Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search issue


  • This topic is locked This topic is locked
15 replies to this topic

#1 dmh

dmh

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 24 August 2012 - 09:37 PM

From previous post boopme asked me to run several diagnostics and post DDS and GMER logs to this site. Starting a couple of days ago when I searched using Google it returned a blank page. Using another search engine like Yahoo works fine. I'd run MalwareBytes which showed no problems. I'm using Windows XP and Internet Explorer 8.0 I've not downloaded any software or made system changes recently.

Boopme had previously had me ipconfig/flushdns and a debugging of HOSTS file but neither helped.

I really appreciate all of the help and guidance. Thank you. Copies of the dds.txt, attach.txt and ark.txt are attached. The dds.txt log follows:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by 8 at 21:08:41 on 2012-08-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1979 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\tcpsvcs.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=US&userid=2ffec369-92c1-4428-9136-989ebf7458fa&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=US&userid=2ffec369-92c1-4428-9136-989ebf7458fa&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot\SDHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.3.0.14\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.3.0.14\ips\IPSBHO.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.3.0.14\coIEPlg.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\123r5.lnk - c:\work\123r5\programs\123W.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launch~1.lnk - c:\program files\internet explorer\iexplore.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\outloo~1.lnk - c:\program files\outlook express\msimn.exe
uPolicies-explorer: NoSMMyPictures = 01000000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: chase.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: minlib.net\library
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/sdccommon/download/tgctlsr.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} - hxxps://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210714618796
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345681546843
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{31895384-8040-4821-934B-DDAF97D67FEC} : DhcpNameServer = 192.168.2.1 192.168.2.1 75.75.75.75 75.75.76.76
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\8\application data\mozilla\firefox\profiles\077nmzat.default\
FF - prefs.js: browser.startup.homepage - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=US&userid=2ffec369-92c1-4428-9136-989ebf7458fa&affid=110774&searchtype=hp&babsrc=lnkry
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=US&userid=2ffec369-92c1-4428-9136-989ebf7458fa&affid=110774&searchtype=ds&babsrc=lnkry&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\8\application data\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0603000.00e\symds.sys [2012-8-14 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0603000.00e\symefa.sys [2012-8-14 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\bashdefs\20120811.003\BHDrvx86.sys [2012-8-10 995488]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0603000.00e\ccsetx86.sys [2012-8-14 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0603000.00e\ironx86.sys [2012-8-14 149624]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-5-8 24328]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152720]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.3.0.14\ccsvchst.exe [2012-8-14 138272]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-5-31 361472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-8 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\ipsdefs\20120824.001\IDSXpx86.sys [2012-8-24 373216]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20120824.003\NAVENG.SYS [2012-8-24 92704]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20120824.003\NAVEX15.SYS [2012-8-24 1601184]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2011-5-10 49240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-1 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-15 01:15:29 924320 ----a-w- c:\windows\system32\drivers\n360\0603000.00e\symefa.sys
2012-08-15 01:15:29 388216 ----a-r- c:\windows\system32\drivers\n360\0603000.00e\symtdi.sys
2012-08-15 01:15:29 345208 ----a-r- c:\windows\system32\drivers\n360\0603000.00e\symtdiv.sys
2012-08-15 01:15:29 340088 ----a-r- c:\windows\system32\drivers\n360\0603000.00e\symds.sys
2012-08-15 01:15:29 32928 ----a-w- c:\windows\system32\drivers\n360\0603000.00e\srtspx.sys
2012-08-15 01:15:29 318584 ----a-r- c:\windows\system32\drivers\n360\0603000.00e\symnets.sys
2012-08-15 01:15:28 574112 ----a-w- c:\windows\system32\drivers\n360\0603000.00e\srtsp.sys
2012-08-15 01:15:28 149624 ----a-r- c:\windows\system32\drivers\n360\0603000.00e\ironx86.sys
2012-08-15 01:15:28 132768 ----a-w- c:\windows\system32\drivers\n360\0603000.00e\ccsetx86.sys
2012-08-15 01:15:11 8942 ----a-w- c:\windows\system32\drivers\n360\0603000.00e\symvtcer.dat
2012-08-15 01:15:11 -------- d-----w- c:\windows\system32\drivers\n360\0603000.00E
2012-08-11 19:10:37 1044480 ----a-w- c:\windows\system32\ROBOEX32.DLL
2012-08-09 00:10:59 -------- d-----w- c:\documents and settings\8\local settings\application data\Eraser 6
2012-08-08 22:02:04 -------- d-----w- c:\program files\Foxit Reader
2012-08-06 17:37:04 -------- d-----w- C:\N360_BACKUP
2012-08-01 11:53:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-08-15 00:06:19 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-27 14:33:29 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-06-27 14:33:29 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 21:09:54.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:10 AM

Posted 25 August 2012 - 06:31 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dmh

dmh
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 25 August 2012 - 05:46 PM

Thank you gringo_pr! The help is really very much appreciated. The output from the SecurityCheck and the ComboFix are below. The only hitch was when I started Combofix I got a message that there was no recovery console installed. It gave me the option to have ComboFix download it. Did that but got an error that the files couldn't be downloaded. I clicked on continute scan. The scan worked fun. The initial problem (Goodgle searches returning blank pages) still remains.

Results of screen317's Security Check version 0.99.46
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton 360
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date Spybot installed!
Ad-Aware
WinPatrol
Spybot - Search & Destroy 1.4
SpywareBlaster 4.6
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Eusing Free Registry Cleaner
Java™ 6 Update 26
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox 5.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
WinPatrol winpatrol.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

=============================================================================
ComboFix 12-08-25.04 - 8 08/25/2012 18:19:19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2068 [GMT -4:00]
Running from: c:\documents and settings\8\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\8\Local Settings\Application Data\assembly\tmp
c:\documents and settings\8\WINDOWS
c:\documents and settings\All Users\Application Data\DragToDiscUserNameI.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\System\CTL3DV2.1
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-25 to 2012-08-25 )))))))))))))))))))))))))))))))
.
.
2012-08-15 01:15 . 2012-08-15 18:37 -------- d-----w- c:\windows\system32\drivers\N360\0603000.00E
2012-08-11 19:10 . 2003-01-21 19:54 1044480 ----a-w- c:\windows\system32\ROBOEX32.DLL
2012-08-09 00:10 . 2012-08-09 00:10 -------- d-----w- c:\documents and settings\8\Local Settings\Application Data\Eraser 6
2012-08-08 22:02 . 2012-08-08 22:02 -------- d-----w- c:\program files\Foxit Reader
2012-08-06 17:37 . 2012-08-06 17:37 -------- d-----w- C:\N360_BACKUP
2012-08-01 11:53 . 2012-08-15 00:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 00:06 . 2011-06-11 13:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-05-13 18:12 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46 . 2011-06-13 18:05 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2004-08-10 11:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-10 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-27 14:33 . 2009-08-08 21:42 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-06-27 14:33 . 2009-08-08 21:42 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-10 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2007-07-30 23:18 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2004-08-10 11:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2008-05-13 21:37 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2008-05-13 21:37 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2008-05-13 18:16 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2008-05-13 18:16 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2008-05-13 18:16 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2008-05-13 21:37 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2008-05-13 21:37 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2008-05-13 18:16 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2008-05-13 18:16 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2008-05-13 21:37 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2008-05-13 18:16 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2008-05-13 18:16 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2008-05-14 01:09 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2008-05-14 01:09 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-06-16 04:17 . 2011-06-25 03:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2009-08-24 22:14 827392 ----a-w- c:\program files\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2009-08-24 22:14 827392 ----a-w- c:\program files\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2009-08-24 22:14 827392 ----a-w- c:\program files\Perforce\p4exp.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
123r5.lnk - c:\work\123R5\PROGRAMS\123W.EXE [2008-5-13 109136]
Launch Internet Explorer Browser.lnk - c:\program files\Internet Explorer\iexplore.exe [2008-5-13 638816]
Outlook Express.lnk - c:\program files\Outlook Express\msimn.exe [2008-5-13 60416]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 01000000
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX8400 Series]
2007-02-15 10:00 179200 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICEA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX8400 Series (Copy 1)]
2007-02-15 10:00 179200 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICEA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0603000.00E\symds.sys [8/14/2012 9:15 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0603000.00E\symefa.sys [8/14/2012 9:15 PM 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120811.003\BHDrvx86.sys [8/10/2012 8:25 PM 995488]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0603000.00E\ccsetx86.sys [8/14/2012 9:15 PM 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0603000.00E\ironx86.sys [8/14/2012 9:15 PM 149624]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [5/8/2012 4:37 PM 24328]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/10/2004 7:00 AM 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 1:06 PM 2152720]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.3.0.14\ccsvchst.exe [8/14/2012 9:15 PM 138272]
R2 pcCMService;pcCMService;c:\program files\Common Files\Motive\pcCMService.exe [5/31/2012 11:14 PM 361472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/8/2012 10:37 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120824.001\IDSXpx86.sys [8/24/2012 4:29 PM 373216]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [5/10/2011 6:24 PM 49240]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 12:13 AM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/1/2012 7:54 AM 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 12:13 AM 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 1:06 PM 15232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-01 00:06]
.
2012-08-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-16 23:44]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 04:13]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 04:13]
.
2012-08-25 c:\windows\Tasks\SyncBack 2Wendy.job
- c:\program files\SyncBack\SyncBack.exe [2008-05-14 20:42]
.
2012-08-25 c:\windows\Tasks\SyncBack 3Wendy.job
- c:\program files\SyncBack\SyncBack.exe [2008-05-14 20:42]
.
2012-08-25 c:\windows\Tasks\SyncBack Docs 7 and 8.job
- c:\program files\SyncBack\SyncBack.exe [2008-05-14 20:42]
.
2012-08-25 c:\windows\Tasks\SyncBack Everything to 8L.job
- c:\program files\SyncBack\SyncBack.exe [2008-05-14 20:42]
.
2012-08-25 c:\windows\Tasks\SyncBack Workarea and Software.job
- c:\program files\SyncBack\SyncBack.exe [2008-05-14 20:42]
.
2012-08-25 c:\windows\Tasks\SyncBack Workarea Daily.job
- c:\program files\SyncBack\SyncBack.exe [2008-05-14 20:42]
.
2012-08-25 c:\windows\Tasks\SyncBack Workarea Hourly.job
- c:\program files\SyncBack\SyncBack.exe [2008-05-14 20:42]
.
2012-08-25 c:\windows\Tasks\SyncBack Workarea Immediate.job
- c:\program files\SyncBack\SyncBack.exe [2008-05-14 20:42]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=US&userid=2ffec369-92c1-4428-9136-989ebf7458fa&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
Trusted Zone: chase.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: minlib.net\library
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 75.75.75.75 75.75.76.76
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} - hxxps://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB
FF - ProfilePath - c:\documents and settings\8\Application Data\Mozilla\Firefox\Profiles\077nmzat.default\
FF - prefs.js: browser.startup.homepage - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=US&userid=2ffec369-92c1-4428-9136-989ebf7458fa&affid=110774&searchtype=hp&babsrc=lnkry
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=US&userid=2ffec369-92c1-4428-9136-989ebf7458fa&affid=110774&searchtype=ds&babsrc=lnkry&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-25 18:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"
.
Completion time: 2012-08-25 18:29:55
ComboFix-quarantined-files.txt 2012-08-25 22:29
.
Pre-Run: 84,069,240,832 bytes free
Post-Run: 84,339,208,192 bytes free
.
- - End Of File - - 50A6166C362DB04D942AB933F3A3F3B6

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:10 AM

Posted 25 August 2012 - 05:58 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:10 AM

Posted 25 August 2012 - 06:02 PM

double post

Edited by gringo_pr, 25 August 2012 - 06:03 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 dmh

dmh
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 26 August 2012 - 11:16 PM

Thank you again gringo_pr. I think it's fixed but....
TDSSKiller found one item, then had me reboot. On re-start the software automatically started again. I ran a 2nd scan which showed no problems. Both logs are copied below, as is the aswMBR log. I tried the google search again and it worked fine--just like it used to.

This morning, however something else popped up. It may be unrelated but the timing is suspect and I wanted to ask. When I tried to log in to my account at Chase it just re-cycled me on a loop back to the log in screen. I talked to Chase tech support who wanted me to uninstall and re-install Adobe Flash Player. I held off on that until I ran your scans. After the Google issue was fixed I went uninstalled and reinstalled the Flash Player. Didn't help. Other sites with log ins work fine.

If this is something I should deal with Chase on, that's fine. I wanted to ask in case it was related to something you can see in the logs. Also, I think the Chase tech person was guessing more than knowing.

Than you again.

23:32:24.0781 4724 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
23:32:25.0375 4724 ============================================================
23:32:25.0375 4724 Current date / time: 2012/08/26 23:32:25.0375
23:32:25.0375 4724 SystemInfo:
23:32:25.0375 4724
23:32:25.0375 4724 OS Version: 5.1.2600 ServicePack: 3.0
23:32:25.0375 4724 Product type: Workstation
23:32:25.0375 4724 ComputerName: 8DENNIS
23:32:25.0375 4724 UserName: 8
23:32:25.0375 4724 Windows directory: C:\WINDOWS
23:32:25.0375 4724 System windows directory: C:\WINDOWS
23:32:25.0375 4724 Processor architecture: Intel x86
23:32:25.0375 4724 Number of processors: 2
23:32:25.0375 4724 Page size: 0x1000
23:32:25.0375 4724 Boot type: Normal boot
23:32:25.0375 4724 ============================================================
23:32:26.0062 4724 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:32:26.0062 4724 Drive \Device\Harddisk1\DR1 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:32:26.0109 4724 ============================================================
23:32:26.0109 4724 \Device\Harddisk0\DR0:
23:32:26.0109 4724 MBR partitions:
23:32:26.0109 4724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFEAC6
23:32:26.0125 4724 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFFFEB44, BlocksNum 0x1542EB7D
23:32:26.0125 4724 \Device\Harddisk1\DR1:
23:32:26.0125 4724 MBR partitions:
23:32:26.0125 4724 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x1C840B54
23:32:26.0125 4724 ============================================================
23:32:26.0140 4724 C: <-> \Device\Harddisk0\DR0\Partition1
23:32:26.0171 4724 D: <-> \Device\Harddisk1\DR1\Partition1
23:32:26.0203 4724 J: <-> \Device\Harddisk0\DR0\Partition2
23:32:26.0203 4724 ============================================================
23:32:26.0203 4724 Initialize success
23:32:26.0203 4724 ============================================================
23:32:35.0984 4792 ============================================================
23:32:35.0984 4792 Scan started
23:32:35.0984 4792 Mode: Manual;
23:32:35.0984 4792 ============================================================
23:32:37.0421 4792 ================ Scan system memory ========================
23:32:37.0421 4792 System memory - ok
23:32:37.0421 4792 ================ Scan services =============================
23:32:37.0593 4792 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
23:32:37.0593 4792 6to4 - ok
23:32:37.0609 4792 Abiosdsk - ok
23:32:37.0609 4792 abp480n5 - ok
23:32:37.0656 4792 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:32:37.0671 4792 ACPI - ok
23:32:37.0687 4792 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:32:37.0703 4792 ACPIEC - ok
23:32:37.0703 4792 adpu160m - ok
23:32:37.0750 4792 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:32:37.0750 4792 aec - ok
23:32:37.0796 4792 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:32:37.0796 4792 AFD - ok
23:32:37.0796 4792 Aha154x - ok
23:32:37.0812 4792 aic78u2 - ok
23:32:37.0812 4792 aic78xx - ok
23:32:37.0859 4792 [ 1BE1B07EB9A327E79AB7FD77424DA6BE ] Airgo C:\WINDOWS\system32\DRIVERS\wnihdd51.sys
23:32:37.0906 4792 Airgo - ok
23:32:37.0937 4792 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:32:37.0937 4792 Alerter - ok
23:32:37.0953 4792 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:32:37.0953 4792 ALG - ok
23:32:37.0968 4792 AliIde - ok
23:32:37.0968 4792 amsint - ok
23:32:38.0015 4792 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:32:38.0015 4792 AppMgmt - ok
23:32:38.0015 4792 asc - ok
23:32:38.0015 4792 asc3350p - ok
23:32:38.0031 4792 asc3550 - ok
23:32:38.0109 4792 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:32:38.0171 4792 aspnet_state - ok
23:32:38.0203 4792 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:32:38.0203 4792 AsyncMac - ok
23:32:38.0218 4792 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:32:38.0218 4792 atapi - ok
23:32:38.0218 4792 Atdisk - ok
23:32:38.0250 4792 [ ABC57A6F6070BAF9786C318F59F29F0B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
23:32:38.0265 4792 Ati HotKey Poller - ok
23:32:38.0296 4792 [ 1A73F763DFAD0CA36DBB45BBE1AB66E5 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
23:32:38.0312 4792 ATI Smart - ok
23:32:38.0375 4792 [ 03621F7F968FF63713943405DEB777F9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:32:38.0421 4792 ati2mtag - ok
23:32:38.0437 4792 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:32:38.0437 4792 Atmarpc - ok
23:32:38.0468 4792 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:32:38.0468 4792 AudioSrv - ok
23:32:38.0515 4792 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:32:38.0515 4792 audstub - ok
23:32:38.0531 4792 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
23:32:38.0562 4792 BANTExt - ok
23:32:38.0578 4792 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:32:38.0578 4792 Beep - ok
23:32:38.0750 4792 [ 080BE9BAD2B41B8D91A4BC96C092AA9E ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120811.003\BHDrvx86.sys
23:32:38.0765 4792 BHDrvx86 - ok
23:32:38.0812 4792 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:32:38.0937 4792 BITS - ok
23:32:38.0968 4792 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
23:32:38.0968 4792 Browser - ok
23:32:39.0015 4792 catchme - ok
23:32:39.0031 4792 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:32:39.0031 4792 cbidf2k - ok
23:32:39.0093 4792 [ 8EF654045E518AC00E52E7A1E2D3AD70 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
23:32:39.0093 4792 CCALib8 - ok
23:32:39.0156 4792 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360 C:\WINDOWS\system32\drivers\N360\0603000.00E\ccSetx86.sys
23:32:39.0187 4792 ccSet_N360 - ok
23:32:39.0187 4792 cd20xrnt - ok
23:32:39.0250 4792 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:32:39.0250 4792 Cdaudio - ok
23:32:39.0281 4792 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:32:39.0281 4792 Cdfs - ok
23:32:39.0312 4792 [ FC0BF5DF85F8BB38CB678976259E57D2 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
23:32:39.0312 4792 Cdr4_xp - ok
23:32:39.0328 4792 [ EE162CA67A1158B56F6009EFD252642C ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
23:32:39.0328 4792 Cdralw2k - ok
23:32:39.0328 4792 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:32:39.0328 4792 Cdrom - ok
23:32:39.0359 4792 [ A27BC139A443BF4DF61A7535533927CC ] cdudf_xp C:\WINDOWS\system32\drivers\cdudf_xp.sys
23:32:39.0359 4792 cdudf_xp - ok
23:32:39.0375 4792 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
23:32:39.0375 4792 cercsr6 - ok
23:32:39.0375 4792 Changer - ok
23:32:39.0390 4792 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:32:39.0406 4792 CiSvc - ok
23:32:39.0406 4792 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:32:39.0406 4792 ClipSrv - ok
23:32:39.0453 4792 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:32:39.0546 4792 clr_optimization_v2.0.50727_32 - ok
23:32:39.0562 4792 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:32:39.0640 4792 clr_optimization_v4.0.30319_32 - ok
23:32:39.0640 4792 CmdIde - ok
23:32:39.0640 4792 COMSysApp - ok
23:32:39.0656 4792 Cpqarray - ok
23:32:39.0687 4792 [ 26CE59F9FC8639FD7FED53CE3B785015 ] cpuz135 C:\WINDOWS\system32\drivers\cpuz135_x32.sys
23:32:39.0687 4792 cpuz135 - ok
23:32:39.0718 4792 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:32:39.0718 4792 CryptSvc - ok
23:32:39.0734 4792 dac2w2k - ok
23:32:39.0734 4792 dac960nt - ok
23:32:39.0765 4792 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:32:39.0781 4792 DcomLaunch - ok
23:32:39.0812 4792 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:32:39.0812 4792 Dhcp - ok
23:32:39.0828 4792 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:32:39.0828 4792 Disk - ok
23:32:39.0843 4792 dmadmin - ok
23:32:39.0875 4792 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:32:39.0890 4792 dmboot - ok
23:32:39.0906 4792 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:32:39.0906 4792 dmio - ok
23:32:39.0906 4792 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:32:39.0906 4792 dmload - ok
23:32:39.0921 4792 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:32:39.0937 4792 dmserver - ok
23:32:39.0953 4792 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:32:39.0968 4792 DMusic - ok
23:32:39.0984 4792 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:32:39.0984 4792 Dnscache - ok
23:32:40.0000 4792 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:32:40.0000 4792 Dot3svc - ok
23:32:40.0015 4792 dpti2o - ok
23:32:40.0015 4792 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:32:40.0015 4792 drmkaud - ok
23:32:40.0046 4792 [ 879DE97D532186CDBE749A7ACD508CF0 ] DVDVRRdr_xp C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
23:32:40.0046 4792 DVDVRRdr_xp - ok
23:32:40.0062 4792 [ 6DA1951E3DE986F1080E6852846DF0FB ] dvd_2K C:\WINDOWS\system32\drivers\dvd_2K.sys
23:32:40.0062 4792 dvd_2K - ok
23:32:40.0109 4792 [ 0849EACDC01487573ADD86F5E470806C ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
23:32:40.0109 4792 e1express - ok
23:32:40.0140 4792 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:32:40.0140 4792 EapHost - ok
23:32:40.0218 4792 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:32:40.0218 4792 eeCtrl - ok
23:32:40.0296 4792 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
23:32:40.0296 4792 ehRecvr - ok
23:32:40.0328 4792 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
23:32:40.0328 4792 ehSched - ok
23:32:40.0375 4792 [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
23:32:40.0375 4792 EPSON_PM_RPCV4_01 - ok
23:32:40.0375 4792 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:32:40.0375 4792 EraserUtilRebootDrv - ok
23:32:40.0390 4792 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:32:40.0390 4792 ERSvc - ok
23:32:40.0437 4792 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:32:40.0437 4792 Eventlog - ok
23:32:40.0484 4792 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
23:32:40.0500 4792 EventSystem - ok
23:32:40.0515 4792 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:32:40.0515 4792 Fastfat - ok
23:32:40.0546 4792 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:32:40.0562 4792 FastUserSwitchingCompatibility - ok
23:32:40.0578 4792 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
23:32:40.0578 4792 Fdc - ok
23:32:40.0609 4792 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:32:40.0625 4792 Fips - ok
23:32:40.0625 4792 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:32:40.0625 4792 Flpydisk - ok
23:32:40.0671 4792 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:32:40.0671 4792 FltMgr - ok
23:32:40.0718 4792 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:32:40.0718 4792 FontCache3.0.0.0 - ok
23:32:40.0734 4792 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:32:40.0734 4792 Fs_Rec - ok
23:32:40.0734 4792 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:32:40.0734 4792 Ftdisk - ok
23:32:40.0781 4792 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:32:40.0796 4792 Gpc - ok
23:32:40.0875 4792 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:32:40.0875 4792 gupdate - ok
23:32:40.0875 4792 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:32:40.0875 4792 gupdatem - ok
23:32:40.0890 4792 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:32:40.0906 4792 gusvc - ok
23:32:40.0937 4792 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:32:40.0937 4792 HDAudBus - ok
23:32:40.0984 4792 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:32:40.0984 4792 helpsvc - ok
23:32:40.0984 4792 HidServ - ok
23:32:41.0015 4792 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:32:41.0015 4792 hidusb - ok
23:32:41.0046 4792 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:32:41.0046 4792 hkmsvc - ok
23:32:41.0046 4792 hpn - ok
23:32:41.0078 4792 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:32:41.0109 4792 HPZid412 - ok
23:32:41.0140 4792 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:32:41.0140 4792 HPZipr12 - ok
23:32:41.0156 4792 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:32:41.0156 4792 HPZius12 - ok
23:32:41.0171 4792 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
23:32:41.0187 4792 HSFHWBS2 - ok
23:32:41.0218 4792 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
23:32:41.0281 4792 HSF_DP - ok
23:32:41.0328 4792 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:32:41.0328 4792 HTTP - ok
23:32:41.0359 4792 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:32:41.0359 4792 HTTPFilter - ok
23:32:41.0375 4792 i2omgmt - ok
23:32:41.0375 4792 i2omp - ok
23:32:41.0390 4792 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
23:32:41.0390 4792 i8042prt - ok
23:32:41.0437 4792 [ 294110966CEDD127629C5BE48367C8CF ] iastor C:\WINDOWS\system32\DRIVERS\iaStor.sys
23:32:41.0437 4792 iastor - ok
23:32:41.0500 4792 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:32:41.0515 4792 idsvc - ok
23:32:41.0578 4792 [ 46813C427BF1A937E6F7D1243399B608 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120824.001\IDSxpx86.sys
23:32:41.0578 4792 IDSxpx86 - ok
23:32:41.0625 4792 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:32:41.0625 4792 Imapi - ok
23:32:41.0656 4792 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:32:41.0656 4792 ImapiService - ok
23:32:41.0656 4792 ini910u - ok
23:32:41.0671 4792 IntelIde - ok
23:32:41.0718 4792 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:32:41.0718 4792 intelppm - ok
23:32:41.0765 4792 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
23:32:41.0765 4792 IntuitUpdateService - ok
23:32:41.0781 4792 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:32:41.0796 4792 Ip6Fw - ok
23:32:41.0812 4792 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:32:41.0812 4792 IpFilterDriver - ok
23:32:41.0828 4792 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:32:41.0828 4792 IpInIp - ok
23:32:41.0859 4792 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:32:41.0859 4792 IpNat - ok
23:32:41.0906 4792 [ F08D74EC300B8BA60CA953C58A24D19E ] Iprip C:\WINDOWS\System32\iprip.dll
23:32:41.0906 4792 Iprip - ok
23:32:41.0906 4792 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:32:41.0906 4792 IPSec - ok
23:32:41.0921 4792 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:32:41.0921 4792 IRENUM - ok
23:32:41.0937 4792 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:32:41.0937 4792 isapnp - ok
23:32:42.0031 4792 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
23:32:42.0031 4792 JavaQuickStarterService - ok
23:32:42.0046 4792 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:32:42.0046 4792 Kbdclass - ok
23:32:42.0046 4792 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:32:42.0046 4792 kbdhid - ok
23:32:42.0062 4792 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:32:42.0062 4792 kmixer - ok
23:32:42.0093 4792 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:32:42.0093 4792 KSecDD - ok
23:32:42.0109 4792 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:32:42.0125 4792 lanmanserver - ok
23:32:42.0156 4792 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:32:42.0156 4792 lanmanworkstation - ok
23:32:42.0250 4792 [ 55AFD4A9D5ED4AD40D5215CCDF4D65F3 ] Lavasoft Ad-Aware Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
23:32:42.0312 4792 Lavasoft Ad-Aware Service - ok
23:32:42.0328 4792 [ 6C4A3804510AD8E0F0C07B5BE3D44DDB ] Lavasoft Kernexplorer C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
23:32:42.0328 4792 Lavasoft Kernexplorer - ok
23:32:42.0343 4792 lbrtfdc - ok
23:32:42.0375 4792 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:32:42.0375 4792 LmHosts - ok
23:32:42.0406 4792 [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC C:\WINDOWS\system32\tcpsvcs.exe
23:32:42.0406 4792 LPDSVC - ok
23:32:42.0437 4792 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
23:32:42.0437 4792 McrdSvc - ok
23:32:42.0484 4792 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:32:42.0484 4792 MDM - ok
23:32:42.0515 4792 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:32:42.0515 4792 mdmxsdk - ok
23:32:42.0515 4792 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:32:42.0531 4792 Messenger - ok
23:32:42.0546 4792 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
23:32:42.0546 4792 MHN - ok
23:32:42.0562 4792 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
23:32:42.0562 4792 MHNDRV - ok
23:32:42.0578 4792 [ 8095D2E05301AA131D966492546F1E1C ] mmc_2K C:\WINDOWS\system32\drivers\mmc_2K.sys
23:32:42.0578 4792 mmc_2K - ok
23:32:42.0609 4792 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:32:42.0609 4792 mnmdd - ok
23:32:42.0656 4792 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:32:42.0671 4792 mnmsrvc - ok
23:32:42.0687 4792 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:32:42.0687 4792 Modem - ok
23:32:42.0703 4792 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
23:32:42.0703 4792 MODEMCSA - ok
23:32:42.0718 4792 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:32:42.0718 4792 Mouclass - ok
23:32:42.0718 4792 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:32:42.0734 4792 mouhid - ok
23:32:42.0734 4792 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:32:42.0734 4792 MountMgr - ok
23:32:42.0750 4792 mraid35x - ok
23:32:42.0796 4792 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
23:32:42.0828 4792 MREMP50 - ok
23:32:42.0828 4792 MREMPR5 - ok
23:32:42.0828 4792 MRENDIS5 - ok
23:32:42.0859 4792 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
23:32:42.0875 4792 MRESP50 - ok
23:32:42.0875 4792 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:32:42.0890 4792 MRxDAV - ok
23:32:42.0937 4792 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:32:42.0937 4792 MRxSmb - ok
23:32:42.0984 4792 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:32:42.0984 4792 MSDTC - ok
23:32:43.0000 4792 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:32:43.0000 4792 Msfs - ok
23:32:43.0000 4792 MSIServer - ok
23:32:43.0015 4792 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:32:43.0015 4792 MSKSSRV - ok
23:32:43.0031 4792 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:32:43.0031 4792 MSPCLOCK - ok
23:32:43.0046 4792 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:32:43.0046 4792 MSPQM - ok
23:32:43.0046 4792 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:32:43.0062 4792 mssmbios - ok
23:32:43.0078 4792 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:32:43.0078 4792 Mup - ok
23:32:43.0140 4792 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
23:32:43.0140 4792 N360 - ok
23:32:43.0171 4792 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:32:43.0171 4792 napagent - ok
23:32:43.0250 4792 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120826.009\NAVENG.SYS
23:32:43.0250 4792 NAVENG - ok
23:32:43.0296 4792 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120826.009\NAVEX15.SYS
23:32:43.0359 4792 NAVEX15 - ok
23:32:43.0390 4792 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:32:43.0390 4792 NDIS - ok
23:32:43.0421 4792 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:32:43.0437 4792 NdisTapi - ok
23:32:43.0453 4792 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:32:43.0468 4792 Ndisuio - ok
23:32:43.0468 4792 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:32:43.0468 4792 NdisWan - ok
23:32:43.0484 4792 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:32:43.0484 4792 NDProxy - ok
23:32:43.0515 4792 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
23:32:43.0515 4792 Net Driver HPZ12 - ok
23:32:43.0515 4792 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:32:43.0515 4792 NetBIOS - ok
23:32:43.0531 4792 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:32:43.0531 4792 NetBT - ok
23:32:43.0562 4792 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:32:43.0562 4792 NetDDE - ok
23:32:43.0562 4792 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:32:43.0562 4792 NetDDEdsdm - ok
23:32:43.0625 4792 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:32:43.0625 4792 Netlogon - ok
23:32:43.0640 4792 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:32:43.0640 4792 Netman - ok
23:32:43.0656 4792 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:32:43.0703 4792 NetTcpPortSharing - ok
23:32:43.0734 4792 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:32:43.0734 4792 Nla - ok
23:32:43.0750 4792 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
23:32:43.0750 4792 nm - ok
23:32:43.0765 4792 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:32:43.0765 4792 Npfs - ok
23:32:43.0796 4792 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:32:43.0812 4792 Ntfs - ok
23:32:43.0812 4792 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:32:43.0812 4792 NtLmSsp - ok
23:32:43.0843 4792 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:32:43.0859 4792 NtmsSvc - ok
23:32:43.0890 4792 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:32:43.0890 4792 Null - ok
23:32:43.0906 4792 [ 2C2FD0E6B0180F94C260DD26706AA5F4 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
23:32:43.0921 4792 NWCWorkstation - ok
23:32:43.0937 4792 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:32:43.0937 4792 NwlnkFlt - ok
23:32:43.0953 4792 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:32:43.0953 4792 NwlnkFwd - ok
23:32:43.0953 4792 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
23:32:43.0968 4792 NwlnkIpx - ok
23:32:43.0968 4792 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
23:32:43.0968 4792 NwlnkNb - ok
23:32:43.0984 4792 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
23:32:43.0984 4792 NwlnkSpx - ok
23:32:44.0000 4792 [ 36B9B950E3D2E100970A48D8BAD86740 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
23:32:44.0000 4792 NWRDR - ok
23:32:44.0015 4792 [ 4B83FCBBE72AF5F99D109798653E8B78 ] NwSapAgent C:\WINDOWS\System32\ipxsap.dll
23:32:44.0031 4792 NwSapAgent - ok
23:32:44.0046 4792 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:32:44.0062 4792 ose - ok
23:32:44.0093 4792 [ 937A02981F11B2CE96B1D493C95AED2B ] p2pgasvc C:\WINDOWS\system32\p2pgasvc.dll
23:32:44.0093 4792 p2pgasvc - ok
23:32:44.0125 4792 [ 4A1035CB8F0D57BE41873B5183D96CF4 ] p2pimsvc C:\WINDOWS\system32\p2psvc.dll
23:32:44.0140 4792 p2pimsvc - ok
23:32:44.0156 4792 [ 4A1035CB8F0D57BE41873B5183D96CF4 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
23:32:44.0156 4792 p2psvc - ok
23:32:44.0171 4792 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
23:32:44.0171 4792 Parport - ok
23:32:44.0187 4792 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:32:44.0187 4792 PartMgr - ok
23:32:44.0250 4792 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:32:44.0250 4792 ParVdm - ok
23:32:44.0265 4792 [ 9C049ACD0CB71931AF89E055427DFAC9 ] pcCMService C:\Program Files\Common Files\Motive\pcCMService.exe
23:32:44.0281 4792 pcCMService - ok
23:32:44.0281 4792 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:32:44.0281 4792 PCI - ok
23:32:44.0296 4792 PCIDump - ok
23:32:44.0296 4792 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:32:44.0296 4792 PCIIde - ok
23:32:44.0296 4792 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:32:44.0296 4792 Pcmcia - ok
23:32:44.0312 4792 PDCOMP - ok
23:32:44.0312 4792 PDFRAME - ok
23:32:44.0312 4792 PDRELI - ok
23:32:44.0328 4792 PDRFRAME - ok
23:32:44.0328 4792 perc2 - ok
23:32:44.0328 4792 perc2hib - ok
23:32:44.0359 4792 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:32:44.0359 4792 PlugPlay - ok
23:32:44.0375 4792 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
23:32:44.0375 4792 Pml Driver HPZ12 - ok
23:32:44.0390 4792 [ 4A1035CB8F0D57BE41873B5183D96CF4 ] PNRPSvc C:\WINDOWS\system32\p2psvc.dll
23:32:44.0390 4792 PNRPSvc - ok
23:32:44.0406 4792 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:32:44.0406 4792 PolicyAgent - ok
23:32:44.0406 4792 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:32:44.0421 4792 PptpMiniport - ok
23:32:44.0421 4792 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:32:44.0421 4792 ProtectedStorage - ok
23:32:44.0421 4792 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:32:44.0421 4792 PSched - ok
23:32:44.0437 4792 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:32:44.0437 4792 Ptilink - ok
23:32:44.0437 4792 [ EBAE372D36658E2BCB6A347BB78C5144 ] pwd_2k C:\WINDOWS\system32\drivers\pwd_2k.sys
23:32:44.0453 4792 pwd_2k - ok
23:32:44.0468 4792 [ 617ACCADA2E0A0F43EC6030BBAC49513 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:32:44.0468 4792 PxHelp20 - ok
23:32:44.0468 4792 ql1080 - ok
23:32:44.0468 4792 Ql10wnt - ok
23:32:44.0484 4792 ql12160 - ok
23:32:44.0484 4792 ql1240 - ok
23:32:44.0484 4792 ql1280 - ok
23:32:44.0500 4792 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:32:44.0500 4792 RasAcd - ok
23:32:44.0546 4792 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:32:44.0546 4792 RasAuto - ok
23:32:44.0546 4792 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:32:44.0546 4792 Rasl2tp - ok
23:32:44.0578 4792 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:32:44.0593 4792 RasMan - ok
23:32:44.0593 4792 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:32:44.0593 4792 RasPppoe - ok
23:32:44.0593 4792 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:32:44.0593 4792 Raspti - ok
23:32:44.0640 4792 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:32:44.0640 4792 Rdbss - ok
23:32:44.0656 4792 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:32:44.0656 4792 RDPCDD - ok
23:32:44.0656 4792 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:32:44.0671 4792 rdpdr - ok
23:32:44.0718 4792 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:32:44.0718 4792 RDPWD - ok
23:32:44.0734 4792 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:32:44.0750 4792 RDSessMgr - ok
23:32:44.0765 4792 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:32:44.0765 4792 redbook - ok
23:32:44.0796 4792 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:32:44.0812 4792 RemoteAccess - ok
23:32:44.0828 4792 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:32:44.0828 4792 RemoteRegistry - ok
23:32:44.0843 4792 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
23:32:44.0843 4792 RpcLocator - ok
23:32:44.0875 4792 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
23:32:44.0875 4792 RpcSs - ok
23:32:44.0890 4792 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:32:44.0906 4792 RSVP - ok
23:32:44.0906 4792 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:32:44.0906 4792 SamSs - ok
23:32:44.0921 4792 SANDRA - ok
23:32:44.0953 4792 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:32:44.0953 4792 SCardSvr - ok
23:32:44.0968 4792 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:32:44.0984 4792 Schedule - ok
23:32:45.0000 4792 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:32:45.0000 4792 Secdrv - ok
23:32:45.0000 4792 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:32:45.0015 4792 seclogon - ok
23:32:45.0031 4792 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:32:45.0031 4792 SENS - ok
23:32:45.0078 4792 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
23:32:45.0078 4792 Serial - ok
23:32:45.0125 4792 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
23:32:45.0125 4792 Sfloppy - ok
23:32:45.0140 4792 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:32:45.0156 4792 SharedAccess - ok
23:32:45.0171 4792 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:32:45.0187 4792 ShellHWDetection - ok
23:32:45.0187 4792 Simbad - ok
23:32:45.0187 4792 [ 32933B07FC16D9F778BEE12545FA1B1A ] SimpTcp C:\WINDOWS\system32\tcpsvcs.exe
23:32:45.0187 4792 SimpTcp - ok
23:32:45.0203 4792 Sparrow - ok
23:32:45.0234 4792 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:32:45.0234 4792 splitter - ok
23:32:45.0250 4792 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:32:45.0250 4792 Spooler - ok
23:32:45.0296 4792 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:32:45.0296 4792 sr - ok
23:32:45.0312 4792 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:32:45.0312 4792 srservice - ok
23:32:45.0359 4792 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\N360\0603000.00E\SRTSP.SYS
23:32:45.0375 4792 SRTSP - ok
23:32:45.0406 4792 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\N360\0603000.00E\SRTSPX.SYS
23:32:45.0406 4792 SRTSPX - ok
23:32:45.0421 4792 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:32:45.0421 4792 Srv - ok
23:32:45.0437 4792 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:32:45.0453 4792 SSDPSRV - ok
23:32:45.0484 4792 [ F70AB08582E06A8BDA3E470592D1A394 ] STacSV C:\WINDOWS\system32\STacSV.exe
23:32:45.0500 4792 STacSV - ok
23:32:45.0531 4792 [ 5C031C715E14F10DFC9395004F54EE21 ] stdriver C:\WINDOWS\system32\DRIVERS\stdriver32.sys
23:32:45.0546 4792 stdriver - ok
23:32:45.0593 4792 [ 0AA91BBE468B3F46072091F18003ECAA ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
23:32:45.0640 4792 STHDA - ok
23:32:45.0671 4792 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
23:32:45.0671 4792 StillCam - ok
23:32:45.0703 4792 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:32:45.0703 4792 stisvc - ok
23:32:45.0734 4792 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:32:45.0750 4792 swenum - ok
23:32:45.0765 4792 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:32:45.0765 4792 swmidi - ok
23:32:45.0765 4792 SwPrv - ok
23:32:45.0859 4792 [ EDAFA57C298461A5EA448F4B546AFB4B ] Symantec RemoteAssist C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
23:32:45.0859 4792 Symantec RemoteAssist - ok
23:32:45.0859 4792 symc810 - ok
23:32:45.0875 4792 symc8xx - ok
23:32:45.0906 4792 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\N360\0603000.00E\SYMDS.SYS
23:32:45.0906 4792 SymDS - ok
23:32:45.0937 4792 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\N360\0603000.00E\SYMEFA.SYS
23:32:45.0953 4792 SymEFA - ok
23:32:45.0984 4792 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
23:32:45.0984 4792 SymEvent - ok
23:32:46.0015 4792 [ A7100EA17ED9EAF365362A05BF430E77 ] SymIM C:\WINDOWS\system32\DRIVERS\SymIM.sys
23:32:46.0015 4792 SymIM - ok
23:32:46.0015 4792 [ A7100EA17ED9EAF365362A05BF430E77 ] SymIMMP C:\WINDOWS\system32\DRIVERS\SymIM.sys
23:32:46.0031 4792 SymIMMP - ok
23:32:46.0062 4792 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\N360\0603000.00E\Ironx86.SYS
23:32:46.0062 4792 SymIRON - ok
23:32:46.0078 4792 [ B226F8A4D780ACDF76145B58BB791D5B ] symlcbrd C:\WINDOWS\system32\drivers\symlcbrd.sys
23:32:46.0093 4792 symlcbrd - ok
23:32:46.0125 4792 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\N360\0603000.00E\SYMTDI.SYS
23:32:46.0125 4792 SYMTDI - ok
23:32:46.0140 4792 sym_hi - ok
23:32:46.0140 4792 sym_u3 - ok
23:32:46.0156 4792 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:32:46.0156 4792 sysaudio - ok
23:32:46.0203 4792 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:32:46.0203 4792 SysmonLog - ok
23:32:46.0234 4792 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:32:46.0234 4792 TapiSrv - ok
23:32:46.0281 4792 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:32:46.0296 4792 Tcpip - ok
23:32:46.0312 4792 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
23:32:46.0312 4792 Tcpip6 - ok
23:32:46.0343 4792 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:32:46.0343 4792 TDPIPE - ok
23:32:46.0375 4792 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:32:46.0375 4792 TDTCP - ok
23:32:46.0390 4792 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:32:46.0390 4792 TermDD - ok
23:32:46.0421 4792 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:32:46.0421 4792 TermService - ok
23:32:46.0453 4792 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:32:46.0468 4792 Themes - ok
23:32:46.0500 4792 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:32:46.0500 4792 TlntSvr - ok
23:32:46.0500 4792 TosIde - ok
23:32:46.0515 4792 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:32:46.0531 4792 TrkWks - ok
23:32:46.0562 4792 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
23:32:46.0562 4792 tunmp - ok
23:32:46.0562 4792 [ 91BFDE97FC50EE92158F9106E4E00B6B ] UdfReadr_xp C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
23:32:46.0578 4792 UdfReadr_xp - ok
23:32:46.0609 4792 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:32:46.0609 4792 Udfs - ok
23:32:46.0625 4792 ultra - ok
23:32:46.0640 4792 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:32:46.0656 4792 Update - ok
23:32:46.0687 4792 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:32:46.0687 4792 upnphost - ok
23:32:46.0703 4792 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:32:46.0703 4792 UPS - ok
23:32:46.0718 4792 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:32:46.0734 4792 usbccgp - ok
23:32:46.0750 4792 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:32:46.0750 4792 usbehci - ok
23:32:46.0765 4792 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:32:46.0765 4792 usbhub - ok
23:32:46.0781 4792 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:32:46.0781 4792 usbprint - ok
23:32:46.0796 4792 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:32:46.0796 4792 usbscan - ok
23:32:46.0812 4792 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:32:46.0812 4792 usbstor - ok
23:32:46.0828 4792 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:32:46.0828 4792 usbuhci - ok
23:32:46.0828 4792 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:32:46.0828 4792 VgaSave - ok
23:32:46.0843 4792 ViaIde - ok
23:32:46.0843 4792 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:32:46.0843 4792 VolSnap - ok
23:32:46.0875 4792 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:32:46.0890 4792 VSS - ok
23:32:46.0921 4792 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:32:46.0921 4792 W32Time - ok
23:32:46.0937 4792 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:32:46.0937 4792 Wanarp - ok
23:32:46.0937 4792 WDICA - ok
23:32:46.0953 4792 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:32:46.0953 4792 wdmaud - ok
23:32:46.0984 4792 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:32:47.0000 4792 WebClient - ok
23:32:47.0015 4792 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:32:47.0031 4792 winachsf - ok
23:32:47.0093 4792 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:32:47.0093 4792 winmgmt - ok
23:32:47.0140 4792 [ 668056D5C3C11AB7D266819A96B964E8 ] WMDM PMSP Service C:\WINDOWS\system32\MsPMSPSv.exe
23:32:47.0140 4792 WMDM PMSP Service - ok
23:32:47.0156 4792 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:32:47.0156 4792 WmdmPmSN - ok
23:32:47.0203 4792 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:32:47.0203 4792 Wmi - ok
23:32:47.0234 4792 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:32:47.0234 4792 WmiApSrv - ok
23:32:47.0296 4792 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:32:47.0328 4792 WMPNetworkSvc - ok
23:32:47.0390 4792 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:32:47.0421 4792 WPFFontCache_v0400 - ok
23:32:47.0437 4792 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:32:47.0453 4792 WS2IFSL - ok
23:32:47.0468 4792 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:32:47.0468 4792 wscsvc - ok
23:32:47.0484 4792 WSearch - ok
23:32:47.0484 4792 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:32:47.0500 4792 wuauserv - ok
23:32:47.0515 4792 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:32:47.0515 4792 WudfPf - ok
23:32:47.0531 4792 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:32:47.0531 4792 WudfRd - ok
23:32:47.0562 4792 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:32:47.0562 4792 WudfSvc - ok
23:32:47.0609 4792 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:32:47.0687 4792 WZCSVC - ok
23:32:47.0718 4792 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:32:47.0734 4792 xmlprov - ok
23:32:47.0734 4792 ================ Scan global ===============================
23:32:47.0750 4792 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:32:47.0765 4792 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:32:47.0796 4792 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:32:47.0828 4792 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:32:47.0828 4792 [Global] - ok
23:32:47.0828 4792 ================ Scan MBR ==================================
23:32:47.0843 4792 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:32:47.0843 4792 Suspicious mbr (Forged): \Device\Harddisk0\DR0
23:32:47.0875 4792 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
23:32:47.0875 4792 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
23:32:47.0875 4792 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk1\DR1
23:32:48.0187 4792 \Device\Harddisk1\DR1 - ok
23:32:48.0187 4792 ================ Scan VBR ==================================
23:32:48.0187 4792 [ 35BC94E715E6D5F23DEC04000A2086B0 ] \Device\Harddisk0\DR0\Partition1
23:32:48.0187 4792 \Device\Harddisk0\DR0\Partition1 - ok
23:32:48.0203 4792 [ 7EDFE4C9CA4A256F8B913686219A48FD ] \Device\Harddisk0\DR0\Partition2
23:32:48.0203 4792 \Device\Harddisk0\DR0\Partition2 - ok
23:32:48.0203 4792 [ DD68A6C15C7C3A286FD19169737348D7 ] \Device\Harddisk1\DR1\Partition1
23:32:48.0203 4792 \Device\Harddisk1\DR1\Partition1 - ok
23:32:48.0203 4792 ============================================================
23:32:48.0203 4792 Scan finished
23:32:48.0203 4792 ============================================================
23:32:48.0218 4784 Detected object count: 1
23:32:48.0218 4784 Actual detected object count: 1
23:33:22.0140 4784 \Device\Harddisk0\DR0\# - copied to quarantine
23:33:22.0156 4784 \Device\Harddisk0\DR0 - copied to quarantine
23:33:22.0187 4784 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
23:33:22.0187 4784 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
23:33:22.0187 4784 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
23:33:22.0203 4784 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
23:33:22.0203 4784 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
23:33:22.0218 4784 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
23:33:22.0218 4784 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
23:33:22.0218 4784 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
23:33:22.0234 4784 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
23:33:22.0234 4784 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
23:33:22.0234 4784 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
23:33:22.0250 4784 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
23:33:22.0250 4784 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
23:33:22.0296 4784 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
23:33:22.0296 4784 \Device\Harddisk0\DR0 - ok
23:33:22.0453 4784 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
23:33:45.0593 4704 Deinitialize success

================================================
2nd TDSKiller log
23:37:03.0171 1700 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
23:37:03.0687 1700 ============================================================
23:37:03.0687 1700 Current date / time: 2012/08/26 23:37:03.0687
23:37:03.0687 1700 SystemInfo:
23:37:03.0687 1700
23:37:03.0687 1700 OS Version: 5.1.2600 ServicePack: 3.0
23:37:03.0687 1700 Product type: Workstation
23:37:03.0687 1700 ComputerName: 8DENNIS
23:37:03.0687 1700 UserName: 8
23:37:03.0687 1700 Windows directory: C:\WINDOWS
23:37:03.0687 1700 System windows directory: C:\WINDOWS
23:37:03.0687 1700 Processor architecture: Intel x86
23:37:03.0687 1700 Number of processors: 2
23:37:03.0687 1700 Page size: 0x1000
23:37:03.0687 1700 Boot type: Normal boot
23:37:03.0687 1700 ============================================================
23:37:06.0328 1700 BG loaded
23:37:07.0031 1700 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:37:07.0046 1700 Drive \Device\Harddisk1\DR1 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:37:07.0093 1700 ============================================================
23:37:07.0093 1700 \Device\Harddisk0\DR0:
23:37:07.0203 1700 MBR partitions:
23:37:07.0203 1700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFEAC6
23:37:07.0625 1700 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFFFEB44, BlocksNum 0x1542EB7D
23:37:07.0625 1700 \Device\Harddisk1\DR1:
23:37:07.0625 1700 MBR partitions:
23:37:07.0625 1700 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x1C840B54
23:37:07.0625 1700 ============================================================
23:37:07.0750 1700 C: <-> \Device\Harddisk0\DR0\Partition1
23:37:07.0781 1700 D: <-> \Device\Harddisk1\DR1\Partition1
23:37:08.0453 1700 J: <-> \Device\Harddisk0\DR0\Partition2
23:37:08.0453 1700 ============================================================
23:37:08.0453 1700 Initialize success
23:37:08.0453 1700 ============================================================
23:37:40.0531 4048 ============================================================
23:37:40.0531 4048 Scan started
23:37:40.0531 4048 Mode: Manual;
23:37:40.0531 4048 ============================================================
23:37:40.0968 4048 ================ Scan system memory ========================
23:37:40.0968 4048 System memory - ok
23:37:40.0968 4048 ================ Scan services =============================
23:37:41.0109 4048 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
23:37:41.0109 4048 6to4 - ok
23:37:41.0125 4048 Abiosdsk - ok
23:37:41.0125 4048 abp480n5 - ok
23:37:41.0171 4048 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:37:41.0187 4048 ACPI - ok
23:37:41.0203 4048 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:37:41.0203 4048 ACPIEC - ok
23:37:41.0218 4048 adpu160m - ok
23:37:41.0250 4048 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:37:41.0250 4048 aec - ok
23:37:41.0296 4048 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:37:41.0296 4048 AFD - ok
23:37:41.0296 4048 Aha154x - ok
23:37:41.0312 4048 aic78u2 - ok
23:37:41.0312 4048 aic78xx - ok
23:37:41.0359 4048 [ 1BE1B07EB9A327E79AB7FD77424DA6BE ] Airgo C:\WINDOWS\system32\DRIVERS\wnihdd51.sys
23:37:41.0437 4048 Airgo - ok
23:37:41.0468 4048 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:37:41.0468 4048 Alerter - ok
23:37:41.0515 4048 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:37:41.0515 4048 ALG - ok
23:37:41.0515 4048 AliIde - ok
23:37:41.0531 4048 amsint - ok
23:37:41.0562 4048 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:37:41.0562 4048 AppMgmt - ok
23:37:41.0562 4048 asc - ok
23:37:41.0578 4048 asc3350p - ok
23:37:41.0578 4048 asc3550 - ok
23:37:41.0781 4048 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:37:41.0828 4048 aspnet_state - ok
23:37:41.0937 4048 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:37:41.0937 4048 AsyncMac - ok
23:37:41.0968 4048 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:37:41.0968 4048 atapi - ok
23:37:41.0984 4048 Atdisk - ok
23:37:42.0031 4048 [ ABC57A6F6070BAF9786C318F59F29F0B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
23:37:42.0031 4048 Ati HotKey Poller - ok
23:37:42.0062 4048 [ 1A73F763DFAD0CA36DBB45BBE1AB66E5 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
23:37:42.0062 4048 ATI Smart - ok
23:37:42.0109 4048 [ 03621F7F968FF63713943405DEB777F9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:37:42.0125 4048 ati2mtag - ok
23:37:42.0171 4048 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:37:42.0171 4048 Atmarpc - ok
23:37:42.0234 4048 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:37:42.0234 4048 AudioSrv - ok
23:37:42.0281 4048 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:37:42.0281 4048 audstub - ok
23:37:42.0296 4048 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
23:37:42.0296 4048 BANTExt - ok
23:37:42.0328 4048 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:37:42.0328 4048 Beep - ok
23:37:42.0531 4048 [ 080BE9BAD2B41B8D91A4BC96C092AA9E ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120811.003\BHDrvx86.sys
23:37:42.0531 4048 BHDrvx86 - ok
23:37:42.0593 4048 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:37:42.0718 4048 BITS - ok
23:37:42.0828 4048 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
23:37:42.0828 4048 Browser - ok
23:37:43.0109 4048 catchme - ok
23:37:43.0203 4048 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:37:43.0234 4048 cbidf2k - ok
23:37:43.0343 4048 [ 8EF654045E518AC00E52E7A1E2D3AD70 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
23:37:43.0359 4048 CCALib8 - ok
23:37:43.0437 4048 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360 C:\WINDOWS\system32\drivers\N360\0603000.00E\ccSetx86.sys
23:37:43.0468 4048 ccSet_N360 - ok
23:37:43.0468 4048 cd20xrnt - ok
23:37:43.0531 4048 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:37:43.0531 4048 Cdaudio - ok
23:37:43.0562 4048 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:37:43.0578 4048 Cdfs - ok
23:37:43.0640 4048 [ FC0BF5DF85F8BB38CB678976259E57D2 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
23:37:43.0656 4048 Cdr4_xp - ok
23:37:43.0671 4048 [ EE162CA67A1158B56F6009EFD252642C ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
23:37:43.0671 4048 Cdralw2k - ok
23:37:43.0671 4048 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:37:43.0687 4048 Cdrom - ok
23:37:43.0718 4048 [ A27BC139A443BF4DF61A7535533927CC ] cdudf_xp C:\WINDOWS\system32\drivers\cdudf_xp.sys
23:37:43.0718 4048 cdudf_xp - ok
23:37:43.0750 4048 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
23:37:43.0765 4048 cercsr6 - ok
23:37:43.0781 4048 Changer - ok
23:37:43.0812 4048 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:37:43.0828 4048 CiSvc - ok
23:37:43.0906 4048 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:37:43.0906 4048 ClipSrv - ok
23:37:43.0984 4048 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:37:44.0359 4048 clr_optimization_v2.0.50727_32 - ok
23:37:44.0484 4048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:37:44.0656 4048 clr_optimization_v4.0.30319_32 - ok
23:37:44.0671 4048 CmdIde - ok
23:37:44.0671 4048 COMSysApp - ok
23:37:44.0687 4048 Cpqarray - ok
23:37:44.0781 4048 [ 26CE59F9FC8639FD7FED53CE3B785015 ] cpuz135 C:\WINDOWS\system32\drivers\cpuz135_x32.sys
23:37:44.0796 4048 cpuz135 - ok
23:37:44.0843 4048 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:37:44.0843 4048 CryptSvc - ok
23:37:44.0843 4048 dac2w2k - ok
23:37:44.0859 4048 dac960nt - ok
23:37:44.0921 4048 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:37:44.0937 4048 DcomLaunch - ok
23:37:44.0984 4048 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:37:45.0000 4048 Dhcp - ok
23:37:45.0031 4048 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:37:45.0031 4048 Disk - ok
23:37:45.0046 4048 dmadmin - ok
23:37:45.0078 4048 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:37:45.0093 4048 dmboot - ok
23:37:45.0125 4048 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:37:45.0125 4048 dmio - ok
23:37:45.0171 4048 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:37:45.0171 4048 dmload - ok
23:37:45.0234 4048 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:37:45.0234 4048 dmserver - ok
23:37:45.0281 4048 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:37:45.0281 4048 DMusic - ok
23:37:45.0343 4048 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:37:45.0343 4048 Dnscache - ok
23:37:45.0390 4048 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:37:45.0390 4048 Dot3svc - ok
23:37:45.0390 4048 dpti2o - ok
23:37:45.0390 4048 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:37:45.0390 4048 drmkaud - ok
23:37:45.0453 4048 [ 879DE97D532186CDBE749A7ACD508CF0 ] DVDVRRdr_xp C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
23:37:45.0453 4048 DVDVRRdr_xp - ok
23:37:45.0453 4048 [ 6DA1951E3DE986F1080E6852846DF0FB ] dvd_2K C:\WINDOWS\system32\drivers\dvd_2K.sys
23:37:45.0468 4048 dvd_2K - ok
23:37:45.0500 4048 [ 0849EACDC01487573ADD86F5E470806C ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
23:37:45.0500 4048 e1express - ok
23:37:45.0515 4048 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:37:45.0531 4048 EapHost - ok
23:37:45.0656 4048 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:37:45.0656 4048 eeCtrl - ok
23:37:46.0093 4048 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
23:37:46.0093 4048 ehRecvr - ok
23:37:46.0125 4048 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
23:37:46.0125 4048 ehSched - ok
23:37:46.0187 4048 [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
23:37:46.0187 4048 EPSON_PM_RPCV4_01 - ok
23:37:46.0203 4048 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:37:46.0203 4048 EraserUtilRebootDrv - ok
23:37:46.0250 4048 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:37:46.0250 4048 ERSvc - ok
23:37:46.0296 4048 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:37:46.0296 4048 Eventlog - ok
23:37:46.0343 4048 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
23:37:46.0343 4048 EventSystem - ok
23:37:46.0375 4048 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:37:46.0375 4048 Fastfat - ok
23:37:46.0437 4048 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:37:46.0437 4048 FastUserSwitchingCompatibility - ok
23:37:46.0468 4048 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
23:37:46.0468 4048 Fdc - ok
23:37:46.0515 4048 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:37:46.0515 4048 Fips - ok
23:37:46.0531 4048 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:37:46.0531 4048 Flpydisk - ok
23:37:46.0578 4048 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:37:46.0609 4048 FltMgr - ok
23:37:46.0671 4048 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:37:46.0687 4048 FontCache3.0.0.0 - ok
23:37:46.0687 4048 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:37:46.0687 4048 Fs_Rec - ok
23:37:46.0687 4048 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:37:46.0703 4048 Ftdisk - ok
23:37:46.0734 4048 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:37:46.0734 4048 Gpc - ok
23:37:46.0937 4048 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:37:46.0937 4048 gupdate - ok
23:37:46.0953 4048 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:37:46.0953 4048 gupdatem - ok
23:37:47.0187 4048 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:37:47.0187 4048 gusvc - ok
23:37:47.0203 4048 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:37:47.0203 4048 HDAudBus - ok
23:37:47.0250 4048 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:37:47.0250 4048 helpsvc - ok
23:37:47.0265 4048 HidServ - ok
23:37:47.0296 4048 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:37:47.0296 4048 hidusb - ok
23:37:47.0359 4048 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:37:47.0359 4048 hkmsvc - ok
23:37:47.0359 4048 hpn - ok
23:37:47.0406 4048 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:37:47.0421 4048 HPZid412 - ok
23:37:47.0484 4048 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:37:47.0500 4048 HPZipr12 - ok
23:37:47.0531 4048 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:37:47.0562 4048 HPZius12 - ok
23:37:47.0593 4048 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
23:37:47.0609 4048 HSFHWBS2 - ok
23:37:47.0687 4048 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
23:37:47.0703 4048 HSF_DP - ok
23:37:47.0765 4048 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:37:47.0781 4048 HTTP - ok
23:37:47.0796 4048 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:37:47.0796 4048 HTTPFilter - ok
23:37:47.0812 4048 i2omgmt - ok
23:37:47.0812 4048 i2omp - ok
23:37:47.0828 4048 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
23:37:47.0828 4048 i8042prt - ok
23:37:47.0890 4048 [ 294110966CEDD127629C5BE48367C8CF ] iastor C:\WINDOWS\system32\DRIVERS\iaStor.sys
23:37:47.0890 4048 iastor - ok
23:37:47.0953 4048 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:37:48.0296 4048 idsvc - ok
23:37:48.0375 4048 [ 46813C427BF1A937E6F7D1243399B608 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120824.001\IDSxpx86.sys
23:37:48.0375 4048 IDSxpx86 - ok
23:37:48.0421 4048 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:37:48.0421 4048 Imapi - ok
23:37:48.0546 4048 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:37:48.0546 4048 ImapiService - ok
23:37:48.0546 4048 ini910u - ok
23:37:48.0562 4048 IntelIde - ok
23:37:48.0640 4048 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:37:48.0640 4048 intelppm - ok
23:37:48.0718 4048 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
23:37:48.0718 4048 IntuitUpdateService - ok
23:37:48.0734 4048 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:37:48.0734 4048 Ip6Fw - ok
23:37:48.0796 4048 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:37:48.0796 4048 IpFilterDriver - ok
23:37:48.0812 4048 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:37:48.0812 4048 IpInIp - ok
23:37:48.0859 4048 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:37:48.0859 4048 IpNat - ok
23:37:48.0921 4048 [ F08D74EC300B8BA60CA953C58A24D19E ] Iprip C:\WINDOWS\System32\iprip.dll
23:37:48.0921 4048 Iprip - ok
23:37:48.0968 4048 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:37:48.0968 4048 IPSec - ok
23:37:48.0984 4048 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:37:49.0000 4048 IRENUM - ok
23:37:49.0031 4048 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:37:49.0031 4048 isapnp - ok
23:37:49.0140 4048 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
23:37:49.0156 4048 JavaQuickStarterService - ok
23:37:49.0218 4048 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:37:49.0218 4048 Kbdclass - ok
23:37:49.0234 4048 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:37:49.0234 4048 kbdhid - ok
23:37:49.0265 4048 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:37:49.0265 4048 kmixer - ok
23:37:49.0343 4048 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:37:49.0343 4048 KSecDD - ok
23:37:49.0375 4048 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:37:49.0375 4048 lanmanserver - ok
23:37:49.0437 4048 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:37:49.0453 4048 lanmanworkstation - ok
23:37:49.0546 4048 [ 55AFD4A9D5ED4AD40D5215CCDF4D65F3 ] Lavasoft Ad-Aware Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
23:37:49.0562 4048 Lavasoft Ad-Aware Service - ok
23:37:49.0578 4048 [ 6C4A3804510AD8E0F0C07B5BE3D44DDB ] Lavasoft Kernexplorer C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
23:37:49.0578 4048 Lavasoft Kernexplorer - ok
23:37:49.0593 4048 lbrtfdc - ok
23:37:49.0625 4048 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:37:49.0625 4048 LmHosts - ok
23:37:49.0671 4048 [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC C:\WINDOWS\system32\tcpsvcs.exe
23:37:49.0687 4048 LPDSVC - ok
23:37:49.0718 4048 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
23:37:49.0734 4048 McrdSvc - ok
23:37:49.0812 4048 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:37:49.0828 4048 MDM - ok
23:37:49.0859 4048 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:37:49.0859 4048 mdmxsdk - ok
23:37:49.0890 4048 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:37:49.0890 4048 Messenger - ok
23:37:49.0906 4048 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
23:37:49.0921 4048 MHN - ok
23:37:49.0953 4048 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
23:37:49.0953 4048 MHNDRV - ok
23:37:49.0968 4048 [ 8095D2E05301AA131D966492546F1E1C ] mmc_2K C:\WINDOWS\system32\drivers\mmc_2K.sys
23:37:49.0968 4048 mmc_2K - ok
23:37:50.0000 4048 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:37:50.0000 4048 mnmdd - ok
23:37:50.0031 4048 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:37:50.0031 4048 mnmsrvc - ok
23:37:50.0046 4048 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:37:50.0062 4048 Modem - ok
23:37:50.0078 4048 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
23:37:50.0093 4048 MODEMCSA - ok
23:37:50.0125 4048 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:37:50.0125 4048 Mouclass - ok
23:37:50.0125 4048 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:37:50.0125 4048 mouhid - ok
23:37:50.0140 4048 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:37:50.0140 4048 MountMgr - ok
23:37:50.0156 4048 mraid35x - ok
23:37:50.0203 4048 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
23:37:50.0203 4048 MREMP50 - ok
23:37:50.0203 4048 MREMPR5 - ok
23:37:50.0203 4048 MRENDIS5 - ok
23:37:50.0218 4048 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
23:37:50.0250 4048 MRESP50 - ok
23:37:50.0250 4048 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:37:50.0250 4048 MRxDAV - ok
23:37:50.0312 4048 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:37:50.0312 4048 MRxSmb - ok
23:37:50.0343 4048 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:37:50.0359 4048 MSDTC - ok
23:37:50.0375 4048 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:37:50.0375 4048 Msfs - ok
23:37:50.0375 4048 MSIServer - ok
23:37:50.0390 4048 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:37:50.0406 4048 MSKSSRV - ok
23:37:50.0406 4048 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:37:50.0406 4048 MSPCLOCK - ok
23:37:50.0421 4048 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:37:50.0421 4048 MSPQM - ok
23:37:50.0453 4048 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:37:50.0468 4048 mssmbios - ok
23:37:50.0484 4048 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:37:50.0484 4048 Mup - ok
23:37:50.0562 4048 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
23:37:50.0562 4048 N360 - ok
23:37:50.0593 4048 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:37:50.0593 4048 napagent - ok
23:37:50.0687 4048 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120826.009\NAVENG.SYS
23:37:50.0718 4048 NAVENG - ok
23:37:50.0765 4048 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120826.009\NAVEX15.SYS
23:37:50.0765 4048 NAVEX15 - ok
23:37:50.0812 4048 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:37:50.0812 4048 NDIS - ok
23:37:50.0843 4048 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:37:50.0859 4048 NdisTapi - ok
23:37:50.0875 4048 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:37:50.0875 4048 Ndisuio - ok
23:37:50.0906 4048 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:37:50.0906 4048 NdisWan - ok
23:37:50.0937 4048 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:37:50.0953 4048 NDProxy - ok
23:37:51.0000 4048 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
23:37:51.0000 4048 Net Driver HPZ12 - ok
23:37:51.0031 4048 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:37:51.0031 4048 NetBIOS - ok
23:37:51.0078 4048 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:37:51.0078 4048 NetBT - ok
23:37:51.0109 4048 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:37:51.0109 4048 NetDDE - ok
23:37:51.0125 4048 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:37:51.0125 4048 NetDDEdsdm - ok
23:37:51.0140 4048 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:37:51.0140 4048 Netlogon - ok
23:37:51.0187 4048 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:37:51.0187 4048 Netman - ok
23:37:51.0218 4048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:37:51.0250 4048 NetTcpPortSharing - ok
23:37:51.0281 4048 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:37:51.0296 4048 Nla - ok
23:37:51.0312 4048 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
23:37:51.0312 4048 nm - ok
23:37:51.0343 4048 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:37:51.0343 4048 Npfs - ok
23:37:51.0390 4048 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:37:51.0390 4048 Ntfs - ok
23:37:51.0390 4048 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:37:51.0406 4048 NtLmSsp - ok
23:37:51.0468 4048 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:37:51.0484 4048 NtmsSvc - ok
23:37:51.0500 4048 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:37:51.0515 4048 Null - ok
23:37:51.0531 4048 [ 2C2FD0E6B0180F94C260DD26706AA5F4 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
23:37:51.0531 4048 NWCWorkstation - ok
23:37:51.0609 4048 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:37:51.0609 4048 NwlnkFlt - ok
23:37:51.0671 4048 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:37:51.0671 4048 NwlnkFwd - ok
23:37:51.0718 4048 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
23:37:51.0718 4048 NwlnkIpx - ok
23:37:51.0734 4048 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
23:37:51.0734 4048 NwlnkNb - ok
23:37:51.0765 4048 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
23:37:51.0765 4048 NwlnkSpx - ok
23:37:51.0765 4048 [ 36B9B950E3D2E100970A48D8BAD86740 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
23:37:51.0781 4048 NWRDR - ok
23:37:51.0812 4048 [ 4B83FCBBE72AF5F99D109798653E8B78 ] NwSapAgent C:\WINDOWS\System32\ipxsap.dll
23:37:51.0812 4048 NwSapAgent - ok
23:37:51.0843 4048 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:37:51.0859 4048 ose - ok
23:37:51.0890 4048 [ 937A02981F11B2CE96B1D493C95AED2B ] p2pgasvc C:\WINDOWS\system32\p2pgasvc.dll
23:37:51.0890 4048 p2pgasvc - ok
23:37:51.0937 4048 [ 4A1035CB8F0D57BE41873B5183D96CF4 ] p2pimsvc C:\WINDOWS\system32\p2psvc.dll
23:37:51.0953 4048 p2pimsvc - ok
23:37:51.0968 4048 [ 4A1035CB8F0D57BE41873B5183D96CF4 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
23:37:51.0968 4048 p2psvc - ok
23:37:51.0984 4048 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
23:37:51.0984 4048 Parport - ok
23:37:52.0000 4048 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:37:52.0000 4048 PartMgr - ok
23:37:52.0015 4048 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:37:52.0031 4048 ParVdm - ok
23:37:52.0046 4048 [ 9C049ACD0CB71931AF89E055427DFAC9 ] pcCMService C:\Program Files\Common Files\Motive\pcCMService.exe
23:37:52.0062 4048 pcCMService - ok
23:37:52.0093 4048 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:37:52.0140 4048 PCI - ok
23:37:52.0140 4048 PCIDump - ok
23:37:52.0140 4048 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:37:52.0140 4048 PCIIde - ok
23:37:52.0156 4048 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:37:52.0156 4048 Pcmcia - ok
23:37:52.0156 4048 PDCOMP - ok
23:37:52.0156 4048 PDFRAME - ok
23:37:52.0171 4048 PDRELI - ok
23:37:52.0171 4048 PDRFRAME - ok
23:37:52.0187 4048 perc2 - ok
23:37:52.0187 4048 perc2hib - ok
23:37:52.0234 4048 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:37:52.0234 4048 PlugPlay - ok
23:37:52.0265 4048 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
23:37:52.0265 4048 Pml Driver HPZ12 - ok
23:37:52.0296 4048 [ 4A1035CB8F0D57BE41873B5183D96CF4 ] PNRPSvc C:\WINDOWS\system32\p2psvc.dll
23:37:52.0296 4048 PNRPSvc - ok
23:37:52.0296 4048 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:37:52.0312 4048 PolicyAgent - ok
23:37:52.0421 4048 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:37:52.0421 4048 PptpMiniport - ok
23:37:52.0421 4048 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:37:52.0421 4048 ProtectedStorage - ok
23:37:52.0437 4048 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:37:52.0437 4048 PSched - ok
23:37:52.0437 4048 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:37:52.0437 4048 Ptilink - ok
23:37:52.0453 4048 [ EBAE372D36658E2BCB6A347BB78C5144 ] pwd_2k C:\WINDOWS\system32\drivers\pwd_2k.sys
23:37:52.0484 4048 pwd_2k - ok
23:37:52.0546 4048 [ 617ACCADA2E0A0F43EC6030BBAC49513 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:37:52.0609 4048 PxHelp20 - ok
23:37:52.0609 4048 ql1080 - ok
23:37:52.0609 4048 Ql10wnt - ok
23:37:52.0609 4048 ql12160 - ok
23:37:52.0625 4048 ql1240 - ok
23:37:52.0625 4048 ql1280 - ok
23:37:52.0687 4048 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:37:52.0687 4048 RasAcd - ok
23:37:52.0734 4048 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:37:52.0750 4048 RasAuto - ok
23:37:52.0781 4048 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:37:52.0859 4048 Rasl2tp - ok
23:37:52.0890 4048 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:37:52.0890 4048 RasMan - ok
23:37:52.0906 4048 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:37:52.0906 4048 RasPppoe - ok
23:37:52.0906 4048 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:37:52.0906 4048 Raspti - ok
23:37:52.0953 4048 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:37:52.0968 4048 Rdbss - ok
23:37:52.0984 4048 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:37:52.0984 4048 RDPCDD - ok
23:37:53.0000 4048 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:37:53.0031 4048 rdpdr - ok
23:37:53.0078 4048 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:37:53.0109 4048 RDPWD - ok
23:37:53.0156 4048 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:37:53.0156 4048 RDSessMgr - ok
23:37:53.0203 4048 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:37:53.0203 4048 redbook - ok
23:37:53.0250 4048 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:37:53.0250 4048 RemoteAccess - ok
23:37:53.0281 4048 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:37:53.0296 4048 RemoteRegistry - ok
23:37:53.0312 4048 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
23:37:53.0312 4048 RpcLocator - ok
23:37:53.0359 4048 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
23:37:53.0375 4048 RpcSs - ok
23:37:53.0406 4048 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:37:53.0437 4048 RSVP - ok
23:37:53.0468 4048 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:37:53.0468 4048 SamSs - ok
23:37:53.0484 4048 SANDRA - ok
23:37:53.0500 4048 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:37:53.0500 4048 SCardSvr - ok
23:37:53.0531 4048 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:37:53.0531 4048 Schedule - ok
23:37:53.0578 4048 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:37:53.0593 4048 Secdrv - ok
23:37:53.0625 4048 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:37:53.0625 4048 seclogon - ok
23:37:53.0656 4048 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:37:53.0656 4048 SENS - ok
23:37:53.0703 4048 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
23:37:53.0703 4048 Serial - ok
23:37:53.0750 4048 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
23:37:53.0750 4048 Sfloppy - ok
23:37:53.0796 4048 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:37:53.0796 4048 SharedAccess - ok
23:37:53.0812 4048 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:37:53.0812 4048 ShellHWDetection - ok
23:37:53.0828 4048 Simbad - ok
23:37:53.0828 4048 [ 32933B07FC16D9F778BEE12545FA1B1A ] SimpTcp C:\WINDOWS\system32\tcpsvcs.exe
23:37:53.0828 4048 SimpTcp - ok
23:37:53.0843 4048 Sparrow - ok
23:37:53.0859 4048 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:37:53.0859 4048 splitter - ok
23:37:53.0875 4048 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:37:53.0875 4048 Spooler - ok
23:37:53.0890 4048 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:37:53.0906 4048 sr - ok
23:37:53.0937 4048 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:37:53.0937 4048 srservice - ok
23:37:53.0984 4048 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\N360\0603000.00E\SRTSP.SYS
23:37:54.0000 4048 SRTSP - ok
23:37:54.0031 4048 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\N360\0603000.00E\SRTSPX.SYS
23:37:54.0031 4048 SRTSPX - ok
23:37:54.0062 4048 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:37:54.0062 4048 Srv - ok
23:37:54.0093 4048 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:37:54.0093 4048 SSDPSRV - ok
23:37:54.0125 4048 [ F70AB08582E06A8BDA3E470592D1A394 ] STacSV C:\WINDOWS\system32\STacSV.exe
23:37:54.0125 4048 STacSV - ok
23:37:54.0156 4048 [ 5C031C715E14F10DFC9395004F54EE21 ] stdriver C:\WINDOWS\system32\DRIVERS\stdriver32.sys
23:37:54.0171 4048 stdriver - ok
23:37:54.0218 4048 [ 0AA91BBE468B3F46072091F18003ECAA ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
23:37:54.0250 4048 STHDA - ok
23:37:54.0328 4048 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
23:37:54.0343 4048 StillCam - ok
23:37:54.0390 4048 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:37:54.0390 4048 stisvc - ok
23:37:54.0390 4048 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:37:54.0406 4048 swenum - ok
23:37:54.0437 4048 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:37:54.0437 4048 swmidi - ok
23:37:54.0437 4048 SwPrv - ok
23:37:54.0515 4048 [ EDAFA57C298461A5EA448F4B546AFB4B ] Symantec RemoteAssist C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
23:37:54.0546 4048 Symantec RemoteAssist - ok
23:37:54.0546 4048 symc810 - ok
23:37:54.0562 4048 symc8xx - ok
23:37:54.0593 4048 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\N360\0603000.00E\SYMDS.SYS
23:37:54.0609 4048 SymDS - ok
23:37:54.0671 4048 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\N360\0603000.00E\SYMEFA.SYS
23:37:54.0718 4048 SymEFA - ok
23:37:54.0781 4048 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
23:37:54.0781 4048 SymEvent - ok
23:37:54.0812 4048 [ A7100EA17ED9EAF365362A05BF430E77 ] SymIM C:\WINDOWS\system32\DRIVERS\SymIM.sys
23:37:54.0812 4048 SymIM - ok
23:37:54.0812 4048 [ A7100EA17ED9EAF365362A05BF430E77 ] SymIMMP C:\WINDOWS\system32\DRIVERS\SymIM.sys
23:37:54.0812 4048 SymIMMP - ok
23:37:54.0859 4048 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\N360\0603000.00E\Ironx86.SYS
23:37:54.0859 4048 SymIRON - ok
23:37:54.0890 4048 [ B226F8A4D780ACDF76145B58BB791D5B ] symlcbrd C:\WINDOWS\system32\drivers\symlcbrd.sys
23:37:54.0906 4048 symlcbrd - ok
23:37:54.0953 4048 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\N360\0603000.00E\SYMTDI.SYS
23:37:54.0953 4048 SYMTDI - ok
23:37:54.0953 4048 sym_hi - ok
23:37:54.0968 4048 sym_u3 - ok
23:37:55.0000 4048 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:37:55.0000 4048 sysaudio - ok
23:37:55.0046 4048 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:37:55.0062 4048 SysmonLog - ok
23:37:55.0093 4048 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:37:55.0093 4048 TapiSrv - ok
23:37:55.0140 4048 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:37:55.0140 4048 Tcpip - ok
23:37:55.0156 4048 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
23:37:55.0156 4048 Tcpip6 - ok
23:37:55.0187 4048 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:37:55.0187 4048 TDPIPE - ok
23:37:55.0203 4048 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:37:55.0203 4048 TDTCP - ok
23:37:55.0234 4048 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:37:55.0234 4048 TermDD - ok
23:37:55.0296 4048 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:37:55.0296 4048 TermService - ok
23:37:55.0312 4048 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:37:55.0312 4048 Themes - ok
23:37:55.0359 4048 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:37:55.0359 4048 TlntSvr - ok
23:37:55.0359 4048 TosIde - ok
23:37:55.0390 4048 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:37:55.0390 4048 TrkWks - ok
23:37:55.0437 4048 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
23:37:55.0453 4048 tunmp - ok
23:37:55.0500 4048 [ 91BFDE97FC50EE92158F9106E4E00B6B ] UdfReadr_xp C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
23:37:55.0500 4048 UdfReadr_xp - ok
23:37:55.0562 4048 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:37:55.0562 4048 Udfs - ok
23:37:55.0578 4048 ultra - ok
23:37:55.0609 4048 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:37:55.0609 4048 Update - ok
23:37:55.0640 4048 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:37:55.0640 4048 upnphost - ok
23:37:55.0671 4048 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:37:55.0687 4048 UPS - ok
23:37:55.0703 4048 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:37:55.0703 4048 usbccgp - ok
23:37:55.0750 4048 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:37:55.0750 4048 usbehci - ok
23:37:55.0750 4048 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:37:55.0765 4048 usbhub - ok
23:37:55.0765 4048 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:37:55.0765 4048 usbprint - ok
23:37:55.0781 4048 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:37:55.0796 4048 usbscan - ok
23:37:55.0812 4048 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:37:55.0812 4048 usbstor - ok
23:37:55.0812 4048 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:37:55.0812 4048 usbuhci - ok
23:37:55.0828 4048 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:37:55.0828 4048 VgaSave - ok
23:37:55.0828 4048 ViaIde - ok
23:37:55.0828 4048 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:37:55.0843 4048 VolSnap - ok
23:37:55.0859 4048 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:37:55.0875 4048 VSS - ok
23:37:55.0906 4048 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:37:55.0906 4048 W32Time - ok
23:37:55.0921 4048 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:37:55.0921 4048 Wanarp - ok
23:37:55.0937 4048 WDICA - ok
23:37:55.0953 4048 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:37:55.0953 4048 wdmaud - ok
23:37:55.0968 4048 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:37:55.0968 4048 WebClient - ok
23:37:56.0015 4048 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:37:56.0015 4048 winachsf - ok
23:37:56.0078 4048 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:37:56.0078 4048 winmgmt - ok
23:37:56.0125 4048 [ 668056D5C3C11AB7D266819A96B964E8 ] WMDM PMSP Service C:\WINDOWS\system32\MsPMSPSv.exe
23:37:56.0125 4048 WMDM PMSP Service - ok
23:37:56.0156 4048 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:37:56.0171 4048 WmdmPmSN - ok
23:37:56.0218 4048 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:37:56.0218 4048 Wmi - ok
23:37:56.0234 4048 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:37:56.0250 4048 WmiApSrv - ok
23:37:56.0296 4048 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:37:56.0359 4048 WMPNetworkSvc - ok
23:37:56.0421 4048 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:37:56.0453 4048 WPFFontCache_v0400 - ok
23:37:56.0484 4048 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:37:56.0484 4048 WS2IFSL - ok
23:37:56.0515 4048 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:37:56.0515 4048 wscsvc - ok
23:37:56.0515 4048 WSearch - ok
23:37:56.0531 4048 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:37:56.0531 4048 wuauserv - ok
23:37:56.0578 4048 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:37:56.0578 4048 WudfPf - ok
23:37:56.0593 4048 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:37:56.0609 4048 WudfRd - ok
23:37:56.0656 4048 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:37:56.0656 4048 WudfSvc - ok
23:37:56.0718 4048 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:37:56.0796 4048 WZCSVC - ok
23:37:56.0859 4048 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:37:56.0875 4048 xmlprov - ok
23:37:56.0875 4048 ================ Scan global ===============================
23:37:56.0937 4048 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:37:56.0953 4048 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:37:56.0968 4048 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:37:56.0984 4048 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:37:56.0984 4048 [Global] - ok
23:37:56.0984 4048 ================ Scan MBR ==================================
23:37:57.0000 4048 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:37:57.0187 4048 \Device\Harddisk0\DR0 - ok
23:37:57.0187 4048 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk1\DR1
23:37:57.0500 4048 \Device\Harddisk1\DR1 - ok
23:37:57.0500 4048 ================ Scan VBR ==================================
23:37:57.0500 4048 [ 35BC94E715E6D5F23DEC04000A2086B0 ] \Device\Harddisk0\DR0\Partition1
23:37:57.0500 4048 \Device\Harddisk0\DR0\Partition1 - ok
23:37:57.0546 4048 [ 7EDFE4C9CA4A256F8B913686219A48FD ] \Device\Harddisk0\DR0\Partition2
23:37:57.0546 4048 \Device\Harddisk0\DR0\Partition2 - ok
23:37:57.0562 4048 [ DD68A6C15C7C3A286FD19169737348D7 ] \Device\Harddisk1\DR1\Partition1
23:37:57.0562 4048 \Device\Harddisk1\DR1\Partition1 - ok
23:37:57.0562 4048 ============================================================
23:37:57.0562 4048 Scan finished
23:37:57.0562 4048 ============================================================
23:37:57.0562 4052 Detected object count: 0
23:37:57.0562 4052 Actual detected object count: 0
23:38:04.0312 2396 Deinitialize success
=============aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-26 23:43:11
-----------------------------
23:43:11.250 OS Version: Windows 5.1.2600 Service Pack 3
23:43:11.250 Number of processors: 2 586 0x604
23:43:11.250 ComputerName: 8DENNIS UserName: 8
23:43:11.984 Initialize success
23:44:48.828 AVAST engine defs: 12082601
23:45:22.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:45:22.015 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
23:45:22.015 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
23:45:22.015 Disk 1 Vendor: SAMSUNG_ VT10 Size: 238418MB BusType: 3
23:45:22.031 Disk 0 MBR read successfully
23:45:22.031 Disk 0 MBR scan
23:45:22.078 Disk 0 Windows XP default MBR code
23:45:22.078 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131069 MB offset 63
23:45:22.093 Disk 0 Partition - 00 0F Extended LBA 174173 MB offset 268430085
23:45:22.093 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 174173 MB offset 268430148
23:45:22.109 Disk 0 scanning sectors +625137345
23:45:22.171 Disk 0 scanning C:\WINDOWS\system32\drivers
23:45:31.968 Service scanning
23:46:35.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\8\Desktop\MBR.dat"
23:46:35.984 The log file has been saved successfully to "C:\Documents and Settings\8\Desktop\aswMBR.txt"


=======================================

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:10 AM

Posted 26 August 2012 - 11:34 PM

Greetings

I do not see anything at this time so do again what they suggested and see if it fixes itself

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 dmh

dmh
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 27 August 2012 - 10:09 AM

Hi gringo-pr:
The combofix output is below. When it started I got a message that the Windows recovery console wasn't installed and gave the option to have combofix get and install it. Tried that but got an error that it couldn't install and gave the option to continue. Seemed to work fine after that.

My original problem of the Google search is solved! Works fine. I reinstalled the Adobe Flash Player again but that didn't help the Chase log on.

If you see any improvements that might speed up the computer that would be most appreciated. After 5 years or so I know I'm overdue for a Windows reinstall but that's 2 solid days of work (at least for me) so it'll have to wait until I have more time on my hands.

Thank you again.



ComboFix 12-08-25.04 - 8 08/27/2012 10:47:11.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2118 [GMT -4:00]
Running from: c:\documents and settings\8\Desktop\bleeping... aug 2012-2\ComboFix.exe
Command switches used :: c:\documents and settings\8\Desktop\cfscript.txt
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 )))))))))))))))))))))))))))))))
.
.
2012-08-27 03:55 . 2012-08-27 03:55 -------- d-----w- c:\program files\Common Files\Java
2012-08-27 03:52 . 2012-08-27 03:52 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-27 03:52 . 2012-08-27 03:52 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-27 03:51 . 2012-08-27 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-08-27 03:40 . 2012-08-27 03:40 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-27 03:40 . 2012-08-27 03:40 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-27 03:33 . 2012-08-27 03:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-15 01:15 . 2012-08-15 18:37 -------- d-----w- c:\windows\system32\drivers\N360\0603000.00E
2012-08-11 19:10 . 2003-01-21 19:54 1044480 ----a-w- c:\windows\system32\ROBOEX32.DLL
2012-08-09 00:10 . 2012-08-09 00:10 -------- d-----w- c:\documents and settings\8\Local Settings\Application Data\Eraser 6
2012-08-08 22:02 . 2012-08-08 22:02 -------- d-----w- c:\program files\Foxit Reader
2012-08-06 17:37 . 2012-08-06 17:37 -------- d-----w- C:\N360_BACKUP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-27 03:52 . 2008-09-17 22:20 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-06 13:58 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-05-13 18:12 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46 . 2011-06-13 18:05 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2004-08-10 11:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-10 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-27 14:33 . 2009-08-08 21:42 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-06-27 14:33 . 2009-08-08 21:42 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-10 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2007-07-30 23:18 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2004-08-10 11:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2008-05-13 21:37 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2008-05-13 21:37 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2008-05-13 18:16 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2008-05-13 18:16 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2008-05-13 18:16 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2008-05-13 21:37 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2008-05-13 21:37 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2008-05-13 18:16 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2008-05-13 18:16 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2008-05-13 21:37 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2008-05-13 18:16 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2008-05-13 18:16 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2008-05-14 01:09 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2008-05-14 01:09 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-06-16 04:17 . 2011-06-25 03:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-25_22.26.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-27 12:34 . 2012-08-27 12:34 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_e60.dat
+ 2012-08-27 12:33 . 2012-08-27 12:33 16384 c:\windows\Temp\Perflib_Perfdata_7a4.dat
+ 2012-08-27 12:40 . 2012-08-27 12:40 16384 c:\windows\Temp\Perflib_Perfdata_138.dat
+ 2012-08-27 03:40 . 2012-08-27 03:40 690888 c:\windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
+ 2012-08-27 03:40 . 2012-08-27 03:40 250568 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-08-27 03:52 . 2012-08-27 03:52 246760 c:\windows\system32\javaws.exe
+ 2012-08-27 03:52 . 2012-08-27 03:52 174056 c:\windows\system32\javaw.exe
+ 2012-08-27 03:52 . 2012-08-27 03:52 174056 c:\windows\system32\java.exe
+ 2012-08-27 03:55 . 2012-08-27 03:55 176128 c:\windows\Installer\fb4d8.msi
+ 2012-08-27 03:52 . 2012-08-27 03:52 873984 c:\windows\Installer\fb4c6.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2009-08-24 22:14 827392 ----a-w- c:\program files\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2009-08-24 22:14 827392 ----a-w- c:\program files\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2009-08-24 22:14 827392 ----a-w- c:\program files\Perforce\p4exp.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
123r5.lnk - c:\work\123R5\PROGRAMS\123W.EXE [2008-5-13 109136]
Launch Internet Explorer Browser.lnk - c:\program files\Internet Explorer\iexplore.exe [2008-5-13 638816]
Outlook Express.lnk - c:\program files\Outlook Express\msimn.exe [2008-5-13 60416]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 01000000
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX8400 Series]
2007-02-15 10:00 179200 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICEA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX8400 Series (Copy 1)]
2007-02-15 10:00 179200 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICEA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0603000.00E\symds.sys [8/14/2012 9:15 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0603000.00E\symefa.sys [8/14/2012 9:15 PM 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120811.003\BHDrvx86.sys [8/10/2012 8:25 PM 995488]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0603000.00E\ccsetx86.sys [8/14/2012 9:15 PM 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0603000.00E\ironx86.sys [8/14/2012 9:15 PM 149624]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [5/8/2012 4:37 PM 24328]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/10/2004 7:00 AM 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 1:06 PM 2152720]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.3.0.14\ccsvchst.exe [8/14/2012 9:15 PM 138272]
R2 pcCMService;pcCMService;c:\program files\Common Files\Motive\pcCMService.exe [5/31/2012 11:14 PM 361472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/8/2012 10:37 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120824.001\IDSXpx86.sys [8/24/2012 4:29 PM 373216]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [5/10/2011 6:24 PM 49240]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 12:13 AM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/26/2012 11:40 PM 250568]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 12:13 AM 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 1:06 PM 15232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 12:40]
.
2012-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 03:40]
.
2012-08-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-16 23:44]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 04:13]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 04:13]
.
2012-08-25 c:\windows\Tasks\SyncBack 2Wendy.job
- c:\program files\SyncBack\SyncBack.exe [2008-05-14 20:42]
.
2012-08-25 c:\windows\Tasks\SyncBack 3Wendy.job
- c:\program files\SyncBack\SyncBack.exe [2008-05-14 20:42]
.
2012-08-25 c:\windows\Tasks\SyncBack Docs 7 and 8.job
- c:\program files\SyncBack\SyncBack.exe [2008-05-14 20:42]
.
2012-08-25 c:\windows\Tasks\SyncBack Everything to 8L.job
- c:\program files\SyncBack\SyncBack.exe [2008-05-14 20:42]
.
2012-08-25 c:\windows\Tasks\SyncBack Workarea and Software.job
- c:\program files\SyncBack\SyncBack.exe [2008-05-14 20:42]
.
2012-08-27 c:\windows\Tasks\SyncBack Workarea Daily.job
- c:\program files\SyncBack\SyncBack.exe [2008-05-14 20:42]
.
2012-08-25 c:\windows\Tasks\SyncBack Workarea Hourly.job
- c:\program files\SyncBack\SyncBack.exe [2008-05-14 20:42]
.
2012-08-25 c:\windows\Tasks\SyncBack Workarea Immediate.job
- c:\program files\SyncBack\SyncBack.exe [2008-05-14 20:42]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=US&userid=2ffec369-92c1-4428-9136-989ebf7458fa&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
Trusted Zone: chase.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: minlib.net\library
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 75.75.75.75 75.75.76.76
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} - hxxps://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB
FF - ProfilePath - c:\documents and settings\8\Application Data\Mozilla\Firefox\Profiles\077nmzat.default\
FF - prefs.js: browser.startup.homepage - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=US&userid=2ffec369-92c1-4428-9136-989ebf7458fa&affid=110774&searchtype=hp&babsrc=lnkry
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=US&userid=2ffec369-92c1-4428-9136-989ebf7458fa&affid=110774&searchtype=ds&babsrc=lnkry&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-85290191.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-27 10:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5912)
c:\windows\system32\WININET.dll
c:\program files\Perforce\p4exp.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\progra~1\MICROS~2\OFFICE11\MCPS.DLL
c:\program files\Microsoft Silverlight\xapauthenticodesip.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Completion time: 2012-08-27 10:56:43
ComboFix-quarantined-files.txt 2012-08-27 14:56
.
Pre-Run: 84,074,053,632 bytes free
Post-Run: 84,104,626,176 bytes free
.
- - End Of File - - BDFF6275A35F730E765FF68368823A50

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:10 AM

Posted 27 August 2012 - 02:07 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 26 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 dmh

dmh
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 27 August 2012 - 03:35 PM

The Malwarebytes and HiJackThis logs follow. The only issue that came up is after uninstalling the Java6/26 update when I went to install Java it said version 7, update 6 was already installed. I let that lie and went on with the rest of your directions.

The Google issue remains fixed. The Chase log in still sends me on the loop back to the log in page. It looks like I'm infection free !!

Please let me know if there's anything else you'd suggest. The Chase thing may well be something peculiar to them. I can access their site from my other computer anyway.

Thank you again.



Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.27.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
8 :: 8DENNIS [administrator]

8/27/2012 4:12:49 PM
mbam-log-2012-08-27 (16-12-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214659
Time elapsed: 6 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
====================================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:21:53 PM, on 8/27/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=US&userid=2ffec369-92c1-4428-9136-989ebf7458fa&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=US&userid=2ffec369-92c1-4428-9136-989ebf7458fa&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.3.0.14\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.3.0.14\coIEPlg.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - Global Startup: 123r5.lnk = C:\Work\123R5\PROGRAMS\123W.EXE
O4 - Global Startup: Launch Internet Explorer Browser.lnk = C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdccommon/download/tgctlsr.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} (CheckFileStatus.UserControl1) - https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210714618796
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345681546843
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 8745 bytes

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:10 AM

Posted 27 August 2012 - 03:55 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
      O4 - Global Startup: 123r5.lnk = C:\Work\123R5\PROGRAMS\123W.EXE
      O4 - Global Startup: Launch Internet Explorer Browser.lnk = C:\Program Files\Internet Explorer\iexplore.exe
      O4 - Global Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 dmh

dmh
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 28 August 2012 - 03:50 PM

Hi gringo_pr.
The Eset scan had some unexpected results. After an hour it was only 20% done and it was midnight. I didnít want the computer running all night with my antivirus software disabled so I disconnected the computer from the internet. In the morning the computer was off. No evidence of a crash recovery when I turned it on but the keyboard didnít work. I rebooted and the keyboard was fine. When I opened Eset it said the scan had run 5 hours and 50 minutes. I had disabled Norton 360 for 5 hours so perhaps the conflict came from that.

Before going to bed the scan had reported 4 threats. Donít know if other threats were found after midnight. On the 2nd running of Eset it found 7 threats (see log file below). The four Iíd seen earlier are the three olmarik ones and the installq variant.

A further note: Before running Eset the 2nd time this morning I had to get to my banking site so I installed Mozilla Firefox. I didnít (or tried not to!) install the associated Babylon application. I mention that because Babylon and an Ask toolbar show up as threats and you wouldnít have seen that on previous logs.

Please let me know if these are benign items or things that I should do something about. The computer itself is running fine. I deleted some of the start up items you suggested and it does boot faster.

Thank you again.

C:\Documents and Settings\8\Local Settings\temp\ICReinstall_mozilla-firefox-toDownload[1].exe
a variant of Win32/InstallCore.AM application
C:\Documents and Settings\8\Local Settings\temp\4A02FCDF-BAB0-7891-9186-B84D11826B74\Latest\MyBabylonTB.exe Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{91DE40A2-1E65-45F6-9048-4C80675E2D60}\RP1980\A0389977.exe
a variant of Win32/InstallIQ application
C:\TDSSKiller_Quarantine\26.08.2012_23.32.25\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\26.08.2012_23.32.25\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\26.08.2012_23.32.25\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan
C:\WINDOWS\ApnToolbarInstaller.exe Win32/Bundled.Toolbar.Ask application

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:10 AM

Posted 28 August 2012 - 07:54 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Documents and Settings\8\Local Settings\temp\ICReinstall_mozilla-firefox-toDownload[1].exe"
    rd /s /q "C:\Documents and Settings\8\Local Settings\temp\4A02FCDF-BAB0-7891-9186-B84D11826B74\"
    del /f /s /q "C:\WINDOWS\ApnToolbarInstaller.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as Ďperfect securityí. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 dmh

dmh
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 29 August 2012 - 04:09 PM

Thank you so much for your help. The Google search function is working fine now and my boot up is faster. Thank you again.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:10 AM

Posted 29 August 2012 - 04:29 PM

you are more than welcome



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users