0340 BrUsbMdm - ok
13:42:44.0156 0340 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:42:44.0158 0340 BrUsbSer - ok
13:42:44.0199 0340 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
13:42:44.0199 0340 BthEnum - ok
13:42:44.0222 0340 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:42:44.0225 0340 BTHMODEM - ok
13:42:44.0241 0340 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
13:42:44.0245 0340 BthPan - ok
13:42:44.0311 0340 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
13:42:44.0331 0340 BTHPORT - ok
13:42:44.0369 0340 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:42:44.0372 0340 bthserv - ok
13:42:44.0390 0340 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
13:42:44.0393 0340 BTHUSB - ok
13:42:44.0431 0340 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
13:42:44.0439 0340 btwaudio - ok
13:42:44.0470 0340 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
13:42:44.0472 0340 btwavdt - ok
13:42:44.0615 0340 btwdins (6dde1e97be4d50253dfb9090a6a62524) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
13:42:44.0628 0340 btwdins - ok
13:42:44.0652 0340 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
13:42:44.0654 0340 btwl2cap - ok
13:42:44.0660 0340 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
13:42:44.0661 0340 btwrchid - ok
13:42:44.0769 0340 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
13:42:44.0781 0340 ccSet_N360 - ok
13:42:44.0819 0340 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:42:44.0822 0340 cdfs - ok
13:42:44.0879 0340 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:42:44.0892 0340 cdrom - ok
13:42:44.0944 0340 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:42:44.0947 0340 CertPropSvc - ok
13:42:44.0972 0340 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:42:44.0974 0340 circlass - ok
13:42:45.0025 0340 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:42:45.0040 0340 CLFS - ok
13:42:45.0103 0340 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:42:45.0107 0340 clr_optimization_v2.0.50727_32 - ok
13:42:45.0142 0340 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:42:45.0146 0340 clr_optimization_v2.0.50727_64 - ok
13:42:45.0229 0340 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:42:45.0243 0340 clr_optimization_v4.0.30319_32 - ok
13:42:45.0277 0340 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:42:45.0291 0340 clr_optimization_v4.0.30319_64 - ok
13:42:45.0321 0340 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:42:45.0323 0340 CmBatt - ok
13:42:45.0338 0340 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:42:45.0341 0340 cmdide - ok
13:42:45.0421 0340 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
13:42:45.0454 0340 CNG - ok
13:42:45.0477 0340 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:42:45.0479 0340 Compbatt - ok
13:42:45.0567 0340 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:42:45.0569 0340 CompositeBus - ok
13:42:45.0572 0340 COMSysApp - ok
13:42:45.0599 0340 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:42:45.0601 0340 crcdisk - ok
13:42:45.0664 0340 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
13:42:45.0667 0340 Creative ALchemy AL6 Licensing Service - ok
13:42:45.0715 0340 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
13:42:45.0718 0340 Creative Audio Engine Licensing Service - ok
13:42:45.0770 0340 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
13:42:45.0782 0340 CryptSvc - ok
13:42:45.0852 0340 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
13:42:45.0865 0340 CTAudSvcService - ok
13:42:45.0883 0340 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
13:42:45.0892 0340 CtClsFlt - ok
13:42:45.0930 0340 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
13:42:45.0933 0340 dc3d - ok
13:42:46.0070 0340 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:42:46.0107 0340 DcomLaunch - ok
13:42:46.0157 0340 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:42:46.0174 0340 defragsvc - ok
13:42:46.0220 0340 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:42:46.0223 0340 DfsC - ok
13:42:46.0280 0340 dg_ssudbus (6060106ce00f32f63f1a73160e46e9d2) C:\Windows\system32\DRIVERS\ssudbus.sys
13:42:46.0282 0340 dg_ssudbus - ok
13:42:46.0328 0340 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:42:46.0342 0340 Dhcp - ok
13:42:46.0361 0340 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:42:46.0362 0340 discache - ok
13:42:46.0390 0340 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:42:46.0392 0340 Disk - ok
13:42:46.0425 0340 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:42:46.0437 0340 Dnscache - ok
13:42:46.0515 0340 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
13:42:46.0516 0340 DockLoginService - ok
13:42:46.0572 0340 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:42:46.0588 0340 dot3svc - ok
13:42:46.0628 0340 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:42:46.0640 0340 DPS - ok
13:42:46.0660 0340 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:42:46.0663 0340 drmkaud - ok
13:42:47.0332 0340 dsl-db (5e6e1767246796cc9f5bb0cb9eaa1d7c) C:\Program Files (x86)\Common Files\SingleClick Systems\MySQL\bin\mysqld.exe
13:42:47.0437 0340 dsl-db - ok
13:42:47.0476 0340 dsl-fs-sync (03e8a7a10d9020a4e3a87b97475ec35e) C:\Program Files (x86)\Common Files\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe
13:42:47.0478 0340 dsl-fs-sync - ok
13:42:47.0706 0340 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:42:47.0728 0340 DXGKrnl - ok
13:42:47.0761 0340 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:42:47.0764 0340 EapHost - ok
13:42:47.0989 0340 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:42:48.0057 0340 ebdrv - ok
13:42:48.0278 0340 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:42:48.0292 0340 eeCtrl - ok
13:42:48.0433 0340 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:42:48.0436 0340 EFS - ok
13:42:48.0535 0340 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:42:48.0559 0340 ehRecvr - ok
13:42:48.0589 0340 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:42:48.0602 0340 ehSched - ok
13:42:48.0687 0340 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:42:48.0726 0340 elxstor - ok
13:42:48.0826 0340 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:42:48.0840 0340 EraserUtilRebootDrv - ok
13:42:48.0876 0340 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:42:48.0878 0340 ErrDev - ok
13:42:48.0946 0340 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:42:48.0972 0340 EventSystem - ok
13:42:49.0014 0340 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:42:49.0028 0340 exfat - ok
13:42:49.0062 0340 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
13:42:49.0072 0340 FACAP - ok
13:42:49.0291 0340 FAService (2b85d60e470acf871e4ef0db02e26861) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
13:42:49.0358 0340 FAService - ok
13:42:49.0517 0340 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:42:49.0529 0340 fastfat - ok
13:42:49.0734 0340 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:42:49.0759 0340 Fax - ok
13:42:49.0779 0340 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:42:49.0781 0340 fdc - ok
13:42:49.0828 0340 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:42:49.0832 0340 fdPHost - ok
13:42:49.0841 0340 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:42:49.0845 0340 FDResPub - ok
13:42:49.0869 0340 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:42:49.0872 0340 FileInfo - ok
13:42:49.0887 0340 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:42:49.0890 0340 Filetrace - ok
13:42:49.0905 0340 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:42:49.0908 0340 flpydisk - ok
13:42:49.0940 0340 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:42:49.0956 0340 FltMgr - ok
13:42:50.0053 0340 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:42:50.0078 0340 FontCache - ok
13:42:50.0138 0340 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:42:50.0139 0340 FontCache3.0.0.0 - ok
13:42:50.0166 0340 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:42:50.0169 0340 FsDepends - ok
13:42:50.0204 0340 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:42:50.0223 0340 Fs_Rec - ok
13:42:50.0268 0340 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:42:50.0280 0340 fvevol - ok
13:42:50.0310 0340 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:42:50.0312 0340 gagp30kx - ok
13:42:50.0334 0340 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:42:50.0335 0340 GEARAspiWDM - ok
13:42:50.0405 0340 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
13:42:50.0426 0340 GoToAssist - ok
13:42:50.0533 0340 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:42:50.0557 0340 gpsvc - ok
13:42:50.0575 0340 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:42:50.0577 0340 hcw85cir - ok
13:42:50.0624 0340 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:42:50.0632 0340 HDAudBus - ok
13:42:50.0648 0340 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:42:50.0650 0340 HidBatt - ok
13:42:50.0676 0340 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:42:50.0680 0340 HidBth - ok
13:42:50.0708 0340 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:42:50.0711 0340 HidIr - ok
13:42:50.0734 0340 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:42:50.0737 0340 hidserv - ok
13:42:50.0773 0340 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:42:50.0777 0340 HidUsb - ok
13:42:50.0815 0340 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:42:50.0825 0340 hkmsvc - ok
13:42:50.0972 0340 hnmsvc (490c10af786f8ec660f800c698747c35) C:\Program Files (x86)\Common Files\SingleClick Systems\Advanced Networking Service\ans.exe
13:42:50.0978 0340 hnmsvc - ok
13:42:51.0026 0340 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:42:51.0055 0340 HomeGroupListener - ok
13:42:51.0229 0340 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:42:51.0234 0340 HomeGroupProvider - ok
13:42:51.0311 0340 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:42:51.0313 0340 HpSAMD - ok
13:42:51.0413 0340 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:42:51.0434 0340 HTTP - ok
13:42:51.0482 0340 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:42:51.0483 0340 hwpolicy - ok
13:42:51.0542 0340 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:42:51.0551 0340 i8042prt - ok
13:42:51.0595 0340 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:42:51.0612 0340 iaStorV - ok
13:42:51.0708 0340 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:42:51.0731 0340 idsvc - ok
13:42:51.0896 0340 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120724.001\IDSvia64.sys
13:42:51.0914 0340 IDSVia64 - ok
13:42:52.0125 0340 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:42:52.0127 0340 iirsp - ok
13:42:52.0346 0340 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:42:52.0371 0340 IKEEXT - ok
13:42:52.0404 0340 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
13:42:52.0417 0340 Impcd - ok
13:42:52.0465 0340 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:42:52.0467 0340 intelide - ok
13:42:52.0489 0340 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:42:52.0491 0340 intelppm - ok
13:42:52.0537 0340 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:42:52.0541 0340 IPBusEnum - ok
13:42:52.0614 0340 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:42:52.0617 0340 IpFilterDriver - ok
13:42:52.0674 0340 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:42:52.0708 0340 iphlpsvc - ok
13:42:52.0751 0340 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:42:52.0754 0340 IPMIDRV - ok
13:42:52.0778 0340 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:42:52.0787 0340 IPNAT - ok
13:42:52.0914 0340 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
13:42:52.0961 0340 iPod Service - ok
13:42:52.0983 0340 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:42:52.0986 0340 IRENUM - ok
13:42:53.0060 0340 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:42:53.0061 0340 isapnp - ok
13:42:53.0093 0340 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:42:53.0107 0340 iScsiPrt - ok
13:42:53.0149 0340 itecir (8d990a44b4f2b68e2c56a3724ec3eb84) C:\Windows\system32\DRIVERS\itecir.sys
13:42:53.0151 0340 itecir - ok
13:42:53.0193 0340 k57nd60a (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys
13:42:53.0208 0340 k57nd60a - ok
13:42:53.0221 0340 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:42:53.0224 0340 kbdclass - ok
13:42:53.0233 0340 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:42:53.0235 0340 kbdhid - ok
13:42:53.0285 0340 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:42:53.0286 0340 KeyIso - ok
13:42:53.0324 0340 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
13:42:53.0325 0340 KSecDD - ok
13:42:53.0344 0340 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
13:42:53.0346 0340 KSecPkg - ok
13:42:53.0372 0340 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:42:53.0374 0340 ksthunk - ok
13:42:53.0418 0340 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:42:53.0432 0340 KtmRm - ok
13:42:53.0485 0340 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
13:42:53.0496 0340 LanmanServer - ok
13:42:53.0537 0340 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:42:53.0546 0340 LanmanWorkstation - ok
13:42:53.0580 0340 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:42:53.0583 0340 lltdio - ok
13:42:53.0612 0340 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:42:53.0629 0340 lltdsvc - ok
13:42:53.0650 0340 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:42:53.0653 0340 lmhosts - ok
13:42:53.0692 0340 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:42:53.0705 0340 LSI_FC - ok
13:42:53.0723 0340 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:42:53.0726 0340 LSI_SAS - ok
13:42:53.0749 0340 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:42:53.0757 0340 LSI_SAS2 - ok
13:42:53.0782 0340 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:42:53.0791 0340 LSI_SCSI - ok
13:42:53.0817 0340 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:42:53.0820 0340 luafv - ok
13:42:53.0905 0340 McComponentHostService (ea517bcefae13eca620306181b34c33d) C:\Program Files (x86)\McAfee Security Scan\3.0.188\McCHSvc.exe
13:42:53.0952 0340 McComponentHostService - ok
13:42:53.0993 0340 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:42:54.0020 0340 Mcx2Svc - ok
13:42:54.0038 0340 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:42:54.0040 0340 megasas - ok
13:42:54.0077 0340 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:42:54.0094 0340 MegaSR - ok
13:42:54.0160 0340 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:42:54.0163 0340 Microsoft Office Groove Audit Service - ok
13:42:54.0190 0340 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:42:54.0193 0340 MMCSS - ok
13:42:54.0211 0340 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:42:54.0213 0340 Modem - ok
13:42:54.0241 0340 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:42:54.0244 0340 monitor - ok
13:42:54.0286 0340 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:42:54.0288 0340 mouclass - ok
13:42:54.0316 0340 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:42:54.0319 0340 mouhid - ok
13:42:54.0372 0340 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:42:54.0375 0340 mountmgr - ok
13:42:54.0468 0340 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:42:54.0476 0340 MozillaMaintenance - ok
13:42:54.0519 0340 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:42:54.0532 0340 mpio - ok
13:42:54.0560 0340 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:42:54.0572 0340 mpsdrv - ok
13:42:54.0675 0340 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:42:54.0697 0340 MpsSvc - ok
13:42:54.0745 0340 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:42:54.0758 0340 MRxDAV - ok
13:42:54.0791 0340 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:42:54.0805 0340 mrxsmb - ok
13:42:54.0839 0340 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:42:54.0853 0340 mrxsmb10 - ok
13:42:54.0873 0340 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:42:54.0881 0340 mrxsmb20 - ok
13:42:54.0919 0340 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:42:54.0921 0340 msahci - ok
13:42:54.0944 0340 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:42:54.0958 0340 msdsm - ok
13:42:55.0079 0340 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:42:55.0190 0340 MSDTC - ok
13:42:55.0245 0340 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:42:55.0351 0340 Msfs - ok
13:42:55.0362 0340 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:42:55.0364 0340 mshidkmdf - ok
13:42:55.0397 0340 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:42:55.0462 0340 msisadrv - ok
13:42:55.0636 0340 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:42:55.0650 0340 MSiSCSI - ok
13:42:55.0653 0340 msiserver - ok
13:42:55.0678 0340 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:42:55.0680 0340 MSKSSRV - ok
13:42:55.0701 0340 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:42:55.0703 0340 MSPCLOCK - ok
13:42:55.0708 0340 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:42:55.0709 0340 MSPQM - ok
13:42:55.0769 0340 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:42:55.0781 0340 MsRPC - ok
13:42:55.0821 0340 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:42:55.0822 0340 mssmbios - ok
13:42:55.0833 0340 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:42:55.0835 0340 MSTEE - ok
13:42:55.0846 0340 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:42:55.0848 0340 MTConfig - ok
13:42:55.0871 0340 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:42:55.0874 0340 Mup - ok
13:42:56.0007 0340 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
13:42:56.0009 0340 N360 - ok
13:42:56.0046 0340 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:42:56.0066 0340 napagent - ok
13:42:56.0128 0340 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:42:56.0144 0340 NativeWifiP - ok
13:42:56.0395 0340 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120724.018\ENG64.SYS
13:42:56.0398 0340 NAVENG - ok
13:42:56.0765 0340 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120724.018\EX64.SYS
13:42:56.0826 0340 NAVEX15 - ok
13:42:57.0040 0340 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:42:57.0062 0340 NDIS - ok
13:42:57.0101 0340 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:42:57.0104 0340 NdisCap - ok
13:42:57.0116 0340 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:42:57.0118 0340 NdisTapi - ok
13:42:57.0161 0340 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:42:57.0164 0340 Ndisuio - ok
13:42:57.0208 0340 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:42:57.0222 0340 NdisWan - ok
13:42:57.0262 0340 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:42:57.0265 0340 NDProxy - ok
13:42:57.0303 0340 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:42:57.0304 0340 NetBIOS - ok
13:42:57.0465 0340 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:42:57.0470 0340 NetBT - ok
13:42:57.0518 0340 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:42:57.0519 0340 Netlogon - ok
13:42:57.0576 0340 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:42:57.0589 0340 Netman - ok
13:42:57.0623 0340 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:42:57.0629 0340 netprofm - ok
13:42:57.0685 0340 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:42:57.0689 0340 NetTcpPortSharing - ok
13:42:57.0712 0340 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:42:57.0714 0340 nfrd960 - ok
13:42:57.0757 0340 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:42:57.0774 0340 NlaSvc - ok
13:42:57.0788 0340 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:42:57.0791 0340 Npfs - ok
13:42:57.0806 0340 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:42:57.0808 0340 nsi - ok
13:42:57.0821 0340 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:42:57.0822 0340 nsiproxy - ok
13:42:58.0068 0340 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:42:58.0105 0340 Ntfs - ok
13:42:58.0247 0340 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
13:42:58.0249 0340 NuidFltr - ok
13:42:58.0266 0340 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:42:58.0268 0340 Null - ok
13:42:58.0321 0340 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:42:58.0335 0340 nvraid - ok
13:42:58.0361 0340 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:42:58.0376 0340 nvstor - ok
13:42:58.0412 0340 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:42:58.0420 0340 nv_agp - ok
13:42:58.0499 0340 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:42:58.0516 0340 odserv - ok
13:42:58.0553 0340 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:42:58.0561 0340 ohci1394 - ok
13:42:58.0611 0340 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:42:58.0624 0340 ose - ok
13:42:58.0669 0340 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:42:58.0682 0340 p2pimsvc - ok
13:42:58.0733 0340 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:42:58.0782 0340 p2psvc - ok
13:42:58.0810 0340 Packet (99e6aa0ae2d05389ba7f7dff6866b569) C:\Windows\system32\DRIVERS\packet.sys
13:42:58.0813 0340 Packet - ok
13:42:58.0842 0340 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:42:58.0845 0340 Parport - ok
13:42:58.0884 0340 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:42:58.0887 0340 partmgr - ok
13:42:58.0911 0340 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:42:58.0924 0340 PcaSvc - ok
13:42:59.0026 0340 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
13:42:59.0029 0340 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
13:42:59.0073 0340 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:42:59.0086 0340 pci - ok
13:42:59.0104 0340 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:42:59.0107 0340 pciide - ok
13:42:59.0150 0340 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:42:59.0160 0340 pcmcia - ok
13:42:59.0182 0340 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:42:59.0185 0340 pcw - ok
13:42:59.0244 0340 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:42:59.0284 0340 PEAUTH - ok
13:42:59.0392 0340 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:42:59.0395 0340 PerfHost - ok
13:42:59.0673 0340 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:42:59.0719 0340 pla - ok
13:42:59.0776 0340 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:42:59.0790 0340 PlugPlay - ok
13:42:59.0810 0340 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:42:59.0814 0340 PNRPAutoReg - ok
13:42:59.0846 0340 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:42:59.0849 0340 PNRPsvc - ok
13:42:59.0901 0340 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
13:42:59.0904 0340 Point64 - ok
13:42:59.0971 0340 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:42:59.0989 0340 PolicyAgent - ok
13:43:00.0023 0340 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:43:00.0035 0340 Power - ok
13:43:00.0073 0340 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:43:00.0082 0340 PptpMiniport - ok
13:43:00.0109 0340 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:43:00.0111 0340 Processor - ok
13:43:00.0157 0340 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
13:43:00.0168 0340 ProfSvc - ok
13:43:00.0200 0340 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:43:00.0202 0340 ProtectedStorage - ok
13:43:00.0246 0340 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:43:00.0253 0340 Psched - ok
13:43:00.0278 0340 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
13:43:00.0280 0340 PxHlpa64 - ok
13:43:00.0407 0340 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:43:00.0442 0340 ql2300 - ok
13:43:00.0569 0340 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:43:00.0577 0340 ql40xx - ok
13:43:00.0614 0340 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:43:00.0649 0340 QWAVE - ok
13:43:00.0661 0340 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:43:00.0663 0340 QWAVEdrv - ok
13:43:00.0679 0340 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:43:00.0681 0340 RasAcd - ok
13:43:00.0707 0340 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:43:00.0709 0340 RasAgileVpn - ok
13:43:00.0743 0340 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:43:00.0753 0340 RasAuto - ok
13:43:00.0797 0340 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:43:00.0799 0340 Rasl2tp - ok
13:43:00.0879 0340 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:43:00.0893 0340 RasMan - ok
13:43:00.0987 0340 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:43:00.0990 0340 RasPppoe - ok
13:43:01.0008 0340 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:43:01.0011 0340 RasSstp - ok
13:43:01.0050 0340 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:43:01.0064 0340 rdbss - ok
13:43:01.0076 0340 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:43:01.0079 0340 rdpbus - ok
13:43:01.0095 0340 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:43:01.0095 0340 RDPCDD - ok
13:43:01.0113 0340 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:43:01.0113 0340 RDPENCDD - ok
13:43:01.0124 0340 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:43:01.0124 0340 RDPREFMP - ok
13:43:01.0172 0340 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
13:43:01.0175 0340 RDPWD - ok
13:43:01.0234 0340 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:43:01.0245 0340 rdyboost - ok
13:43:01.0273 0340 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:43:01.0283 0340 RemoteAccess - ok
13:43:01.0415 0340 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:43:01.0431 0340 RemoteRegistry - ok
13:43:01.0474 0340 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
13:43:01.0486 0340 RFCOMM - ok
13:43:01.0516 0340 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys
13:43:01.0520 0340 rimspci - ok
13:43:01.0550 0340 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
13:43:01.0553 0340 RimUsb - ok
13:43:01.0594 0340 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
13:43:01.0597 0340 RimVSerPort - ok
13:43:01.0616 0340 risdpcie (a6da2b0c8f5bb3f9f5423cff8d6a02d9) C:\Windows\system32\DRIVERS\risdpe64.sys
13:43:01.0619 0340 risdpcie - ok
13:43:01.0638 0340 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys
13:43:01.0640 0340 rixdpcie - ok
13:43:01.0663 0340 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
13:43:01.0665 0340 ROOTMODEM - ok
13:43:01.0817 0340 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
13:43:01.0874 0340 RoxMediaDB10 - ok
13:43:01.0908 0340 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:43:01.0912 0340 RpcEptMapper - ok
13:43:01.0935 0340 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:43:01.0938 0340 RpcLocator - ok
13:43:02.0001 0340 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:43:02.0005 0340 RpcSs - ok
13:43:02.0170 0340 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:43:02.0173 0340 rspndr - ok
13:43:02.0176 0340 RxFilter - ok
13:43:02.0212 0340 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:43:02.0214 0340 SamSs - ok
13:43:02.0296 0340 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:43:02.0300 0340 sbp2port - ok
13:43:02.0330 0340 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:43:02.0365 0340 SCardSvr - ok
13:43:02.0534 0340 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:43:02.0535 0340 scfilter - ok
13:43:02.0663 0340 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:43:02.0687 0340 Schedule - ok
13:43:02.0723 0340 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:43:02.0724 0340 SCPolicySvc - ok
13:43:02.0766 0340 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:43:02.0806 0340 SDRSVC - ok
13:43:02.0885 0340 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:43:02.0888 0340 secdrv - ok
13:43:02.0900 0340 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:43:02.0916 0340 seclogon - ok
13:43:02.0951 0340 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:43:02.0954 0340 SENS - ok
13:43:03.0027 0340 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:43:03.0036 0340 SensrSvc - ok
13:43:03.0050 0340 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:43:03.0053 0340 Serenum - ok
13:43:03.0075 0340 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:43:03.0078 0340 Serial - ok
13:43:03.0136 0340 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:43:03.0139 0340 sermouse - ok
13:43:03.0187 0340 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:43:03.0200 0340 SessionEnv - ok
13:43:03.0234 0340 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:43:03.0237 0340 sffdisk - ok
13:43:03.0245 0340 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:43:03.0247 0340 sffp_mmc - ok
13:43:03.0252 0340 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:43:03.0254 0340 sffp_sd - ok
13:43:03.0271 0340 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:43:03.0273 0340 sfloppy - ok
13:43:03.0480 0340 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
13:43:03.0524 0340 SftService - ok
13:43:03.0684 0340 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:43:03.0705 0340 SharedAccess - ok
13:43:03.0762 0340 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:43:03.0784 0340 ShellHWDetection - ok
13:43:03.0826 0340 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:43:03.0829 0340 SiSRaid2 - ok
13:43:03.0852 0340 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:43:03.0855 0340 SiSRaid4 - ok
13:43:04.0130 0340 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:43:04.0209 0340 Skype C2C Service - ok
13:43:04.0294 0340 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:43:04.0418 0340 SkypeUpdate - ok
13:43:04.0604 0340 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:43:04.0607 0340 Smb - ok
13:43:04.0641 0340 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:43:04.0645 0340 SNMPTRAP - ok
13:43:04.0690 0340 Sound Blaster X-Fi MB Licensing Service (9b24dca429f819db314f30ee4c6c80fd) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
13:43:04.0701 0340 Sound Blaster X-Fi MB Licensing Service - ok
13:43:04.0713 0340 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:43:04.0716 0340 spldr - ok
13:43:04.0786 0340 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:43:04.0820 0340 Spooler - ok
13:43:05.0124 0340 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:43:05.0189 0340 sppsvc - ok
13:43:05.0292 0340 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:43:05.0309 0340 sppuinotify - ok
13:43:05.0370 0340 sprtsvc_DellComms (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
13:43:05.0373 0340 sprtsvc_DellComms - ok
13:43:05.0521 0340 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS
13:43:05.0577 0340 SRTSP - ok
13:43:05.0595 0340 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
13:43:05.0597 0340 SRTSPX - ok
13:43:05.0658 0340 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:43:05.0714 0340 srv - ok
13:43:05.0755 0340 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:43:05.0771 0340 srv2 - ok
13:43:05.0810 0340 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:43:05.0824 0340 srvnet - ok
13:43:05.0867 0340 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:43:05.0879 0340 SSDPSRV - ok
13:43:05.0894 0340 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:43:05.0899 0340 SstpSvc - ok
13:43:05.0954 0340 ssudmdm (855335bf5792e56164f98c012e3d92dd) C:\Windows\system32\DRIVERS\ssudmdm.sys
13:43:05.0966 0340 ssudmdm - ok
13:43:06.0071 0340 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
13:43:06.0075 0340 STacSV - ok
13:43:06.0142 0340 Steam Client Service - ok
13:43:06.0177 0340 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:43:06.0180 0340 stexstor - ok
13:43:06.0240 0340 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
13:43:06.0263 0340 STHDA - ok
13:43:06.0340 0340 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:43:06.0365 0340 stisvc - ok
13:43:06.0499 0340 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
13:43:06.0502 0340 stllssvr - ok
13:43:06.0537 0340 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:43:06.0539 0340 swenum - ok
13:43:06.0612 0340 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:43:06.0654 0340 swprv - ok
13:43:06.0768 0340 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
13:43:06.0802 0340 SymDS - ok
13:43:06.0898 0340 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
13:43:06.0965 0340 SymEFA - ok
13:43:07.0029 0340 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
13:43:07.0042 0340 SymEvent - ok
13:43:07.0068 0340 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
13:43:07.0080 0340 SymIRON - ok
13:43:07.0134 0340 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS
13:43:07.0150 0340 SymNetS - ok
13:43:07.0202 0340 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys
13:43:07.0216 0340 SynTP - ok
13:43:07.0594 0340 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:43:07.0643 0340 SysMain - ok
13:43:07.0785 0340 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:43:07.0795 0340 TabletInputService - ok
13:43:07.0827 0340 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:43:07.0843 0340 TapiSrv - ok
13:43:07.0877 0340 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:43:07.0879 0340 TBS - ok
13:43:08.0039 0340 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:43:08.0082 0340 Tcpip - ok
13:43:08.0292 0340 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:43:08.0301 0340 TCPIP6 - ok
13:43:08.0394 0340 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:43:08.0396 0340 tcpipreg - ok
13:43:08.0421 0340 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:43:08.0423 0340 TDPIPE - ok
13:43:08.0460 0340 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:43:08.0463 0340 TDTCP - ok
13:43:08.0509 0340 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:43:08.0516 0340 tdx - ok
13:43:08.0569 0340 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:43:08.0578 0340 TermDD - ok
13:43:08.0647 0340 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:43:08.0688 0340 TermService - ok
13:43:08.0720 0340 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:43:08.0723 0340 Themes - ok
13:43:08.0753 0340 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:43:08.0754 0340 THREADORDER - ok
13:43:08.0789 0340 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:43:08.0797 0340 TrkWks - ok
13:43:08.0864 0340 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:43:08.0877 0340 TrustedInstaller - ok
13:43:08.0921 0340 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:43:08.0924 0340 tssecsrv - ok
13:43:08.0964 0340 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:43:08.0967 0340 TsUsbFlt - ok
13:43:09.0026 0340 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:43:09.0035 0340 tunnel - ok
13:43:09.0060 0340 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:43:09.0063 0340 uagp35 - ok
13:43:09.0099 0340 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:43:09.0114 0340 udfs - ok
13:43:09.0141 0340 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:43:09.0145 0340 UI0Detect - ok
13:43:09.0200 0340 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:43:09.0203 0340 uliagpkx - ok
13:43:09.0242 0340 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:43:09.0245 0340 umbus - ok
13:43:09.0265 0340 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:43:09.0266 0340 UmPass - ok
13:43:09.0301 0340 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:43:09.0322 0340 upnphost - ok
13:43:09.0393 0340 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
13:43:09.0396 0340 USBAAPL64 - ok
13:43:09.0412 0340 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:43:09.0415 0340 usbccgp - ok
13:43:09.0453 0340 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:43:09.0456 0340 usbcir - ok
13:43:09.0476 0340 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:43:09.0478 0340 usbehci - ok
13:43:09.0526 0340 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:43:09.0544 0340 usbhub - ok
13:43:09.0560 0340 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:43:09.0563 0340 usbohci - ok
13:43:09.0577 0340 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:43:09.0579 0340 usbprint - ok
13:43:09.0604 0340 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:43:09.0608 0340 USBSTOR - ok
13:43:09.0624 0340 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:43:09.0627 0340 usbuhci - ok
13:43:09.0663 0340 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:43:09.0677 0340 usbvideo - ok
13:43:09.0716 0340 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
13:43:09.0718 0340 usb_rndisx - ok
13:43:09.0746 0340 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:43:09.0749 0340 UxSms - ok
13:43:10.0069 0340 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:43:10.0070 0340 VaultSvc - ok
13:43:10.0103 0340 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:43:10.0104 0340 vdrvroot - ok
13:43:10.0181 0340 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:43:10.0201 0340 vds - ok
13:43:10.0231 0340 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:43:10.0234 0340 vga - ok
13:43:10.0274 0340 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:43:10.0276 0340 VgaSave - ok
13:43:10.0302 0340 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:43:10.0314 0340 vhdmp - ok
13:43:10.0328 0340 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:43:10.0330 0340 viaide - ok
13:43:10.0351 0340 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:43:10.0353 0340 volmgr - ok
13:43:10.0411 0340 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:43:10.0422 0340 volmgrx - ok
13:43:10.0455 0340 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:43:10.0468 0340 volsnap - ok
13:43:10.0501 0340 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:43:10.0515 0340 vsmraid - ok
13:43:10.0661 0340 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:43:10.0701 0340 VSS - ok
13:43:10.0835 0340 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:43:10.0837 0340 vwifibus - ok
13:43:10.0869 0340 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:43:10.0872 0340 vwififlt - ok
13:43:10.0897 0340 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:43:10.0900 0340 vwifimp - ok
13:43:10.0953 0340 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:43:10.0970 0340 W32Time - ok
13:43:10.0989 0340 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:43:10.0992 0340 WacomPen - ok
13:43:11.0047 0340 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:43:11.0049 0340 WANARP - ok
13:43:11.0052 0340 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:43:11.0054 0340 Wanarpv6 - ok
13:43:11.0191 0340 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:43:11.0223 0340 WatAdminSvc - ok
13:43:11.0349 0340 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:43:11.0389 0340 wbengine - ok
13:43:11.0635 0340 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:43:11.0647 0340 WbioSrvc - ok
13:43:11.0709 0340 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:43:11.0720 0340 wcncsvc - ok
13:43:11.0736 0340 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:43:11.0740 0340 WcsPlugInService - ok
13:43:11.0768 0340 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:43:11.0770 0340 Wd - ok
13:43:11.0811 0340 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
13:43:11.0813 0340 WDC_SAM - ok
13:43:12.0031 0340 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:43:12.0068 0340 Wdf01000 - ok
13:43:12.0102 0340 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:43:12.0113 0340 WdiServiceHost - ok
13:43:12.0116 0340 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:43:12.0118 0340 WdiSystemHost - ok
13:43:12.0170 0340 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:43:12.0187 0340 WebClient - ok
13:43:12.0230 0340 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:43:12.0247 0340 Wecsvc - ok
13:43:12.0269 0340 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:43:12.0271 0340 wercplsupport - ok
13:43:12.0300 0340 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:43:12.0303 0340 WerSvc - ok
13:43:12.0374 0340 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:43:12.0376 0340 WfpLwf - ok
13:43:12.0413 0340 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
13:43:12.0422 0340 WimFltr - ok
13:43:12.0446 0340 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:43:12.0449 0340 WIMMount - ok
13:43:12.0487 0340 WinDefend - ok
13:43:12.0492 0340 WinHttpAutoProxySvc - ok
13:43:12.0694 0340 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:43:12.0698 0340 Winmgmt - ok
13:43:12.0862 0340 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:43:12.0927 0340 WinRM - ok
13:43:13.0108 0340 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:43:13.0110 0340 WinUsb - ok
13:43:13.0174 0340 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:43:13.0200 0340 Wlansvc - ok
13:43:13.0408 0340 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:43:13.0448 0340 wlidsvc - ok
13:43:13.0477 0340 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
13:43:13.0478 0340 wltrysvc - ok
13:43:13.0598 0340 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:43:13.0601 0340 WmiAcpi - ok
13:43:13.0672 0340 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:43:13.0679 0340 wmiApSrv - ok
13:43:13.0702 0340 WMPNetworkSvc - ok
13:43:13.0800 0340 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe
13:43:13.0817 0340 WMZuneComm - ok
13:43:13.0898 0340 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:43:13.0946 0340 WPCSvc - ok
13:43:14.0086 0340 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:43:14.0088 0340 WPDBusEnum - ok
13:43:14.0112 0340 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:43:14.0114 0340 ws2ifsl - ok
13:43:14.0135 0340 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
13:43:14.0145 0340 wscsvc - ok
13:43:14.0148 0340 WSearch - ok
13:43:14.0332 0340 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:43:14.0379 0340 wuauserv - ok
13:43:14.0493 0340 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:43:14.0496 0340 WudfPf - ok
13:43:14.0522 0340 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:43:14.0532 0340 WUDFRd - ok
13:43:14.0569 0340 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:43:14.0573 0340 wudfsvc - ok
13:43:14.0601 0340 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:43:14.0612 0340 WwanSvc - ok
13:43:15.0152 0340 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe
13:43:15.0297 0340 ZuneNetworkSvc - ok
13:43:15.0367 0340 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
13:43:15.0382 0340 ZuneWlanCfgSvc - ok
13:43:15.0441 0340 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:43:15.0851 0340 \Device\Harddisk0\DR0 - ok
13:43:15.0854 0340 Boot (0x1200) (3e7493f37fb2627d65e3a607ff7cc27e) \Device\Harddisk0\DR0\Partition0
13:43:15.0856 0340 \Device\Harddisk0\DR0\Partition0 - ok
13:43:15.0871 0340 Boot (0x1200) (4deff0d5a229708a61854d8836d92d5d) \Device\Harddisk0\DR0\Partition1
13:43:15.0874 0340 \Device\Harddisk0\DR0\Partition1 - ok
13:43:15.0903 0340 Boot (0x1200) (e2ee318b21afadbb47387ba085dfabd4) \Device\Harddisk0\DR0\Partition2
13:43:15.0906 0340 \Device\Harddisk0\DR0\Partition2 - ok
13:43:15.0906 0340 ============================================================
13:43:15.0906 0340 Scan finished
13:43:15.0906 0340 ============================================================
13:43:15.0916 9100 Detected object count: 0
13:43:15.0916 9100 Actual detected object count: 0
13:43:27.0443 8164 Deinitialize success

#8 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:07:02 AM

Posted 25 July 2012 - 10:11 AM

. I found a software called SpyHunter


Please uninstall this kind of Software. It is crap and IMHO itself is Malware.



Do you have any problems with this system ?
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#9 kuleke

kuleke
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester/Lagos
  • Local time:05:02 AM

Posted 25 July 2012 - 01:04 PM

I never actually installed SpyHunter, I decided to go on this forum to post my issue instead. I have yet to experience any issues I don't think, I'm just here because I've heard it can do very bad things and I want to avoid any bad things lurking.

This might not be related but may be worth sharing; my connection spikes every few seconds like so:

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation. All rights reserved.

C:\Users\Ahmed Oyeleke.Kuleke-PC>ping -t google.com

Pinging google.com [74.125.238.8] with 32 bytes of data:
Reply from 74.125.238.8: bytes=32 time=71ms TTL=57
Reply from 74.125.238.8: bytes=32 time=85ms TTL=57
Request timed out.
Reply from 74.125.238.8: bytes=32 time=89ms TTL=57
Reply from 74.125.238.8: bytes=32 time=78ms TTL=57
Reply from 74.125.238.8: bytes=32 time=82ms TTL=57
Reply from 74.125.238.8: bytes=32 time=71ms TTL=57
Reply from 74.125.238.8: bytes=32 time=75ms TTL=57
Reply from 74.125.238.8: bytes=32 time=88ms TTL=57
Reply from 74.125.238.8: bytes=32 time=294ms TTL=57
Reply from 74.125.238.8: bytes=32 time=251ms TTL=57

Reply from 74.125.238.8: bytes=32 time=74ms TTL=57
Reply from 74.125.238.8: bytes=32 time=73ms TTL=57
Reply from 74.125.238.8: bytes=32 time=92ms TTL=57
Request timed out.
Reply from 74.125.238.8: bytes=32 time=102ms TTL=57
Reply from 74.125.238.8: bytes=32 time=99ms TTL=57
Reply from 74.125.238.8: bytes=32 time=127ms TTL=57
Reply from 74.125.238.8: bytes=32 time=100ms TTL=57
Reply from 74.125.238.8: bytes=32 time=84ms TTL=57
Reply from 74.125.238.8: bytes=32 time=78ms TTL=57
Reply from 74.125.238.8: bytes=32 time=58ms TTL=57
Reply from 74.125.238.8: bytes=32 time=82ms TTL=57
Reply from 74.125.238.8: bytes=32 time=75ms TTL=57
Reply from 74.125.238.8: bytes=32 time=74ms TTL=57
Reply from 74.125.238.8: bytes=32 time=88ms TTL=57
Reply from 74.125.238.8: bytes=32 time=96ms TTL=57
Reply from 74.125.238.8: bytes=32 time=113ms TTL=57
Reply from 74.125.238.8: bytes=32 time=145ms TTL=57
Reply from 74.125.238.8: bytes=32 time=279ms TTL=57
Reply from 74.125.238.8: bytes=32 time=223ms TTL=57

Reply from 74.125.238.8: bytes=32 time=68ms TTL=57
Reply from 74.125.238.8: bytes=32 time=87ms TTL=57
Reply from 74.125.238.8: bytes=32 time=86ms TTL=57

Ping statistics for 74.125.238.8:
Packets: Sent = 34, Received = 32, Lost = 2 (5% loss),
Approximate round trip times in milli-seconds:
Minimum = 58ms, Maximum = 294ms, Average = 108ms
Control-C

Could that be as a result of the virus? Other computers on the network don't experience it and it only started recently.

Thanks for your time.

#10 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:07:02 AM

Posted 26 July 2012 - 07:23 AM

This can be a problem from an infection, but it must not.


Download ComboFix from this location:

Link 1



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#11 kuleke

kuleke
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester/Lagos
  • Local time:05:02 AM

Posted 26 July 2012 - 09:52 AM

Hi,

I had to end the process for Norton 360 cause it kept saying it could still see it even though I'd disabled everything. Below is the ComboFix log:

ComboFix 12-07-27.01 - Ahmed Oyeleke 26/07/2012 13:52:22.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4021.2309 [GMT 1:00]
Running from: c:\users\Ahmed Oyeleke.Kuleke-PC\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
c:\windows\iun6002.exe
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-26 14:38 . 2012-07-26 14:38 -------- d-----w- c:\users\SingleClick Admin\AppData\Local\temp
2012-07-26 14:38 . 2012-07-26 14:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-24 08:36 . 2012-07-24 08:36 -------- d-----w- c:\users\Ahmed Oyeleke.Kuleke-PC\AppData\Roaming\Edraw Max
2012-07-24 05:06 . 2012-07-24 05:06 -------- d-----w- C:\Temp
2012-07-24 04:52 . 2012-07-24 04:52 -------- d-----w- c:\users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Samsung
2012-07-24 04:52 . 2012-07-24 04:52 -------- d-----w- c:\users\Ahmed Oyeleke.Kuleke-PC\AppData\Roaming\Samsung
2012-07-24 04:50 . 2012-05-21 02:09 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-07-24 04:50 . 2012-05-21 02:09 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-07-24 04:48 . 2012-05-23 17:50 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-07-24 04:47 . 2012-07-24 04:47 -------- d-----w- c:\program files (x86)\MarkAny
2012-07-24 04:47 . 2012-05-23 17:49 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-07-24 04:47 . 2012-07-24 04:49 -------- d-----w- c:\program files (x86)\Samsung
2012-07-24 04:47 . 2012-07-24 04:48 -------- d-----w- c:\programdata\Samsung
2012-07-22 12:22 . 2012-07-22 12:22 9226440 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-22 11:52 . 2012-07-22 12:22 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-17 21:21 . 2012-07-17 21:21 -------- d-----w- c:\users\Public\Captain America The First Avenger
2012-07-15 13:37 . 2012-07-15 13:37 -------- d-----w- c:\users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\SKIDROW
2012-07-12 20:16 . 2012-07-12 20:18 -------- d-----w- c:\users\Public\Modern Family
2012-07-12 16:37 . 2012-07-16 14:42 -------- d-----w- c:\users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\RockMelt
2012-07-11 23:16 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 17:34 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 17:34 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 17:34 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 17:34 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 17:34 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 17:34 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 17:34 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 17:34 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 17:34 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 17:34 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 17:34 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 17:34 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 17:34 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-11 17:22 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-11 17:00 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 17:00 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 17:00 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 17:00 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 17:00 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 17:00 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 16:31 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 16:31 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 16:31 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 16:31 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 16:31 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 16:31 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-11 16:31 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-11 16:31 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-11 16:31 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-11 00:34 . 2012-07-11 00:34 -------- d-sh--w- c:\users\Ahmed Oyeleke.Kuleke-PC\wc
2012-07-11 00:34 . 2012-07-11 00:34 -------- d-sh--w- c:\users\Ahmed Oyeleke.Kuleke-PC\AppData\Roaming\wyUpdate AU
2012-07-11 00:28 . 2012-05-10 15:02 424960 ----a-w- c:\windows\system32\hpb64.dll
2012-07-11 00:28 . 2012-05-10 15:01 311296 ----a-w- c:\windows\SysWow64\hpb.dll
2012-07-05 17:45 . 2012-07-05 17:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-02 21:19 . 2012-07-02 21:19 -------- d-----w- c:\program files\iPod
2012-07-02 21:19 . 2012-07-02 21:20 -------- d-----w- c:\program files\iTunes
2012-07-01 14:37 . 2012-07-01 14:37 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-01 14:37 . 2012-07-01 14:37 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-27 17:30 . 2012-07-26 12:44 -------- d-----w- c:\users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\CrashDumps
2012-06-27 13:03 . 2009-03-16 13:18 24920 ----a-w- c:\windows\system32\X3DAudio1_6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 12:22 . 2011-11-25 00:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-17 02:18 . 2011-12-18 06:54 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-17 02:17 . 2011-12-18 06:54 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-11 23:13 . 2011-11-26 10:16 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-02 19:34 . 2012-01-04 19:17 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-07-02 19:22 . 2012-01-04 19:15 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-07-02 19:22 . 2012-01-31 18:25 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-29 18:32 . 2011-12-18 06:55 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-06-19 14:08 . 2012-06-19 14:08 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-18 02:12 . 2012-06-23 00:23 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{411F5FB0-B98A-440D-B43F-8F72F1CC9AC5}\mpengine.dll
2012-06-02 22:19 . 2012-06-23 00:18 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 00:18 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 00:18 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 00:18 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 00:18 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 00:18 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 00:18 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-23 00:17 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-23 00:17 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-28 23:38 . 2012-05-28 23:38 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-05-23 17:49 . 2012-05-23 17:49 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-05-23 17:49 . 2012-05-23 17:49 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-05-23 17:49 . 2012-05-23 17:49 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-05-23 17:49 . 2012-05-23 17:49 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-05-23 17:49 . 2012-05-23 17:49 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-05-23 17:49 . 2012-05-23 17:49 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-05-23 17:49 . 2012-05-23 17:49 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-05-23 17:49 . 2012-05-23 17:49 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-05-23 17:49 . 2012-05-23 17:49 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-05-23 17:49 . 2012-05-23 17:49 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-05-23 17:49 . 2012-05-23 17:49 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-05-23 17:49 . 2012-05-23 17:49 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-05-23 17:49 . 2012-05-23 17:49 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-05-23 17:49 . 2012-05-23 17:49 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-05-23 17:49 . 2012-05-23 17:49 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-05-23 17:49 . 2012-05-23 17:49 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-05-23 17:49 . 2012-05-23 17:49 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-05-23 17:49 . 2012-05-23 17:49 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-05-23 17:49 . 2012-05-23 17:49 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-05-23 17:49 . 2012-05-23 17:49 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-05-23 17:49 . 2012-05-23 17:49 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-05-23 17:49 . 2012-05-23 17:49 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-05-23 17:49 . 2012-05-23 17:49 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-05-23 17:49 . 2012-05-23 17:49 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-05-23 17:49 . 2012-05-23 17:49 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-05-23 17:49 . 2012-05-23 17:49 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-05-23 17:49 . 2012-05-23 17:49 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-05-04 11:06 . 2012-06-19 14:00 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-19 14:00 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-19 14:00 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-19 14:00 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-19 13:59 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Athan"="c:\program files (x86)\Athan\Athan.exe" [2011-11-20 1204224]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2011-04-23 98488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2011-04-23 21:17 147640 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dsl-db;Remote Access DB;c:\program files (x86)\Common Files\SingleClick Systems\MySQL\bin\mysqld.exe [2010-12-01 6098944]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 250056]
R3 Apache2.2;Remote Access Media Server;c:\program files (x86)\Common Files\SingleClick Systems\apache\bin\httpd.exe [2011-09-09 20549]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-03-20 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-03-20 79360]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-21 99384]
R3 dsl-fs-sync;Remote Access File Sync Service;c:\program files (x86)\Common Files\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [2011-10-28 230248]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.188\McCHSvc.exe [2010-10-05 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-03-20 79360]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-21 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-26 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2011-11-24 1092728]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-04 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120724.001\IDSvia64.sys [2012-06-14 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2011-11-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2011-11-17 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-18 202752]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-04-23 2412728]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-01 80896]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-04 55808]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-05 206064]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-19 138912]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 69736]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-23 317480]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 12:23]
.
2012-07-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3538362019-1812748327-2048514568-1000Core.job
- c:\users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-10 20:41]
.
2012-07-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3538362019-1812748327-2048514568-1000UA.job
- c:\users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-10 20:41]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3538362019-1812748327-2048514568-1000Core.job
- c:\users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-24 23:46]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3538362019-1812748327-2048514568-1000UA.job
- c:\users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-24 23:46]
.
2012-07-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-07-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-09-07 3181136]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 8.8.4.4 198.6.1.1
FF - ProfilePath - c:\users\Ahmed Oyeleke.Kuleke-PC\AppData\Roaming\Mozilla\Firefox\Profiles\8bl8ep4f.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Athan - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3538362019-1812748327-2048514568-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3538362019-1812748327-2048514568-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-26 15:41:33
ComboFix-quarantined-files.txt 2012-07-26 14:41
.
Pre-Run: 233,321,525,248 bytes free
Post-Run: 232,998,895,616 bytes free
.
- - End Of File - - 27D897533DB6E2E9B75B1F15A30E9DBC

#12 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:07:02 AM

Posted 27 July 2012 - 07:38 AM

Appears also clean.

Download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.
Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.




Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Enviroment 7 Update 5 and save it to your desktop.
  • Scroll down to where it says Java SE 7 Update 5
  • Click the red Download JRE button on the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586 to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are three options in the window to clear the cache - Make sure all are checked
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.




Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Start
  • Wait for the scan to finish
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name.
  • Push the Back button.
  • Push Finish

Please post this logfile in your next reply




Please launch DDS
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop and post both in your next reply

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#13 kuleke

kuleke
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester/Lagos
  • Local time:05:02 AM

Posted 27 July 2012 - 12:58 PM

The ESET scan detected nothing but didn't give me an option to log results, just something about purchasing the antivirus program. Here are the other results:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.27.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ahmed Oyeleke :: KULEKE-PC [administrator]

27/07/2012 14:49:22
mbam-log-2012-07-27 (14-49-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240664
Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


DDS:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by Ahmed Oyeleke at 18:54:41 on 2012-07-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4021.1545 [GMT 1:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Common Files\SingleClick Systems\MySQL\bin\mysqld.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Athan\Athan.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Face recognition web login for FastAccess: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Athan] C:\Program Files (x86)\Athan\Athan.exe
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [FAStartup]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\AHMEDO~1.KUL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{47B174ED-BCF2-411C-9B18-2AB40748485C} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{47B174ED-BCF2-411C-9B18-2AB40748485C}\05562756762796E656 : DhcpNameServer = 8.8.4.4 198.6.1.1
TCP: Interfaces\{47B174ED-BCF2-411C-9B18-2AB40748485C}\3575946445024374022425F414442414E444 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{47B174ED-BCF2-411C-9B18-2AB40748485C}\57C647271626F6F6B6 : DhcpNameServer = 192.168.137.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Face recognition web login for FastAccess: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: SSOIEAddonBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Athan] C:\Program Files (x86)\Athan\Athan.exe
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [FAStartup]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Roaming\Mozilla\Firefox\Profiles\8bl8ep4f.default\
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-12 1161376]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120726.001\IDSviA64.sys [2012-7-26 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 dsl-db;Remote Access DB;C:\Program Files (x86)\Common Files\SingleClick Systems\MySQL\bin\mysqld.exe [2010-12-1 6098944]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-4-23 2412728]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccsvchst.exe [2012-6-19 138232]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-20 1692480]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-19 138912]
R3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-22 250056]
S3 Apache2.2;Remote Access Media Server;C:\Program Files (x86)\Common Files\SingleClick Systems\apache\bin\httpd.exe [2011-9-9 20549]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-3-20 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-3-20 79360]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 dsl-fs-sync;Remote Access File Sync Service;C:\Program Files (x86)\Common Files\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [2011-10-28 230248]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.188\McCHSvc.exe [2010-10-5 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-29 113120]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-3-20 79360]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
.
=============== Created Last 30 ================
.
2012-07-27 14:18:23 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-27 14:07:25 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-27 13:59:08 0 ----a-w- C:\Windows\System32\REN4188.tmp
2012-07-27 13:59:08 0 ----a-w- C:\Windows\System32\REN4187.tmp
2012-07-27 13:59:08 0 ----a-w- C:\Windows\System32\REN4186.tmp
2012-07-27 13:45:18 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Roaming\Malwarebytes
2012-07-27 13:45:07 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-27 13:45:06 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-27 13:45:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-26 14:46:54 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-26 12:49:06 98816 ----a-w- C:\Windows\sed.exe
2012-07-26 12:49:06 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-26 12:49:06 256000 ----a-w- C:\Windows\PEV.exe
2012-07-26 12:49:06 208896 ----a-w- C:\Windows\MBR.exe
2012-07-24 08:36:17 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Roaming\Edraw Max
2012-07-24 05:06:07 -------- d-----w- C:\Temp
2012-07-24 04:52:16 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\Samsung
2012-07-24 04:52:05 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Roaming\Samsung
2012-07-24 04:50:22 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-07-24 04:50:22 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-07-24 04:48:21 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-07-24 04:47:53 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2012-07-24 04:47:53 -------- d-----w- C:\Program Files (x86)\MarkAny
2012-07-24 04:47:21 -------- d-----w- C:\ProgramData\Samsung
2012-07-24 04:47:21 -------- d-----w- C:\Program Files (x86)\Samsung
2012-07-23 12:57:11 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\{2D796DBA-2838-41F2-BDBF-E58214BF427D}
2012-07-23 12:56:50 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\{63B0C7B5-023A-4B73-A369-5466D0FF9260}
2012-07-22 11:52:47 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-19 08:32:50 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\{24B41020-0F83-4317-959E-4A2B1B49F4D0}
2012-07-19 08:32:21 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\{1BC42D89-DA6C-474A-91EA-7642B825E526}
2012-07-16 14:10:08 -------- d-----w- C:\Windows\pss
2012-07-15 13:37:26 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\SKIDROW
2012-07-12 16:37:01 -------- d-----w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Local\RockMelt
2012-07-11 23:16:57 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 17:34:20 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-07-11 17:34:20 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2012-07-11 17:34:20 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 17:34:20 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-07-11 17:34:20 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-07-11 17:34:20 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 17:34:20 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 17:34:20 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-07-11 17:34:20 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 17:34:20 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-11 17:34:20 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 17:34:20 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-07-11 17:34:20 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 17:00:29 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 17:00:29 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 17:00:28 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 17:00:28 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 17:00:28 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 17:00:28 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-11 16:31:07 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-11 16:31:06 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-07-11 16:31:06 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-11 16:31:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-07-11 16:31:06 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-11 16:31:06 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-11 16:31:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-11 16:31:06 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-11 16:31:06 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-07-11 00:34:36 -------- d-sh--w- C:\Users\Ahmed Oyeleke.Kuleke-PC\wc
2012-07-11 00:34:05 -------- d-sh--w- C:\Users\Ahmed Oyeleke.Kuleke-PC\AppData\Roaming\wyUpdate AU
2012-07-11 00:28:54 424960 ----a-w- C:\Windows\System32\hpb64.dll
2012-07-11 00:28:49 311296 ----a-w- C:\Windows\SysWow64\hpb.dll
2012-07-05 17:45:34 5030088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-02 21:19:09 -------- d-----w- C:\Program Files\iPod
2012-07-02 21:19:08 -------- d-----w- C:\Program Files\iTunes
2012-07-01 14:37:49 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-01 14:37:49 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-07-27 14:07:06 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-26 20:22:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-19 14:08:19 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-28 23:38:50 330240 ----a-w- C:\Windows\MASetupCaller.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
.
============= FINISH: 18:55:32.24 ===============

Attached Files



#14 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:07:02 AM

Posted 28 July 2012 - 06:48 AM

All is looking good here :thumbup2:


Any open issues ?
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#15 kuleke

kuleke
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester/Lagos
  • Local time:05:02 AM

Posted 30 July 2012 - 07:52 AM

Nope, its all gone. the spikes have disappeared too :D. Thanks a lot!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users