Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect and IE8 lockup


  • This topic is locked This topic is locked
18 replies to this topic

#1 buzzerman

buzzerman

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 30 July 2012 - 06:50 PM

Please help you wizards of the web. I have been here before and have been extremely satisfied. It seems I need help again.

System; Windows XP Media
Internet; IE8
Protection; Norton Antivirus 2011 with Antispyware

Problem; Had some very nasty stuff that I was mostly able to cure with Norton. However, I still seem to have some remnants wreaking havok. Links from my favorites almost always get redirected to crap sites the first time, but always connect correctly the second time. This is annoying enough but tolerable. What is not tolerable is that IE8 crashes/locks up frequently and control/alt/delete is required to end application. This takes forever (1 to 2 minutes to shut down). I can immediately reenter explorer, but invariably, the crash will happen again.

I'm confident that some report will show a knowlegable professional where and what is wrong in my registry. Please help me to send you the right report and get me back to normalcy.

Thank you to whomever in advance. I will be diligent in the duties prescribed and generous in my praise..

Best regards,
Buzzerman

BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 03 August 2012 - 09:39 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, Buzzerman

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

Do you still need help with this?


---------------------------------------------------------------------------------------------------
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 buzzerman

buzzerman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 04 August 2012 - 06:21 AM

Thank you, Conspire!

Yes I am still in need of your help. Ready when you are.

#4 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 04 August 2012 - 07:58 AM

Hello there,

Alright then, let's get started :)

Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
===================================================

Posted Image
  • Please download GMER from one of the following locations, and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zip Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Extract the contents of the zipped file to desktop (applicable only to Zip mirror) .
  • Double click Posted Image or Posted Image on your desktop.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    Posted Image

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


===================================================

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===================================================

On your next reply please post :
DDS log
GMER log
Checkup log

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 buzzerman

buzzerman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 04 August 2012 - 05:09 PM

Thanks Conspire, attachments follow:

DDS (Ver_10-11-10.01) - NTFSx86
Run by Dave at 16:53:52.09 on Sat 08/04/2012
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2324 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Dave\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.mediacomtoday.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.7.1.3\ips\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} -
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Itibiti.exe] c:\program files\itibiti soft phone\Itibiti.exe
uRun: [EPSON NX510 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifia.exe /fu "c:\windows\temp\E_S36F.tmp" /EF "HKCU"
uRun: [BVRP Software] rundll32.exe "c:\documents and settings\dave\local settings\application data\cache\bvrp software\ckzrye.dll",CreateInstance
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [BVRP Software] rundll32.exe "c:\documents and settings\dave\local settings\application data\cache\bvrp software\ckzrye.dll",CreateInstance
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Digital Line Detect.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Digital Imaging Monitor.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Kodak EasyShare software.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\ymetray.lnk.disabled
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: directv.com\portal.rio
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290795716849
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://studiocams.cumulusfwb.com/axiscamcontrol.ocx
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {BD8B80A2-A1CA-49B4-85A7-28A15749AA9C} - hxxps://portal.rio.directv.com/echannelcmesm_enu/18372/applets/SiebelAx_HI_Client.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F82B1E8E-CAD4-4596-B841-87CEAA1260B5} - hxxps://portal.rio.directv.com/echannelcmesm_enu/18372/applets/SiebelAx_HI_Client.cab
DPF: {FDA978FA-D94D-4026-9D72-BF566302DAD3} - hxxps://portal.rio.directv.com/echannelcmesm_enu/18372/applets/SiebelAx_Gantt_Chart.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe
IFEO: ackwin32.exe - svchost.exe

Note: multiple IFEO entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1207010.003\symds.sys [2012-6-21 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1207010.003\symefa.sys [2012-6-21 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1207010.003\ironx86.sys [2012-6-21 136312]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2011-3-12 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2011-3-12 49152]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.7.1.3\ccsvchst.exe [2012-6-21 130008]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\ipsdefs\20120803.002\IDSXpx86.sys [2012-8-3 369632]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\virusdefs\20120803.035\NAVENG.SYS [2012-8-4 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\virusdefs\20120803.035\NAVEX15.SYS [2012-8-4 1589752]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2011-3-12 246936]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 Dot4scann;Dot4scann;c:\windows\system32\drivers\dot4scann.sys --> c:\windows\system32\drivers\Dot4scann.sys [?]
S2 gupdate1c987cb73d7a640;Google Update Service (gupdate1c987cb73d7a640);c:\program files\google\update\GoogleUpdate.exe [2009-2-5 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S2 SPService;SPService;c:\windows\system32\svchost.exe -k netsvc [2005-8-16 14336]
S3 EraserUtilDrv11210;EraserUtilDrv11210;c:\program files\common files\symantec shared\eengine\EraserUtilDrv11210.sys [2012-8-2 106656]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-1-16 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-5 133104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

=============== File Associations ===============

.scr=DWGTrueViewScriptFile

=============== Created Last 30 ================

2012-08-03 22:48:15 -------- d-sh--w- c:\documents and settings\dave\PrivacIE

==================== Find3M ====================

2012-06-20 23:20:10 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-07 15:47:11 724992 ----a-w- c:\windows\iun6002.exe

============= FINISH: 16:55:14.39 ===============

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2012-08-04 17:05:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.ZM10
Running: gmer.exe; Driver: C:\DOCUME~1\Dave\LOCALS~1\Temp\fftoapog.sys


---- System - GMER 1.0.15 ----

SSDT 89DA8318 ZwAlertResumeThread
SSDT 89DC52D8 ZwAlertThread
SSDT 89E0E2C8 ZwAllocateVirtualMemory
SSDT 89D9B218 ZwAssignProcessToJobObject
SSDT 8A2BF340 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAF747710]
SSDT 89DD22C8 ZwCreateMutant
SSDT 89E24260 ZwCreateSymbolicLinkObject
SSDT 8A257280 ZwCreateThread
SSDT 89D9B2B8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAF747990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAF747EF0]
SSDT 89DFF280 ZwDuplicateObject
SSDT 89EAB560 ZwFreeVirtualMemory
SSDT 89DB3290 ZwImpersonateAnonymousToken
SSDT 89DA8238 ZwImpersonateThread
SSDT 8A479050 ZwLoadDriver
SSDT 8A2A12F8 ZwMapViewOfSection
SSDT 89D91318 ZwOpenEvent
SSDT 89DB1240 ZwOpenProcess
SSDT 89E102B8 ZwOpenProcessToken
SSDT 89D8C290 ZwOpenSection
SSDT 89DFC260 ZwOpenThread
SSDT 89DCD220 ZwProtectVirtualMemory
SSDT 89DCF2E8 ZwResumeThread
SSDT 89D8F318 ZwSetContextThread
SSDT 89E03260 ZwSetInformationProcess
SSDT 89DC1270 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAF748140]
SSDT 89D91238 ZwSuspendProcess
SSDT 89F9D178 ZwSuspendThread
SSDT 89D92910 ZwTerminateProcess
SSDT 89D8F258 ZwTerminateThread
SSDT 8A249230 ZwUnmapViewOfSection
SSDT 89DB8260 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2F14 805047CC 4 Bytes CALL 32DA24C3
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB78BC360, 0x21235D, 0xE8000020]
? C:\DOCUME~1\Dave\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\internet explorer\iexplore.exe[3252] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 04E00048
.text C:\Program Files\internet explorer\iexplore.exe[3252] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 04E0012A
.text C:\Program Files\internet explorer\iexplore.exe[3252] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 04E00676
.text C:\Program Files\internet explorer\iexplore.exe[3252] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 04E003D0
.text C:\Program Files\internet explorer\iexplore.exe[3252] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 04E00594
.text C:\Program Files\internet explorer\iexplore.exe[3252] kernel32.dll!CreateRemoteThread + 206 7C8106D2 7 Bytes JMP 04E002EE
.text C:\Program Files\internet explorer\iexplore.exe[3252] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 04E00758
.text C:\Program Files\internet explorer\iexplore.exe[3252] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 04E004B2
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A65 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0DD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] ole32.dll!CreateBindCtx + B5F 774FF15F 3 Bytes JMP 04E0091C
.text C:\Program Files\internet explorer\iexplore.exe[3252] ole32.dll!CreateBindCtx + B63 774FF163 3 Bytes [8D, EB, F9]
.text C:\Program Files\internet explorer\iexplore.exe[3252] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB30 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3252] ole32.dll!CoImpersonateClient + 51 77515200 7 Bytes JMP 04E0083A
.text C:\Program Files\internet explorer\iexplore.exe[3252] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E756F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3788] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3788] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3788] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3788] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3788] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3788] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3788] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3788] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3788] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device AA62DD20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 09: copy of MBR

---- EOF - GMER 1.0.15 ----

Attached Files



#6 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 04 August 2012 - 09:42 PM

Hello,

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
aswMBR log
MBR.dat (attachment)
TDSS Killer log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 buzzerman

buzzerman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 05 August 2012 - 06:34 PM

Once again, thank you Conspire. Attachments follow:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-05 17:45:22
-----------------------------
17:45:22.426 OS Version: Windows 5.1.2600 Service Pack 3
17:45:22.426 Number of processors: 2 586 0xF06
17:45:22.426 ComputerName: DB05G5C1 UserName: Dave
17:45:23.114 Initialize success
17:46:56.926 AVAST engine defs: 12080501
17:47:17.676 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:47:17.676 Disk 0 Vendor: SAMSUNG_ ZM10 Size: 152587MB BusType: 3
17:47:17.707 Disk 0 MBR read successfully
17:47:17.707 Disk 0 MBR scan
17:47:17.723 Disk 0 Windows XP default MBR code
17:47:17.723 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
17:47:17.754 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147769 MB offset 112455
17:47:17.785 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 302760990
17:47:17.785 Disk 0 scanning sectors +312496380
17:47:17.848 Disk 0 scanning C:\WINDOWS\system32\drivers
17:47:29.567 Service scanning
17:47:52.879 Modules scanning
17:47:59.645 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
17:48:01.160 Disk 0 trace - called modules:
17:48:01.160 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:48:01.160 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af70968]
17:48:01.160 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8aa45030]
17:48:01.785 AVAST engine scan C:\WINDOWS
17:48:29.754 AVAST engine scan C:\WINDOWS\system32
17:51:32.707 AVAST engine scan C:\WINDOWS\system32\drivers
17:51:51.317 AVAST engine scan C:\Documents and Settings\Dave
17:53:29.051 File: C:\Documents and Settings\Dave\Desktop\OTL.exe **INFECTED** Win32:Malware-gen
17:53:38.739 File: C:\Documents and Settings\Dave\Local Settings\Application Data\Apple\tmeynvbv.dll **INFECTED** Win32:Downloader-PKV [Trj]
17:53:46.973 File: C:\Documents and Settings\Dave\Local Settings\Application Data\cache\BVRP Software\ckzrye.dll **INFECTED** Win32:Malware-gen
17:59:59.535 AVAST engine scan C:\Documents and Settings\All Users
18:07:19.207 Scan finished successfully
18:16:27.051 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dave\Desktop\MBR.dat"
18:16:27.051 The log file has been saved successfully to "C:\Documents and Settings\Dave\Desktop\aswMBR.txt"



18:25:16.0848 1280 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:25:17.0114 1280 ============================================================
18:25:17.0114 1280 Current date / time: 2012/08/05 18:25:17.0114
18:25:17.0114 1280 SystemInfo:
18:25:17.0114 1280
18:25:17.0114 1280 OS Version: 5.1.2600 ServicePack: 3.0
18:25:17.0114 1280 Product type: Workstation
18:25:17.0114 1280 ComputerName: DB05G5C1
18:25:17.0114 1280 UserName: Dave
18:25:17.0114 1280 Windows directory: C:\WINDOWS
18:25:17.0114 1280 System windows directory: C:\WINDOWS
18:25:17.0114 1280 Processor architecture: Intel x86
18:25:17.0114 1280 Number of processors: 2
18:25:17.0114 1280 Page size: 0x1000
18:25:17.0114 1280 Boot type: Normal boot
18:25:17.0114 1280 ============================================================
18:25:17.0785 1280 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:25:17.0785 1280 ============================================================
18:25:17.0785 1280 \Device\Harddisk0\DR0:
18:25:17.0801 1280 MBR partitions:
18:25:17.0801 1280 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x1209CE16
18:25:17.0801 1280 ============================================================
18:25:17.0879 1280 C: <-> \Device\Harddisk0\DR0\Partition0
18:25:17.0879 1280 ============================================================
18:25:17.0879 1280 Initialize success
18:25:17.0879 1280 ============================================================
18:25:32.0207 1388 ============================================================
18:25:32.0207 1388 Scan started
18:25:32.0207 1388 Mode: Manual;
18:25:32.0207 1388 ============================================================
18:25:32.0754 1388 aawservice (17067069b9a7865028c1f2e6971d0ccc) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
18:25:32.0754 1388 aawservice - ok
18:25:32.0895 1388 Abiosdsk - ok
18:25:32.0926 1388 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:25:32.0926 1388 abp480n5 - ok
18:25:33.0004 1388 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:25:33.0004 1388 ACPI - ok
18:25:33.0020 1388 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:25:33.0020 1388 ACPIEC - ok
18:25:33.0051 1388 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:25:33.0051 1388 adpu160m - ok
18:25:33.0082 1388 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:25:33.0098 1388 aec - ok
18:25:33.0145 1388 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:25:33.0145 1388 AFD - ok
18:25:33.0301 1388 AffinegyService (7e077309910ce334c3b2b7b8665a55c4) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
18:25:33.0317 1388 AffinegyService - ok
18:25:33.0317 1388 AFGMp50 - ok
18:25:33.0332 1388 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
18:25:33.0348 1388 AFGSp50 - ok
18:25:33.0379 1388 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:25:33.0379 1388 agp440 - ok
18:25:33.0395 1388 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:25:33.0395 1388 agpCPQ - ok
18:25:33.0426 1388 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:25:33.0426 1388 Aha154x - ok
18:25:33.0442 1388 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:25:33.0442 1388 aic78u2 - ok
18:25:33.0457 1388 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:25:33.0457 1388 aic78xx - ok
18:25:33.0504 1388 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:25:33.0504 1388 Alerter - ok
18:25:33.0535 1388 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:25:33.0535 1388 ALG - ok
18:25:33.0567 1388 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:25:33.0567 1388 AliIde - ok
18:25:33.0567 1388 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:25:33.0582 1388 alim1541 - ok
18:25:33.0582 1388 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:25:33.0582 1388 amdagp - ok
18:25:33.0598 1388 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:25:33.0598 1388 amsint - ok
18:25:33.0692 1388 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:25:33.0692 1388 Apple Mobile Device - ok
18:25:33.0739 1388 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:25:33.0754 1388 AppMgmt - ok
18:25:33.0770 1388 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:25:33.0770 1388 asc - ok
18:25:33.0785 1388 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:25:33.0785 1388 asc3350p - ok
18:25:33.0801 1388 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:25:33.0801 1388 asc3550 - ok
18:25:33.0910 1388 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:25:33.0957 1388 aspnet_state - ok
18:25:34.0004 1388 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:25:34.0004 1388 AsyncMac - ok
18:25:34.0035 1388 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:25:34.0035 1388 atapi - ok
18:25:34.0035 1388 Atdisk - ok
18:25:34.0067 1388 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:25:34.0067 1388 Atmarpc - ok
18:25:34.0114 1388 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:25:34.0114 1388 AudioSrv - ok
18:25:34.0129 1388 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:25:34.0129 1388 audstub - ok
18:25:34.0160 1388 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
18:25:34.0160 1388 BANTExt - ok
18:25:34.0254 1388 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:25:34.0254 1388 Beep - ok
18:25:34.0364 1388 Belkin Local Backup Service (defce42fe9eed1a0dc4a28fddff603c9) C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
18:25:34.0364 1388 Belkin Local Backup Service - ok
18:25:34.0364 1388 Belkin Network USB Helper (e23af2900a4e3ca7ff22f1c80a013305) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
18:25:34.0364 1388 Belkin Network USB Helper - ok
18:25:34.0629 1388 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
18:25:34.0645 1388 BHDrvx86 - ok
18:25:34.0801 1388 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:25:34.0801 1388 BITS - ok
18:25:34.0942 1388 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
18:25:34.0957 1388 Bonjour Service - ok
18:25:34.0989 1388 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:25:34.0989 1388 Browser - ok
18:25:35.0004 1388 bvrp_pci - ok
18:25:35.0035 1388 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:25:35.0035 1388 cbidf - ok
18:25:35.0035 1388 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:25:35.0035 1388 cbidf2k - ok
18:25:35.0051 1388 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:25:35.0051 1388 cd20xrnt - ok
18:25:35.0082 1388 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:25:35.0082 1388 Cdaudio - ok
18:25:35.0145 1388 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:25:35.0145 1388 Cdfs - ok
18:25:35.0160 1388 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:25:35.0160 1388 Cdrom - ok
18:25:35.0160 1388 Changer - ok
18:25:35.0207 1388 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:25:35.0207 1388 CiSvc - ok
18:25:35.0223 1388 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:25:35.0223 1388 ClipSrv - ok
18:25:35.0317 1388 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:25:35.0379 1388 clr_optimization_v2.0.50727_32 - ok
18:25:35.0410 1388 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:25:35.0410 1388 CmdIde - ok
18:25:35.0410 1388 COMSysApp - ok
18:25:35.0426 1388 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:25:35.0426 1388 Cpqarray - ok
18:25:35.0473 1388 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:25:35.0473 1388 CryptSvc - ok
18:25:35.0520 1388 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:25:35.0520 1388 dac2w2k - ok
18:25:35.0535 1388 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:25:35.0535 1388 dac960nt - ok
18:25:35.0629 1388 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:25:35.0629 1388 DcomLaunch - ok
18:25:35.0676 1388 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:25:35.0676 1388 Dhcp - ok
18:25:35.0692 1388 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:25:35.0692 1388 Disk - ok
18:25:35.0754 1388 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
18:25:35.0754 1388 DLABOIOM - ok
18:25:35.0754 1388 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
18:25:35.0754 1388 DLACDBHM - ok
18:25:35.0770 1388 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
18:25:35.0770 1388 DLADResN - ok
18:25:35.0770 1388 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
18:25:35.0785 1388 DLAIFS_M - ok
18:25:35.0785 1388 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
18:25:35.0785 1388 DLAOPIOM - ok
18:25:35.0785 1388 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
18:25:35.0785 1388 DLAPoolM - ok
18:25:35.0785 1388 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
18:25:35.0801 1388 DLARTL_N - ok
18:25:35.0801 1388 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
18:25:35.0801 1388 DLAUDFAM - ok
18:25:35.0817 1388 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
18:25:35.0817 1388 DLAUDF_M - ok
18:25:35.0817 1388 dmadmin - ok
18:25:35.0895 1388 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:25:35.0910 1388 dmboot - ok
18:25:35.0926 1388 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:25:35.0926 1388 dmio - ok
18:25:35.0942 1388 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:25:35.0942 1388 dmload - ok
18:25:35.0989 1388 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:25:35.0989 1388 dmserver - ok
18:25:36.0020 1388 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:25:36.0020 1388 DMusic - ok
18:25:36.0067 1388 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:25:36.0067 1388 Dnscache - ok
18:25:36.0114 1388 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:25:36.0114 1388 Dot3svc - ok
18:25:36.0145 1388 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
18:25:36.0145 1388 dot4 - ok
18:25:36.0176 1388 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
18:25:36.0176 1388 Dot4Print - ok
18:25:36.0192 1388 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
18:25:36.0192 1388 Dot4Scan - ok
18:25:36.0192 1388 Dot4scann - ok
18:25:36.0207 1388 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
18:25:36.0207 1388 dot4usb - ok
18:25:36.0207 1388 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:25:36.0207 1388 dpti2o - ok
18:25:36.0239 1388 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:25:36.0239 1388 drmkaud - ok
18:25:36.0285 1388 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
18:25:36.0285 1388 DRVMCDB - ok
18:25:36.0301 1388 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
18:25:36.0301 1388 DRVNDDM - ok
18:25:36.0410 1388 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
18:25:36.0410 1388 DSproct - ok
18:25:36.0442 1388 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:25:36.0442 1388 E100B - ok
18:25:36.0535 1388 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
18:25:36.0535 1388 e1express - ok
18:25:36.0582 1388 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:25:36.0582 1388 EapHost - ok
18:25:36.0660 1388 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:25:36.0660 1388 eeCtrl - ok
18:25:36.0770 1388 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
18:25:36.0770 1388 ehRecvr - ok
18:25:36.0801 1388 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
18:25:36.0801 1388 ehSched - ok
18:25:36.0879 1388 ELacpi (0923aec043f5d355b4ef0c2b29a362de) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
18:25:36.0879 1388 ELacpi - ok
18:25:36.0910 1388 ELhid (cbd71e7772f92bfb85ccc302b2deefba) C:\WINDOWS\System32\Drivers\Elhid.sys
18:25:36.0926 1388 ELhid - ok
18:25:36.0926 1388 ELkbd (ac75b576c45d144e146fd1f0576a1f53) C:\WINDOWS\System32\Drivers\Elkbd.sys
18:25:36.0926 1388 ELkbd - ok
18:25:36.0942 1388 ELmon (483cce5e40137d4e437f4def55c80007) C:\WINDOWS\System32\Drivers\Elmon.sys
18:25:36.0942 1388 ELmon - ok
18:25:36.0942 1388 ELmou (8e88cafeac0812bf2d15beeedfcce8bd) C:\WINDOWS\System32\Drivers\Elmou.sys
18:25:36.0942 1388 ELmou - ok
18:25:37.0020 1388 ELService (47fcf6628e1a221c41f3f0130fbf258e) C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
18:25:37.0035 1388 ELService - ok
18:25:37.0082 1388 EraserUtilDrv11210 (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys
18:25:37.0098 1388 EraserUtilDrv11210 - ok
18:25:37.0145 1388 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:25:37.0145 1388 ERSvc - ok
18:25:37.0192 1388 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:25:37.0192 1388 Eventlog - ok
18:25:37.0254 1388 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:25:37.0270 1388 EventSystem - ok
18:25:37.0317 1388 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:25:37.0317 1388 Fastfat - ok
18:25:37.0379 1388 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:25:37.0379 1388 FastUserSwitchingCompatibility - ok
18:25:37.0442 1388 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
18:25:37.0442 1388 Fax - ok
18:25:37.0457 1388 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:25:37.0457 1388 Fdc - ok
18:25:37.0473 1388 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:25:37.0473 1388 Fips - ok
18:25:37.0598 1388 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:25:37.0598 1388 FLEXnet Licensing Service - ok
18:25:37.0629 1388 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:25:37.0629 1388 Flpydisk - ok
18:25:37.0692 1388 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:25:37.0692 1388 FltMgr - ok
18:25:37.0723 1388 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
18:25:37.0723 1388 FlyUsb - ok
18:25:37.0848 1388 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:25:37.0848 1388 FontCache3.0.0.0 - ok
18:25:37.0879 1388 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:25:37.0895 1388 Fs_Rec - ok
18:25:37.0926 1388 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:25:37.0926 1388 Ftdisk - ok
18:25:38.0098 1388 GameConsoleService (3eafdd637416393722aa98e940dfd0a0) C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
18:25:38.0098 1388 GameConsoleService - ok
18:25:38.0145 1388 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:25:38.0160 1388 GEARAspiWDM - ok
18:25:38.0239 1388 GoogleDesktopManager (77eb5a46bea37a1c720d3d2a441253f5) C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
18:25:38.0239 1388 GoogleDesktopManager - ok
18:25:38.0285 1388 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:25:38.0301 1388 Gpc - ok
18:25:38.0348 1388 gupdate1c987cb73d7a640 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
18:25:38.0364 1388 gupdate1c987cb73d7a640 - ok
18:25:38.0364 1388 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
18:25:38.0364 1388 gupdatem - ok
18:25:38.0426 1388 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:25:38.0426 1388 HDAudBus - ok
18:25:38.0520 1388 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:25:38.0520 1388 helpsvc - ok
18:25:38.0567 1388 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:25:38.0582 1388 HidServ - ok
18:25:38.0614 1388 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:25:38.0614 1388 HidUsb - ok
18:25:38.0645 1388 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:25:38.0660 1388 hkmsvc - ok
18:25:38.0692 1388 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:25:38.0692 1388 hpn - ok
18:25:38.0739 1388 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:25:38.0739 1388 HPZid412 - ok
18:25:38.0770 1388 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:25:38.0770 1388 HPZipr12 - ok
18:25:38.0785 1388 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:25:38.0785 1388 HPZius12 - ok
18:25:38.0785 1388 HSFHWBS2 - ok
18:25:38.0801 1388 HSF_DP - ok
18:25:38.0926 1388 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
18:25:38.0942 1388 HSF_DPV - ok
18:25:39.0082 1388 HSXHWBS2 (f13eb2f8c0c1ca7bec4cc711be657d67) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
18:25:39.0082 1388 HSXHWBS2 - ok
18:25:39.0145 1388 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:25:39.0145 1388 HTTP - ok
18:25:39.0192 1388 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:25:39.0192 1388 HTTPFilter - ok
18:25:39.0254 1388 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:25:39.0254 1388 i2omgmt - ok
18:25:39.0285 1388 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:25:39.0285 1388 i2omp - ok
18:25:39.0317 1388 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:25:39.0317 1388 i8042prt - ok
18:25:39.0442 1388 IAANTMON (b122be74e283a2bc7febc180bfd2efd5) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
18:25:39.0442 1388 IAANTMON - ok
18:25:39.0473 1388 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys
18:25:39.0473 1388 iaStor - ok
18:25:39.0567 1388 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:25:39.0567 1388 IDriverT - ok
18:25:39.0801 1388 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120803.002\IDSxpx86.sys
18:25:39.0801 1388 IDSxpx86 - ok
18:25:39.0848 1388 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:25:39.0848 1388 Imapi - ok
18:25:39.0895 1388 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:25:39.0895 1388 ImapiService - ok
18:25:39.0926 1388 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:25:39.0926 1388 ini910u - ok
18:25:39.0942 1388 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:25:39.0942 1388 IntelIde - ok
18:25:40.0004 1388 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:25:40.0004 1388 intelppm - ok
18:25:40.0020 1388 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:25:40.0035 1388 Ip6Fw - ok
18:25:40.0035 1388 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:25:40.0035 1388 IpFilterDriver - ok
18:25:40.0051 1388 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:25:40.0051 1388 IpInIp - ok
18:25:40.0098 1388 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:25:40.0098 1388 IpNat - ok
18:25:40.0160 1388 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:25:40.0160 1388 IPSec - ok
18:25:40.0192 1388 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:25:40.0192 1388 IRENUM - ok
18:25:40.0239 1388 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:25:40.0239 1388 isapnp - ok
18:25:40.0426 1388 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program Files\Java\jre6\bin\jqs.exe
18:25:40.0442 1388 JavaQuickStarterService - ok
18:25:40.0457 1388 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:25:40.0457 1388 Kbdclass - ok
18:25:40.0473 1388 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:25:40.0473 1388 kbdhid - ok
18:25:40.0504 1388 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:25:40.0520 1388 kmixer - ok
18:25:40.0535 1388 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:25:40.0535 1388 KSecDD - ok
18:25:40.0582 1388 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:25:40.0582 1388 lanmanserver - ok
18:25:40.0629 1388 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:25:40.0629 1388 lanmanworkstation - ok
18:25:40.0629 1388 lbrtfdc - ok
18:25:41.0145 1388 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
18:25:41.0317 1388 LeapFrog Connect Device Service - ok
18:25:41.0473 1388 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:25:41.0473 1388 LmHosts - ok
18:25:41.0582 1388 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:25:41.0582 1388 MDM - ok
18:25:41.0629 1388 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:25:41.0629 1388 mdmxsdk - ok
18:25:41.0645 1388 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:25:41.0660 1388 Messenger - ok
18:25:41.0692 1388 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
18:25:41.0692 1388 MHN - ok
18:25:41.0723 1388 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
18:25:41.0723 1388 MHNDRV - ok
18:25:41.0801 1388 Microsoft SharePoint Workspace Audit Service - ok
18:25:41.0832 1388 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:25:41.0848 1388 mnmdd - ok
18:25:41.0879 1388 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:25:41.0879 1388 mnmsrvc - ok
18:25:41.0910 1388 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:25:41.0910 1388 Modem - ok
18:25:41.0942 1388 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:25:41.0942 1388 MODEMCSA - ok
18:25:41.0973 1388 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:25:41.0973 1388 Mouclass - ok
18:25:42.0020 1388 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:25:42.0020 1388 mouhid - ok
18:25:42.0035 1388 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:25:42.0035 1388 MountMgr - ok
18:25:42.0067 1388 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:25:42.0067 1388 mraid35x - ok
18:25:42.0082 1388 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:25:42.0082 1388 MRxDAV - ok
18:25:42.0192 1388 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:25:42.0192 1388 MRxSmb - ok
18:25:42.0239 1388 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:25:42.0239 1388 MSDTC - ok
18:25:42.0254 1388 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:25:42.0254 1388 Msfs - ok
18:25:42.0254 1388 MSIServer - ok
18:25:42.0270 1388 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:25:42.0270 1388 MSKSSRV - ok
18:25:42.0270 1388 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:25:42.0270 1388 MSPCLOCK - ok
18:25:42.0285 1388 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:25:42.0285 1388 MSPQM - ok
18:25:42.0332 1388 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:25:42.0332 1388 mssmbios - ok
18:25:42.0364 1388 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:25:42.0364 1388 Mup - ok
18:25:42.0395 1388 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys
18:25:42.0395 1388 NAL - ok
18:25:42.0442 1388 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:25:42.0457 1388 napagent - ok
18:25:42.0567 1388 NAV (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
18:25:42.0567 1388 NAV - ok
18:25:42.0879 1388 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120804.009\NAVENG.SYS
18:25:42.0879 1388 NAVENG - ok
18:25:42.0989 1388 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120804.009\NAVEX15.SYS
18:25:43.0020 1388 NAVEX15 - ok
18:25:43.0207 1388 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:25:43.0207 1388 NDIS - ok
18:25:43.0254 1388 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:25:43.0270 1388 NdisTapi - ok
18:25:43.0270 1388 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:25:43.0270 1388 Ndisuio - ok
18:25:43.0285 1388 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:25:43.0285 1388 NdisWan - ok
18:25:43.0332 1388 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:25:43.0332 1388 NDProxy - ok
18:25:43.0348 1388 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:25:43.0348 1388 NetBIOS - ok
18:25:43.0379 1388 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:25:43.0379 1388 NetBT - ok
18:25:43.0426 1388 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:25:43.0426 1388 NetDDE - ok
18:25:43.0442 1388 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:25:43.0442 1388 NetDDEdsdm - ok
18:25:43.0473 1388 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:25:43.0473 1388 Netlogon - ok
18:25:43.0504 1388 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:25:43.0504 1388 Netman - ok
18:25:43.0567 1388 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:25:43.0582 1388 Nla - ok
18:25:43.0582 1388 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:25:43.0582 1388 Npfs - ok
18:25:43.0629 1388 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:25:43.0645 1388 Ntfs - ok
18:25:43.0645 1388 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:25:43.0645 1388 NtLmSsp - ok
18:25:43.0723 1388 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:25:43.0723 1388 NtmsSvc - ok
18:25:43.0770 1388 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:25:43.0770 1388 Null - ok
18:25:44.0067 1388 nv (449220e13e94b64ebfdc788e97ec9222) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:25:44.0114 1388 nv - ok
18:25:44.0285 1388 NVSvc (2f7cd9d1bb1948da19cf51e76550fd68) C:\WINDOWS\system32\nvsvc32.exe
18:25:44.0285 1388 NVSvc - ok
18:25:44.0317 1388 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:25:44.0317 1388 NwlnkFlt - ok
18:25:44.0317 1388 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:25:44.0317 1388 NwlnkFwd - ok
18:25:44.0395 1388 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:25:44.0395 1388 ose - ok
18:25:44.0770 1388 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:25:44.0832 1388 osppsvc - ok
18:25:45.0020 1388 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:25:45.0020 1388 Parport - ok
18:25:45.0035 1388 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:25:45.0051 1388 PartMgr - ok
18:25:45.0067 1388 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:25:45.0067 1388 ParVdm - ok
18:25:45.0082 1388 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:25:45.0082 1388 PCI - ok
18:25:45.0082 1388 PCIDump - ok
18:25:45.0098 1388 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:25:45.0098 1388 PCIIde - ok
18:25:45.0129 1388 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:25:45.0129 1388 Pcmcia - ok
18:25:45.0129 1388 pctplsg - ok
18:25:45.0129 1388 PDCOMP - ok
18:25:45.0145 1388 PDFRAME - ok
18:25:45.0145 1388 PDRELI - ok
18:25:45.0145 1388 PDRFRAME - ok
18:25:45.0160 1388 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:25:45.0160 1388 perc2 - ok
18:25:45.0176 1388 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:25:45.0176 1388 perc2hib - ok
18:25:45.0239 1388 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:25:45.0239 1388 PlugPlay - ok
18:25:45.0285 1388 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
18:25:45.0285 1388 Pml Driver HPZ12 - ok
18:25:45.0317 1388 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:25:45.0317 1388 PolicyAgent - ok
18:25:45.0332 1388 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:25:45.0332 1388 PptpMiniport - ok
18:25:45.0332 1388 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:25:45.0332 1388 ProtectedStorage - ok
18:25:45.0348 1388 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:25:45.0348 1388 PSched - ok
18:25:45.0348 1388 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:25:45.0348 1388 Ptilink - ok
18:25:45.0379 1388 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:25:45.0379 1388 PxHelp20 - ok
18:25:45.0410 1388 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:25:45.0410 1388 ql1080 - ok
18:25:45.0426 1388 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:25:45.0426 1388 Ql10wnt - ok
18:25:45.0442 1388 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:25:45.0442 1388 ql12160 - ok
18:25:45.0457 1388 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:25:45.0457 1388 ql1240 - ok
18:25:45.0473 1388 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:25:45.0473 1388 ql1280 - ok
18:25:45.0520 1388 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:25:45.0520 1388 RasAcd - ok
18:25:45.0567 1388 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:25:45.0567 1388 RasAuto - ok
18:25:45.0582 1388 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:25:45.0582 1388 Rasl2tp - ok
18:25:45.0629 1388 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:25:45.0629 1388 RasMan - ok
18:25:45.0645 1388 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:25:45.0645 1388 RasPppoe - ok
18:25:45.0660 1388 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:25:45.0660 1388 Raspti - ok
18:25:45.0692 1388 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:25:45.0692 1388 Rdbss - ok
18:25:45.0692 1388 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:25:45.0692 1388 RDPCDD - ok
18:25:45.0723 1388 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:25:45.0723 1388 rdpdr - ok
18:25:45.0770 1388 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
18:25:45.0770 1388 RDPWD - ok
18:25:45.0801 1388 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:25:45.0801 1388 RDSessMgr - ok
18:25:45.0848 1388 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:25:45.0848 1388 redbook - ok
18:25:45.0895 1388 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:25:45.0895 1388 RemoteAccess - ok
18:25:45.0942 1388 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:25:45.0942 1388 RemoteRegistry - ok
18:25:45.0973 1388 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:25:45.0989 1388 RpcLocator - ok
18:25:46.0051 1388 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:25:46.0051 1388 RpcSs - ok
18:25:46.0098 1388 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:25:46.0098 1388 RSVP - ok
18:25:46.0129 1388 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:25:46.0145 1388 SamSs - ok
18:25:46.0160 1388 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:25:46.0176 1388 SCardSvr - ok
18:25:46.0223 1388 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:25:46.0223 1388 Schedule - ok
18:25:46.0332 1388 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:25:46.0332 1388 Secdrv - ok
18:25:46.0348 1388 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:25:46.0348 1388 seclogon - ok
18:25:46.0364 1388 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:25:46.0364 1388 SENS - ok
18:25:46.0395 1388 Ser2pl (2d7ebbee1addaa91704db206205073d3) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
18:25:46.0395 1388 Ser2pl - ok
18:25:46.0442 1388 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:25:46.0442 1388 serenum - ok
18:25:46.0473 1388 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:25:46.0473 1388 Serial - ok
18:25:46.0489 1388 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:25:46.0489 1388 Sfloppy - ok
18:25:46.0551 1388 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:25:46.0567 1388 SharedAccess - ok
18:25:46.0614 1388 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:25:46.0629 1388 ShellHWDetection - ok
18:25:46.0629 1388 Simbad - ok
18:25:46.0676 1388 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:25:46.0676 1388 sisagp - ok
18:25:47.0051 1388 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:25:47.0098 1388 Skype C2C Service - ok
18:25:47.0207 1388 SkypeUpdate (8c5477eb1c03ca76cd8eb66a610a9e90) C:\Program Files\Skype\Updater\Updater.exe
18:25:47.0207 1388 SkypeUpdate - ok
18:25:47.0410 1388 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:25:47.0410 1388 Sparrow - ok
18:25:47.0442 1388 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:25:47.0442 1388 splitter - ok
18:25:47.0504 1388 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:25:47.0504 1388 Spooler - ok
18:25:47.0614 1388 sprtsvc_ddoctorv2 (c3716ec0d36ad924b6888d794563e647) C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
18:25:47.0614 1388 sprtsvc_ddoctorv2 - ok
18:25:47.0754 1388 SPService - ok
18:25:47.0770 1388 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:25:47.0770 1388 sr - ok
18:25:47.0832 1388 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:25:47.0832 1388 srservice - ok
18:25:47.0942 1388 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NAV\1207010.003\SRTSP.SYS
18:25:47.0957 1388 SRTSP - ok
18:25:47.0973 1388 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NAV\1207010.003\SRTSPX.SYS
18:25:47.0973 1388 SRTSPX - ok
18:25:48.0035 1388 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:25:48.0035 1388 Srv - ok
18:25:48.0051 1388 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:25:48.0067 1388 SSDPSRV - ok
18:25:48.0145 1388 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
18:25:48.0160 1388 STHDA - ok
18:25:48.0332 1388 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:25:48.0332 1388 stisvc - ok
18:25:48.0410 1388 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:25:48.0410 1388 swenum - ok
18:25:48.0426 1388 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:25:48.0426 1388 swmidi - ok
18:25:48.0442 1388 SwPrv - ok
18:25:48.0504 1388 sxuptp (c8a43978dadcf12b7e40a0577227dfbc) C:\WINDOWS\system32\DRIVERS\sxuptp.sys
18:25:48.0520 1388 sxuptp - ok
18:25:48.0535 1388 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:25:48.0535 1388 symc810 - ok
18:25:48.0551 1388 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:25:48.0551 1388 symc8xx - ok
18:25:48.0614 1388 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NAV\1207010.003\SYMDS.SYS
18:25:48.0629 1388 SymDS - ok
18:25:48.0692 1388 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NAV\1207010.003\SYMEFA.SYS
18:25:48.0707 1388 SymEFA - ok
18:25:48.0754 1388 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:25:48.0754 1388 SymEvent - ok
18:25:48.0801 1388 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NAV\1207010.003\Ironx86.SYS
18:25:48.0801 1388 SymIRON - ok
18:25:48.0879 1388 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\NAV\1207010.003\SYMTDI.SYS
18:25:48.0895 1388 SYMTDI - ok
18:25:48.0926 1388 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:25:48.0926 1388 sym_hi - ok
18:25:48.0942 1388 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:25:48.0942 1388 sym_u3 - ok
18:25:48.0973 1388 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:25:48.0973 1388 sysaudio - ok
18:25:49.0020 1388 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:25:49.0020 1388 SysmonLog - ok
18:25:49.0082 1388 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:25:49.0082 1388 TapiSrv - ok
18:25:49.0160 1388 Tcpip (456e0f5b9beb184521b0ee8fa7cc92c7) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:25:49.0176 1388 Tcpip - ok
18:25:49.0207 1388 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:25:49.0207 1388 TDPIPE - ok
18:25:49.0223 1388 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:25:49.0223 1388 TDTCP - ok
18:25:49.0254 1388 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:25:49.0254 1388 TermDD - ok
18:25:49.0285 1388 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:25:49.0301 1388 TermService - ok
18:25:49.0301 1388 TfFsMon - ok
18:25:49.0301 1388 TfNetMon - ok
18:25:49.0301 1388 TfSysMon - ok
18:25:49.0364 1388 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:25:49.0364 1388 Themes - ok
18:25:49.0410 1388 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:25:49.0426 1388 TlntSvr - ok
18:25:49.0535 1388 TomTomHOMEService (69a7b3e2da1d754ed33de11e52b7f0d3) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
18:25:49.0535 1388 TomTomHOMEService - ok
18:25:49.0567 1388 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:25:49.0567 1388 TosIde - ok
18:25:49.0614 1388 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:25:49.0614 1388 TrkWks - ok
18:25:49.0645 1388 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:25:49.0645 1388 Udfs - ok
18:25:49.0676 1388 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:25:49.0676 1388 ultra - ok
18:25:49.0754 1388 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:25:49.0754 1388 Update - ok
18:25:49.0817 1388 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:25:49.0817 1388 upnphost - ok
18:25:49.0832 1388 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:25:49.0848 1388 UPS - ok
18:25:49.0879 1388 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:25:49.0879 1388 USBAAPL - ok
18:25:49.0926 1388 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:25:49.0926 1388 usbccgp - ok
18:25:49.0942 1388 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:25:49.0942 1388 usbehci - ok
18:25:49.0957 1388 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:25:49.0957 1388 usbhub - ok
18:25:49.0973 1388 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:25:49.0973 1388 usbprint - ok
18:25:49.0989 1388 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:25:49.0989 1388 usbscan - ok
18:25:50.0004 1388 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:25:50.0004 1388 USBSTOR - ok
18:25:50.0004 1388 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:25:50.0004 1388 usbuhci - ok
18:25:50.0082 1388 Ventrilo - ok
18:25:50.0114 1388 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:25:50.0114 1388 VgaSave - ok
18:25:50.0145 1388 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:25:50.0145 1388 viaagp - ok
18:25:50.0160 1388 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:25:50.0160 1388 ViaIde - ok
18:25:50.0207 1388 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:25:50.0207 1388 VolSnap - ok
18:25:50.0254 1388 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:25:50.0270 1388 VSS - ok
18:25:50.0301 1388 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:25:50.0301 1388 w32time - ok
18:25:50.0332 1388 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:25:50.0332 1388 Wanarp - ok
18:25:50.0332 1388 wanatw - ok
18:25:50.0332 1388 WDICA - ok
18:25:50.0348 1388 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:25:50.0364 1388 wdmaud - ok
18:25:50.0379 1388 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:25:50.0379 1388 WebClient - ok
18:25:50.0473 1388 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
18:25:50.0473 1388 winachsf - ok
18:25:50.0582 1388 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:25:50.0582 1388 winmgmt - ok
18:25:50.0785 1388 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:25:50.0817 1388 wlidsvc - ok
18:25:50.0942 1388 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
18:25:50.0957 1388 WmdmPmSN - ok
18:25:51.0035 1388 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:25:51.0051 1388 Wmi - ok
18:25:51.0145 1388 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:25:51.0145 1388 WmiApSrv - ok
18:25:51.0317 1388 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:25:51.0332 1388 WMPNetworkSvc - ok
18:25:51.0489 1388 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:25:51.0489 1388 wscsvc - ok
18:25:51.0504 1388 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:25:51.0504 1388 wuauserv - ok
18:25:51.0582 1388 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:25:51.0582 1388 WudfPf - ok
18:25:51.0598 1388 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:25:51.0598 1388 WudfRd - ok
18:25:51.0614 1388 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:25:51.0629 1388 WudfSvc - ok
18:25:51.0692 1388 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:25:51.0707 1388 WZCSVC - ok
18:25:51.0754 1388 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\WINDOWS\system32\DRIVERS\xaudio.sys
18:25:51.0754 1388 XAudio - ok
18:25:51.0801 1388 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\WINDOWS\system32\DRIVERS\xaudio.exe
18:25:51.0817 1388 XAudioService - ok
18:25:51.0879 1388 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:25:51.0879 1388 xmlprov - ok
18:25:51.0895 1388 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:25:52.0301 1388 \Device\Harddisk0\DR0 - ok
18:25:52.0301 1388 Boot (0x1200) (997a0604905ca4e4fb1ff919efcdafcc) \Device\Harddisk0\DR0\Partition0
18:25:52.0301 1388 \Device\Harddisk0\DR0\Partition0 - ok
18:25:52.0301 1388 ============================================================
18:25:52.0301 1388 Scan finished
18:25:52.0301 1388 ============================================================
18:25:52.0317 2280 Detected object count: 0
18:25:52.0317 2280 Actual detected object count: 0
18:26:13.0879 2248 Deinitialize success

#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 05 August 2012 - 10:43 PM

Hi,

You're welcome :)

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications

====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 buzzerman

buzzerman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 06 August 2012 - 05:16 PM

Here you go. The post was too long to paste so I attached it.

Attached Files



#10 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 06 August 2012 - 10:40 PM

You have ( Limewire ), a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.

I would recommend that you uninstall it, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


===================================================

Go to My Computer-> Tools-> Folder Options-> View tab:
  • Under the Hidden files and folders heading:
  • Select - Show hidden files and folders.
  • Uncheck- Hide protected operating system files (recommended) option.
  • Also, make sure there is no checkmark beside Hide file extensions for known file types.
  • Click OK. (Remember to Hide files and folders once done)

Please go to one of the below sites to scan the following files:
Virus Total (Recommended)
jotti.org
VirScan


click on Browse, and upload the following file for analysis:
c:\windows\system32\drivers\tcpip.sys

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link(for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 buzzerman

buzzerman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 07 August 2012 - 06:03 AM

Thanks again Conspire. tcpip.sys seems clean.

Analysis completed.
SHA256: 078bc33dd92b3f5647008c899c6bf6aa4f779624fc3dee2117b7dbc12a0b836d
SHA1: 521a47a6965254a74a4a493441acae721b147632
MD5: 456e0f5b9beb184521b0ee8fa7cc92c7
File size: 353.1 KB ( 361600 bytes )
File name: C:\WINDOWS\system32\drivers\tcpip.sys
File type: Win32 EXE
Detection ratio: 0 / 42
Analysis date: 2012-08-07 10:57:14 UTC ( 0 minutes ago )

00More details
Antivirus Result Update
AhnLab-V3 - 20120805
AntiVir - 20120806
Antiy-AVL - 20120804
Avast - 20120806
AVG - 20120806
BitDefender - 20120806
ByteHero - 20120723
CAT-QuickHeal - 20120806
ClamAV - 20120806
Commtouch - 20120806
Comodo - 20120806
DrWeb - 20120806
Emsisoft - 20120806
eSafe - 20120805
ESET-NOD32 - 20120806
F-Prot - 20120806
F-Secure - 20120806
Fortinet - 20120806
GData - 20120806
Ikarus - 20120806
Jiangmin - 20120806
K7AntiVirus - 20120805
Kaspersky - 20120806
McAfee - 20120806
McAfee-GW-Edition - 20120806
Microsoft - 20120806
Norman - 20120805
nProtect - 20120806
Panda - 20120806
PCTools - 20120806
Rising - 20120806
Sophos - 20120806
SUPERAntiSpyware - 20120805
Symantec - 20120806
TheHacker - 20120805
TotalDefense - 20120806
TrendMicro - 20120806
TrendMicro-HouseCall - 20120806
VBA32 - 20120803
VIPRE - 20120806
ViRobot - 20120806
VirusBuster - 20120805

#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 07 August 2012 - 06:52 AM

Hi,

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
===================================================

Save log before uninstall


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push Posted Image
===================================================

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


===================================================

On your next reply please post :
ESET log
MBAM log
How is your computer behaving?


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#13 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 09 August 2012 - 11:48 PM

Still with me?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#14 buzzerman

buzzerman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 10 August 2012 - 09:33 AM

Yes, still here. Ran ESET and it found and cleaned 12 objects. Didn't see a way to save this log. MBAM log follows:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.10.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dave :: DB05G5C1 [administrator]

8/10/2012 9:18:43 AM
mbam-log-2012-08-10 (09-18-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 268380
Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: bfe44a50d6b6119a6d4409c6d8befc51 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 10 August 2012 - 10:06 AM

Everything running fine?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users