Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Reinfected with zeroaccess


  • This topic is locked This topic is locked
16 replies to this topic

#1 jjmoon7172

jjmoon7172

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 16 November 2012 - 10:36 AM

NAV is detecting spyware but continuously stalls before showing the resulting name of the infection. I had attempted a system restore after it first detected it as ZeroAccess! C, but it must still be there. I ran TDSSKiller but no threats were detected.

TheAttached File  attach.txt   5.23KB   1 downloads GMER tool is unable to complete. Thank you for your help.

DDS Log

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.7.2
Run by Jenny at 9:06:50 on 2012-11-16
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1014.213 [GMT -6:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\Windows\System32\AsusService.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Cobian Backup 11\cbVSCService11.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
C:\Program Files\EeePC\CapsHook\CapsHook.exe
C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\windows\system32\lxeccoms.exe
C:\Program Files\Boingo\Boingo Wi-Finder\Boingo Wi-Finder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\windows\system32\conhost.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\20.2.0.19\ips\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - c:\program files\norton identity safe\engine\2013.2.0.18\CoIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - c:\program files\norton identity safe\engine\2013.2.0.18\CoIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [CapsHook] AsusSender.exe c:\program files\eeepc\capshook\CapsHook.exe
mRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe autorun
mRun: [Intel AppUp(SM) center] "c:\program files\intel\intelappstore\bin\serviceManager.lnk"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [ASUSPRP] c:\program files\asus\aprp\APRP.EXE
mRun: [Boingo Wi-Finder] "c:\program files\boingo\boingo wi-finder\Boingo.lnk"
mRun: [lxecmon.exe] "c:\program files\lexmark pro800-pro900 series\lxecmon.exe"
mRun: [EzPrint] "c:\program files\lexmark pro800-pro900 series\ezprint.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\jenny\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\jenny\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\asusvi~1.lnk - c:\program files\asus\asusvibe\AsusVibeLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{37B18506-8DDE-4319-B4CC-7C5E3548F479} : DHCPNameServer = 8.8.4.4 8.8.8.8 4.2.2.2
TCP: Interfaces\{E44CC08D-0CE4-4968-9971-0425F46ECCCC} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E44CC08D-0CE4-4968-9971-0425F46ECCCC}\36F6F536275677F577962756C6563737 : DHCPNameServer = 66.28.0.45 66.28.0.61
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jenny\appdata\roaming\mozilla\firefox\profiles\3hfz3upc.default\
FF - prefs.js: browser.startup.homepage - www.usatoday.com
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\best buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-11-10 03:28; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\programdata\norton\{92622aad-05e8-4459-b256-765ce1e929fb}\nst_2013.2.0.18\coFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1402000.013\SymDS.sys [2012-11-16 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1402000.013\SymEFA.sys [2012-11-16 927904]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2011-1-18 11520]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.2.0.19\definitions\bashdefs\20120928.001\BHDrvx86.sys [2012-11-16 995488]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1402000.013\ccSetx86.sys [2012-11-16 134304]
R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\nst\7dd02000.012\ccSetx86.sys [2012-11-9 134304]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.2.0.19\definitions\ipsdefs\20120901.001\IDSvix86.sys [2012-11-16 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1402000.013\Ironx86.sys [2012-11-16 175264]
R1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nav\1402000.013\symnets.sys [2012-11-16 338592]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2010-7-29 109960]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-7-29 68208]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-18 22856]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-9-11 29472]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-18 39272]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-22 52224]
.
=============== Created Last 30 ================
.
2012-11-16 14:07:07 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-11-16 14:07:07 -------- d-----w- c:\program files\Symantec
2012-11-16 14:07:07 -------- d-----w- c:\program files\common files\Symantec Shared
2012-11-16 14:06:20 927904 ----a-r- c:\windows\system32\drivers\nav\1402000.013\SymEFA.sys
2012-11-16 14:06:20 586400 ----a-r- c:\windows\system32\drivers\nav\1402000.013\srtsp.sys
2012-11-16 14:06:20 368288 ----a-r- c:\windows\system32\drivers\nav\1402000.013\SymDS.sys
2012-11-16 14:06:20 338592 ----a-r- c:\windows\system32\drivers\nav\1402000.013\symnets.sys
2012-11-16 14:06:20 32888 ----a-r- c:\windows\system32\drivers\nav\1402000.013\srtspx.sys
2012-11-16 14:06:20 21400 ----a-r- c:\windows\system32\drivers\nav\1402000.013\SymELAM.sys
2012-11-16 14:06:20 175264 ----a-r- c:\windows\system32\drivers\nav\1402000.013\Ironx86.sys
2012-11-16 14:06:19 134304 ----a-r- c:\windows\system32\drivers\nav\1402000.013\ccSetx86.sys
2012-11-16 14:05:48 9103 ----a-r- c:\windows\system32\drivers\nav\1402000.013\SymVTcer.dat
2012-11-16 14:05:46 -------- d-----w- c:\program files\Norton AntiVirus
2012-11-15 17:04:22 -------- d-----w- c:\users\jenny\appdata\roaming\{90140011-0066-0409-0000-0000000FF1CE}
2012-11-15 17:03:11 -------- d-----w- c:\programdata\Virtualized Applications
2012-11-13 15:48:10 -------- d-----w- c:\users\jenny\appdata\local\CrashDumps
2012-11-10 17:24:01 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2012-11-10 17:24:00 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-11-10 17:24:00 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-11-10 17:24:00 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-11-10 17:24:00 116192 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2012-11-10 00:26:45 134304 ----a-r- c:\windows\system32\drivers\nst\7dd02000.012\ccSetx86.sys
2012-11-10 00:26:38 -------- d-----w- c:\windows\system32\drivers\nst\7DD02000.012
2012-11-10 00:26:38 -------- d-----w- c:\windows\system32\drivers\NST
2012-11-10 00:26:36 -------- d-----w- c:\program files\Norton Identity Safe
2012-11-10 00:25:15 -------- d-----w- c:\windows\system32\drivers\nav\1402000.013
2012-11-10 00:24:09 -------- d-----w- c:\program files\NortonInstaller
2012-11-09 23:36:52 -------- d-----w- c:\programdata\PCSettings
2012-11-09 22:54:59 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-09 22:53:57 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-11-09 22:53:54 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-11-09 22:53:49 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-11-09 22:53:49 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
.
==================== Find3M ====================
.
2012-10-09 11:48:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 11:48:32 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-07 22:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-07 14:54:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-07 14:54:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-07 14:54:44 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 18:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 9:10:02.24 ===============

Attached Files

  • Attached File  dds.txt   17.32KB   0 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 PM

Posted 16 November 2012 - 12:26 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jjmoon7172

jjmoon7172
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 16 November 2012 - 03:42 PM

Thank you Gringo for assisting me with this removal. Here are the resulting logs:

Security Check

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
JavaFX 2.1.1
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0)
Mozilla Thunderbird (16.0.2)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Norton AntiVirus Engine 20.2.0.19 ccSvcHst.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

AdwCleaner


# AdwCleaner v2.007 - Logfile created 11/16/2012 at 14:22:06
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : Jenny - JENNY-PC
# Boot Mode : Normal
# Running from : C:\Users\Jenny\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\Software\Freeze.com

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\3hfz3upc.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [854 octets] - [16/11/2012 14:21:22]
AdwCleaner[S1].txt - [788 octets] - [16/11/2012 14:22:06]

########## EOF - C:\AdwCleaner[S1].txt - [847 octets] ##########

Rogue Killer
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Jenny [Admin rights]
Mode : Scan -- Date : 11/16/2012 14:32:47

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x81EF7C99 -> HOOKED (Unknown @ 0x8E7D64F0)
SSDT[14] : NtAlertThread @ 0x81E4ABE0 -> HOOKED (Unknown @ 0x8E7D65B0)
SSDT[19] : NtAllocateVirtualMemory @ 0x81E43BEC -> HOOKED (Unknown @ 0x8E7F3568)
SSDT[22] : NtAlpcConnectPort @ 0x81E8F44E -> HOOKED (Unknown @ 0x87FA7D00)
SSDT[43] : NtAssignProcessToJobObject @ 0x81E18FEE -> HOOKED (Unknown @ 0x87F448E0)
SSDT[74] : NtCreateMutant @ 0x81E2A2B2 -> HOOKED (Unknown @ 0x8CA832F0)
SSDT[86] : NtCreateSymbolicLinkObject @ 0x81E1B911 -> HOOKED (Unknown @ 0x87F44600)
SSDT[87] : NtCreateThread @ 0x81EF5ECA -> HOOKED (Unknown @ 0x8E6D8138)
SSDT[88] : NtCreateThreadEx @ 0x81E8A36B -> HOOKED (Unknown @ 0x87F446F0)
SSDT[96] : NtDebugActiveProcess @ 0x81EC7D9A -> HOOKED (Unknown @ 0x87F449C0)
SSDT[111] : NtDuplicateObject @ 0x81E4B67A -> HOOKED (Unknown @ 0x8C05BCD8)
SSDT[131] : NtFreeVirtualMemory @ 0x81CD1AEC -> HOOKED (Unknown @ 0x8C1FBDC0)
SSDT[145] : NtImpersonateAnonymousToken @ 0x81E0F8E0 -> HOOKED (Unknown @ 0x8CA833E0)
SSDT[147] : NtImpersonateThread @ 0x81E9384C -> HOOKED (Unknown @ 0x8E7D6430)
SSDT[155] : NtLoadDriver @ 0x81DDFC20 -> HOOKED (Unknown @ 0x87FD7CF0)
SSDT[168] : NtMapViewOfSection @ 0x81E60532 -> HOOKED (Unknown @ 0x8C01F800)
SSDT[177] : NtOpenEvent @ 0x81E29CAE -> HOOKED (Unknown @ 0x8CA83210)
SSDT[190] : NtOpenProcess @ 0x81E2BAF8 -> HOOKED (Unknown @ 0x8C042CD8)
SSDT[191] : NtOpenProcessToken @ 0x81E7E23F -> HOOKED (Unknown @ 0x8E655B60)
SSDT[194] : NtOpenSection @ 0x81E838BB -> HOOKED (Unknown @ 0x8CA83050)
SSDT[198] : NtOpenThread @ 0x81E77FC3 -> HOOKED (Unknown @ 0x8C03E418)
SSDT[215] : NtProtectVirtualMemory @ 0x81E5C5A1 -> HOOKED (Unknown @ 0x87F447F0)
SSDT[304] : NtResumeThread @ 0x81E8A592 -> HOOKED (Unknown @ 0x8E6D8340)
SSDT[316] : NtSetContextThread @ 0x81EF7745 -> HOOKED (Unknown @ 0x8C05B050)
SSDT[333] : NtSetInformationProcess @ 0x81E5278D -> HOOKED (Unknown @ 0x8C05B6D0)
SSDT[350] : NtSetSystemInformation @ 0x81E6829A -> HOOKED (Unknown @ 0x87F44AA0)
SSDT[366] : NtSuspendProcess @ 0x81EF7BD3 -> HOOKED (Unknown @ 0x8CA83130)
SSDT[367] : NtSuspendThread @ 0x81EAF085 -> HOOKED (Unknown @ 0x8E655E18)
SSDT[370] : NtTerminateProcess @ 0x81E74BFB -> HOOKED (Unknown @ 0x8C046790)
SSDT[371] : unknown @ 0x81E92584 -> HOOKED (Unknown @ 0x8C01F1B0)
SSDT[385] : NtUnmapViewOfSection @ 0x81E7E87A -> HOOKED (Unknown @ 0x8C042210)
SSDT[399] : NtWriteVirtualMemory @ 0x81E79958 -> HOOKED (Unknown @ 0x8C05B008)
S_SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x87F20E88)
S_SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x87EF8F90)
S_SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x914C9458)
S_SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x914D3850)
S_SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8CB1F288)
S_SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x914CC8D8)
S_SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x914A7968)
S_SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x914CC968)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8F1699B0)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x914AD880)

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600BEVT-80A23T0 +++++
--- User ---
[MBR] f644a8070e18f8bac74a1b082ce28826
[BSP] a898427a920273f523a373c811d30e12 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 137249 Mo
1 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 281088000 | Size: 15360 Mo
2 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312545280 | Size: 16 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11162012_02d1432.txt >>
RKreport[1]_S_11162012_02d1432.txt

Edited by jjmoon7172, 16 November 2012 - 03:44 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 PM

Posted 16 November 2012 - 04:45 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jjmoon7172

jjmoon7172
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 16 November 2012 - 06:59 PM

Note the following errors encountered while running Combofix:
1. "Error opening file for writing--- C:\32788R2FWJFW/pev.3XE" I chose ignore and proceeded with scan.
2. Pop up from Windows notifying me that PEV.exe has stopped working

Despite these the scan completed.

Here is the log from Combofix.

ComboFix 12-11-16.02 - Jenny 11/16/2012 16:22:24.2.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1014.113 [GMT -6:00]
Running from: c:\users\Jenny\Downloads\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Temp\tmp3.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))
.
.
2012-11-16 23:01 . 2012-11-16 23:02 -------- d-----w- c:\users\Jenny\AppData\Local\temp
2012-11-16 23:01 . 2012-11-16 23:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-16 23:01 . 2012-11-16 23:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-16 14:07 . 2012-11-16 14:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-11-16 14:07 . 2012-11-16 14:07 -------- d-----w- c:\program files\Symantec
2012-11-16 14:07 . 2012-11-16 14:07 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-11-16 14:05 . 2012-11-16 14:05 -------- d-----w- c:\program files\Norton AntiVirus
2012-11-15 17:04 . 2012-11-15 17:04 -------- d-----w- c:\users\Jenny\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2012-11-15 17:03 . 2012-11-15 17:03 -------- d-----w- c:\programdata\Virtualized Applications
2012-11-13 15:48 . 2012-11-16 22:27 -------- d-----w- c:\users\Jenny\AppData\Local\CrashDumps
2012-11-10 00:26 . 2012-11-10 00:26 -------- d-----w- c:\windows\system32\drivers\NST
2012-11-10 00:26 . 2012-11-10 00:26 -------- d-----w- c:\program files\Norton Identity Safe
2012-11-10 00:25 . 2012-11-16 14:06 -------- d-----w- c:\windows\system32\drivers\NAV\1402000.013
2012-11-10 00:24 . 2012-11-16 14:05 -------- d-----w- c:\program files\NortonInstaller
2012-11-09 23:36 . 2012-11-09 23:36 -------- d-----w- c:\programdata\PCSettings
2012-11-09 22:54 . 2012-08-20 17:32 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-09 22:53 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-11-09 22:53 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-11-09 22:53 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-11-09 22:53 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 11:48 . 2012-05-23 03:11 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 11:48 . 2011-06-19 20:41 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 22:04 . 2011-06-19 03:55 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-07 14:54 . 2012-09-07 14:55 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-07 14:54 . 2012-07-20 14:42 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-07 14:54 . 2011-07-15 17:27 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 06:59 . 2012-09-24 11:41 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-24 11:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-24 11:41 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-24 11:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-24 11:41 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-24 11:41 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-13 11:41 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-13 11:41 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-13 11:41 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-13 11:41 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-27 03:11 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 18:01 . 2012-09-16 15:36 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01 . 2011-10-03 21:32 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-11-10 17:24 . 2012-11-10 17:24 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}]
2012-10-18 17:57 498584 ----a-r- c:\program files\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A13C2648-91D4-4bf3-BC6D-0079707C4389}"= "c:\program files\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll" [2012-10-18 498584]
.
[HKEY_CLASSES_ROOT\clsid\{a13c2648-91d4-4bf3-bc6d-0079707c4389}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-04-13 548744]
"HotkeyMon"="AsusSender.exe" [2010-09-08 34728]
"HotkeyService"="AsusSender.exe" [2010-09-08 34728]
"SuperHybridEngine"="AsusSender.exe" [2010-09-08 34728]
"LiveUpdate"="AsusSender.exe" [2010-09-08 34728]
"CapsHook"="AsusSender.exe" [2010-09-08 34728]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-06-10 414384]
"Intel AppUp(SM) center"="c:\program files\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-01-18 1260]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-10 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-10 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-12 8546848]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2011-01-18 2018032]
"Boingo Wi-Finder"="c:\program files\Boingo\Boingo Wi-Finder\Boingo.lnk" [2011-07-09 2429]
"lxecmon.exe"="c:\program files\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-24 148280]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-6-17 548528]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-4 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [x]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1402000.013\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1402000.013\SYMEFA.SYS [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121106.001\BHDrvx86.sys [x]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1402000.013\ccSetx86.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NST\7DD02000.012\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20121115.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1402000.013\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NAV\1402000.013\SYMNETS.SYS [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe [x]
S2 NCO;Norton Identity Safe;c:\program files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 11:48]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-16 20:59]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-16 20:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\3hfz3upc.default\
FF - prefs.js: browser.startup.homepage - www.usatoday.com
FF - ExtSQL: 2012-11-10 03:28; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2013.2.0.18\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,5c,7b,e7,c6,9e,6d,46,9c,0f,7f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,5c,7b,e7,c6,9e,6d,46,9c,0f,7f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-16 17:09:50
ComboFix-quarantined-files.txt 2012-11-16 23:09
ComboFix2.txt 2012-07-19 18:30
.
Pre-Run: 107,090,649,088 bytes free
Post-Run: 107,063,238,656 bytes free
.
- - End Of File - - 84A0FA39A181445F837758855D7C9250

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 PM

Posted 16 November 2012 - 07:18 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jjmoon7172

jjmoon7172
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 16 November 2012 - 11:32 PM

My computer appears to be running normally.

Here are the resulting logs:

TDSS Killer:
18:49:01.0876 1020 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:49:03.0920 1020 ============================================================
18:49:03.0920 1020 Current date / time: 2012/11/16 18:49:03.0920
18:49:03.0920 1020 SystemInfo:
18:49:03.0920 1020
18:49:03.0920 1020 OS Version: 6.1.7601 ServicePack: 1.0
18:49:03.0920 1020 Product type: Workstation
18:49:03.0920 1020 ComputerName: JENNY-PC
18:49:03.0920 1020 UserName: Jenny
18:49:03.0920 1020 Windows directory: C:\windows
18:49:03.0920 1020 System windows directory: C:\windows
18:49:03.0920 1020 Processor architecture: Intel x86
18:49:03.0920 1020 Number of processors: 2
18:49:03.0920 1020 Page size: 0x1000
18:49:03.0920 1020 Boot type: Normal boot
18:49:03.0920 1020 ============================================================
18:49:07.0664 1020 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:49:07.0898 1020 ============================================================
18:49:07.0898 1020 \Device\Harddisk0\DR0:
18:49:07.0913 1020 MBR partitions:
18:49:07.0913 1020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x10C10800
18:49:07.0913 1020 ============================================================
18:49:07.0960 1020 C: <-> \Device\Harddisk0\DR0\Partition1
18:49:08.0007 1020 ============================================================
18:49:08.0007 1020 Initialize success
18:49:08.0007 1020 ============================================================
18:49:19.0098 4400 ============================================================
18:49:19.0098 4400 Scan started
18:49:19.0098 4400 Mode: Manual;
18:49:19.0098 4400 ============================================================
18:49:21.0860 4400 ================ Scan system memory ========================
18:49:21.0860 4400 System memory - ok
18:49:21.0860 4400 ================ Scan services =============================
18:49:22.0296 4400 [ D01E0B1CEF9EE82100C2BB07294880EF ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
18:49:22.0296 4400 1394ohci - ok
18:49:22.0374 4400 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
18:49:22.0374 4400 ACPI - ok
18:49:22.0437 4400 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
18:49:22.0437 4400 AcpiPmi - ok
18:49:22.0593 4400 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:49:22.0593 4400 AdobeARMservice - ok
18:49:22.0718 4400 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:49:22.0733 4400 AdobeFlashPlayerUpdateSvc - ok
18:49:22.0811 4400 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
18:49:22.0827 4400 adp94xx - ok
18:49:22.0920 4400 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
18:49:22.0920 4400 adpahci - ok
18:49:22.0967 4400 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
18:49:22.0983 4400 adpu320 - ok
18:49:23.0045 4400 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
18:49:23.0061 4400 AeLookupSvc - ok
18:49:23.0123 4400 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
18:49:23.0139 4400 AFD - ok
18:49:23.0170 4400 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
18:49:23.0186 4400 agp440 - ok
18:49:23.0264 4400 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
18:49:23.0279 4400 aic78xx - ok
18:49:23.0342 4400 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
18:49:23.0357 4400 ALG - ok
18:49:23.0404 4400 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
18:49:23.0404 4400 aliide - ok
18:49:23.0435 4400 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
18:49:23.0451 4400 amdagp - ok
18:49:23.0482 4400 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
18:49:23.0482 4400 amdide - ok
18:49:23.0529 4400 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
18:49:23.0529 4400 AmdK8 - ok
18:49:23.0576 4400 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
18:49:23.0576 4400 AmdPPM - ok
18:49:23.0638 4400 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys
18:49:23.0638 4400 amdsata - ok
18:49:23.0685 4400 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
18:49:23.0700 4400 amdsbs - ok
18:49:23.0732 4400 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys
18:49:23.0732 4400 amdxata - ok
18:49:23.0794 4400 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
18:49:23.0794 4400 AppID - ok
18:49:23.0872 4400 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
18:49:23.0872 4400 AppIDSvc - ok
18:49:23.0919 4400 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll
18:49:23.0934 4400 Appinfo - ok
18:49:24.0059 4400 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:49:24.0075 4400 Apple Mobile Device - ok
18:49:24.0168 4400 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
18:49:24.0168 4400 arc - ok
18:49:24.0200 4400 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
18:49:24.0200 4400 arcsas - ok
18:49:24.0278 4400 [ 561D6B76C045311691B870F6B3F19EAB ] AsUpIO C:\windows\system32\drivers\AsUpIO.sys
18:49:24.0278 4400 AsUpIO - ok
18:49:24.0324 4400 [ C4FB2613D3C75364BB159B9C23A00E7A ] AsusService C:\Windows\System32\AsusService.exe
18:49:24.0340 4400 AsusService - ok
18:49:24.0371 4400 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
18:49:24.0371 4400 AsyncMac - ok
18:49:24.0434 4400 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
18:49:24.0434 4400 atapi - ok
18:49:24.0527 4400 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\windows\system32\DRIVERS\athr.sys
18:49:24.0574 4400 athr - ok
18:49:24.0652 4400 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
18:49:24.0668 4400 AudioEndpointBuilder - ok
18:49:24.0714 4400 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
18:49:24.0714 4400 Audiosrv - ok
18:49:24.0777 4400 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
18:49:24.0792 4400 AxInstSV - ok
18:49:24.0855 4400 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
18:49:24.0870 4400 b06bdrv - ok
18:49:24.0917 4400 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
18:49:24.0933 4400 b57nd60x - ok
18:49:25.0089 4400 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
18:49:25.0089 4400 BBSvc - ok
18:49:25.0182 4400 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
18:49:25.0182 4400 BBUpdate - ok
18:49:25.0323 4400 [ 2BE0F23D494C301641C42EAD2FDCD4F2 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl6.sys
18:49:25.0416 4400 BCM43XX - ok
18:49:25.0463 4400 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
18:49:25.0463 4400 BDESVC - ok
18:49:25.0526 4400 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
18:49:25.0526 4400 Beep - ok
18:49:25.0604 4400 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
18:49:25.0635 4400 BFE - ok
18:49:25.0884 4400 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121106.001\BHDrvx86.sys
18:49:25.0931 4400 BHDrvx86 - ok
18:49:26.0009 4400 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\system32\qmgr.dll
18:49:26.0040 4400 BITS - ok
18:49:26.0056 4400 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
18:49:26.0072 4400 blbdrive - ok
18:49:26.0165 4400 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:49:26.0181 4400 Bonjour Service - ok
18:49:26.0243 4400 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
18:49:26.0243 4400 bowser - ok
18:49:26.0290 4400 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
18:49:26.0306 4400 BrFiltLo - ok
18:49:26.0321 4400 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
18:49:26.0337 4400 BrFiltUp - ok
18:49:26.0368 4400 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
18:49:26.0368 4400 BridgeMP - ok
18:49:26.0430 4400 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll
18:49:26.0430 4400 Browser - ok
18:49:26.0477 4400 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
18:49:26.0493 4400 Brserid - ok
18:49:26.0508 4400 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
18:49:26.0524 4400 BrSerWdm - ok
18:49:26.0540 4400 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
18:49:26.0555 4400 BrUsbMdm - ok
18:49:26.0571 4400 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
18:49:26.0571 4400 BrUsbSer - ok
18:49:26.0633 4400 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
18:49:26.0633 4400 BthEnum - ok
18:49:26.0664 4400 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
18:49:26.0680 4400 BTHMODEM - ok
18:49:26.0711 4400 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
18:49:26.0711 4400 BthPan - ok
18:49:26.0774 4400 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
18:49:26.0789 4400 BTHPORT - ok
18:49:26.0852 4400 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
18:49:26.0852 4400 bthserv - ok
18:49:26.0914 4400 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
18:49:26.0914 4400 BTHUSB - ok
18:49:26.0930 4400 btwampfl - ok
18:49:26.0976 4400 [ 4A1C2CED00CD997FB66A291FF4EB0FBC ] btwaudio C:\windows\system32\drivers\btwaudio.sys
18:49:26.0992 4400 btwaudio - ok
18:49:27.0023 4400 [ 95C1CE02897E7D33BF4C93CBF7719558 ] btwavdt C:\windows\system32\drivers\btwavdt.sys
18:49:27.0023 4400 btwavdt - ok
18:49:27.0117 4400 [ EA02D5C07DBDA81CA66D834080A361CC ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
18:49:27.0148 4400 btwdins - ok
18:49:27.0210 4400 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
18:49:27.0210 4400 btwl2cap - ok
18:49:27.0257 4400 [ D4CE67F43B8975785078741B9E414CFA ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
18:49:27.0257 4400 btwrchid - ok
18:49:27.0538 4400 catchme - ok
18:49:27.0710 4400 [ 58BF7714A312698108A96D0DE2BB6825 ] cbVSCService11 C:\Program Files\Cobian Backup 11\cbVSCService11.exe
18:49:27.0725 4400 cbVSCService11 - ok
18:49:27.0850 4400 [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_NAV C:\windows\system32\drivers\NAV\1402000.013\ccSetx86.sys
18:49:27.0850 4400 ccSet_NAV - ok
18:49:27.0959 4400 [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_NST C:\windows\system32\drivers\NST\7DD02000.012\ccSetx86.sys
18:49:27.0975 4400 ccSet_NST - ok
18:49:28.0022 4400 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
18:49:28.0022 4400 cdfs - ok
18:49:28.0131 4400 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\drivers\cdrom.sys
18:49:28.0131 4400 cdrom - ok
18:49:28.0271 4400 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
18:49:28.0271 4400 CertPropSvc - ok
18:49:28.0349 4400 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
18:49:28.0349 4400 circlass - ok
18:49:28.0458 4400 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
18:49:28.0474 4400 CLFS - ok
18:49:28.0677 4400 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:49:28.0692 4400 clr_optimization_v2.0.50727_32 - ok
18:49:28.0973 4400 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:49:29.0067 4400 clr_optimization_v4.0.30319_32 - ok
18:49:29.0098 4400 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
18:49:29.0114 4400 CmBatt - ok
18:49:29.0160 4400 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
18:49:29.0160 4400 cmdide - ok
18:49:29.0223 4400 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys
18:49:29.0254 4400 CNG - ok
18:49:29.0301 4400 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
18:49:29.0316 4400 Compbatt - ok
18:49:29.0363 4400 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
18:49:29.0379 4400 CompositeBus - ok
18:49:29.0394 4400 COMSysApp - ok
18:49:29.0441 4400 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
18:49:29.0441 4400 crcdisk - ok
18:49:29.0504 4400 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\windows\system32\cryptsvc.dll
18:49:29.0519 4400 CryptSvc - ok
18:49:29.0660 4400 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:49:29.0706 4400 cvhsvc - ok
18:49:29.0784 4400 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
18:49:29.0800 4400 DcomLaunch - ok
18:49:29.0862 4400 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
18:49:29.0862 4400 defragsvc - ok
18:49:29.0909 4400 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
18:49:29.0925 4400 DfsC - ok
18:49:29.0987 4400 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
18:49:30.0003 4400 Dhcp - ok
18:49:30.0050 4400 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
18:49:30.0050 4400 discache - ok
18:49:30.0128 4400 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
18:49:30.0128 4400 Disk - ok
18:49:30.0237 4400 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
18:49:30.0252 4400 Dnscache - ok
18:49:30.0315 4400 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
18:49:30.0330 4400 dot3svc - ok
18:49:30.0393 4400 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
18:49:30.0393 4400 DPS - ok
18:49:30.0471 4400 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
18:49:30.0471 4400 drmkaud - ok
18:49:30.0596 4400 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
18:49:30.0627 4400 DXGKrnl - ok
18:49:30.0720 4400 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
18:49:30.0720 4400 EapHost - ok
18:49:31.0188 4400 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
18:49:31.0298 4400 ebdrv - ok
18:49:31.0376 4400 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:49:31.0407 4400 eeCtrl - ok
18:49:31.0438 4400 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
18:49:31.0454 4400 EFS - ok
18:49:31.0532 4400 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
18:49:31.0547 4400 elxstor - ok
18:49:31.0625 4400 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:49:31.0625 4400 EraserUtilRebootDrv - ok
18:49:31.0656 4400 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
18:49:31.0656 4400 ErrDev - ok
18:49:31.0734 4400 [ 7C87DF14552A5E0270DBD906BAFF85FB ] ETD C:\windows\system32\DRIVERS\ETD.sys
18:49:31.0734 4400 ETD - ok
18:49:31.0828 4400 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
18:49:31.0828 4400 EventSystem - ok
18:49:31.0875 4400 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
18:49:31.0875 4400 exfat - ok
18:49:31.0906 4400 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
18:49:31.0922 4400 fastfat - ok
18:49:31.0984 4400 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
18:49:32.0000 4400 Fax - ok
18:49:32.0031 4400 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
18:49:32.0031 4400 fdc - ok
18:49:32.0078 4400 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
18:49:32.0078 4400 fdPHost - ok
18:49:32.0093 4400 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
18:49:32.0109 4400 FDResPub - ok
18:49:32.0140 4400 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
18:49:32.0140 4400 FileInfo - ok
18:49:32.0156 4400 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
18:49:32.0171 4400 Filetrace - ok
18:49:32.0187 4400 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
18:49:32.0202 4400 flpydisk - ok
18:49:32.0218 4400 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
18:49:32.0234 4400 FltMgr - ok
18:49:32.0296 4400 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\windows\system32\FntCache.dll
18:49:32.0327 4400 FontCache - ok
18:49:32.0405 4400 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:49:32.0452 4400 FontCache3.0.0.0 - ok
18:49:32.0483 4400 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
18:49:32.0499 4400 FsDepends - ok
18:49:32.0546 4400 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
18:49:32.0561 4400 fssfltr - ok
18:49:32.0702 4400 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:49:32.0764 4400 fsssvc - ok
18:49:32.0811 4400 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
18:49:32.0811 4400 Fs_Rec - ok
18:49:32.0873 4400 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
18:49:32.0873 4400 fvevol - ok
18:49:32.0920 4400 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
18:49:32.0920 4400 gagp30kx - ok
18:49:32.0982 4400 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
18:49:32.0982 4400 GEARAspiWDM - ok
18:49:33.0029 4400 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
18:49:33.0060 4400 gpsvc - ok
18:49:33.0123 4400 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:49:33.0138 4400 gupdate - ok
18:49:33.0154 4400 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:49:33.0154 4400 gupdatem - ok
18:49:33.0201 4400 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
18:49:33.0216 4400 hcw85cir - ok
18:49:33.0279 4400 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
18:49:33.0294 4400 HdAudAddService - ok
18:49:33.0341 4400 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
18:49:33.0357 4400 HDAudBus - ok
18:49:33.0404 4400 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
18:49:33.0404 4400 HidBatt - ok
18:49:33.0435 4400 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
18:49:33.0450 4400 HidBth - ok
18:49:33.0482 4400 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
18:49:33.0482 4400 HidIr - ok
18:49:33.0528 4400 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\System32\hidserv.dll
18:49:33.0544 4400 hidserv - ok
18:49:33.0606 4400 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
18:49:33.0606 4400 HidUsb - ok
18:49:33.0653 4400 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
18:49:33.0669 4400 hkmsvc - ok
18:49:33.0700 4400 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
18:49:33.0716 4400 HomeGroupListener - ok
18:49:33.0762 4400 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
18:49:33.0778 4400 HomeGroupProvider - ok
18:49:33.0825 4400 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
18:49:33.0825 4400 HpSAMD - ok
18:49:33.0903 4400 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
18:49:33.0918 4400 HTTP - ok
18:49:33.0965 4400 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
18:49:33.0965 4400 hwpolicy - ok
18:49:34.0043 4400 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
18:49:34.0043 4400 i8042prt - ok
18:49:34.0106 4400 [ D80AA0907748D7CC8EFAB3773F32629B ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
18:49:34.0121 4400 iaStor - ok
18:49:34.0184 4400 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
18:49:34.0199 4400 iaStorV - ok
18:49:34.0293 4400 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:49:34.0355 4400 idsvc - ok
18:49:34.0480 4400 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20121115.001\IDSvix86.sys
18:49:34.0511 4400 IDSVix86 - ok
18:49:34.0698 4400 [ D0074897C6BC132F3980EA4654BF7FB9 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
18:49:34.0839 4400 igfx - ok
18:49:34.0886 4400 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
18:49:34.0886 4400 iirsp - ok
18:49:34.0964 4400 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
18:49:34.0995 4400 IKEEXT - ok
18:49:35.0151 4400 [ 947318C01C648A054A05DBD1C7F73E3B ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
18:49:35.0260 4400 IntcAzAudAddService - ok
18:49:35.0291 4400 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
18:49:35.0291 4400 intelide - ok
18:49:35.0354 4400 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
18:49:35.0354 4400 intelppm - ok
18:49:35.0416 4400 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
18:49:35.0432 4400 IPBusEnum - ok
18:49:35.0463 4400 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
18:49:35.0463 4400 IpFilterDriver - ok
18:49:35.0556 4400 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
18:49:35.0588 4400 iphlpsvc - ok
18:49:35.0634 4400 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
18:49:35.0634 4400 IPMIDRV - ok
18:49:35.0681 4400 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
18:49:35.0697 4400 IPNAT - ok
18:49:35.0790 4400 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:49:35.0822 4400 iPod Service - ok
18:49:35.0868 4400 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
18:49:35.0884 4400 IRENUM - ok
18:49:35.0931 4400 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
18:49:35.0931 4400 isapnp - ok
18:49:35.0993 4400 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
18:49:35.0993 4400 iScsiPrt - ok
18:49:36.0040 4400 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\drivers\kbdclass.sys
18:49:36.0040 4400 kbdclass - ok
18:49:36.0087 4400 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
18:49:36.0087 4400 kbdhid - ok
18:49:36.0149 4400 [ 3EB803312987FF44265C87CB960DF6AB ] kbfiltr C:\windows\system32\DRIVERS\kbfiltr.sys
18:49:36.0149 4400 kbfiltr - ok
18:49:36.0180 4400 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
18:49:36.0180 4400 KeyIso - ok
18:49:36.0227 4400 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
18:49:36.0243 4400 KSecDD - ok
18:49:36.0290 4400 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
18:49:36.0305 4400 KSecPkg - ok
18:49:36.0352 4400 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
18:49:36.0368 4400 KtmRm - ok
18:49:36.0414 4400 [ D1F734D9A7AAF078D88CEB51900699A7 ] L1C C:\windows\system32\DRIVERS\L1C62x86.sys
18:49:36.0430 4400 L1C - ok
18:49:36.0492 4400 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\System32\srvsvc.dll
18:49:36.0492 4400 LanmanServer - ok
18:49:36.0555 4400 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
18:49:36.0555 4400 LanmanWorkstation - ok
18:49:36.0633 4400 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
18:49:36.0633 4400 lltdio - ok
18:49:36.0695 4400 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
18:49:36.0711 4400 lltdsvc - ok
18:49:36.0742 4400 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
18:49:36.0758 4400 lmhosts - ok
18:49:36.0804 4400 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
18:49:36.0804 4400 LSI_FC - ok
18:49:36.0851 4400 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
18:49:36.0867 4400 LSI_SAS - ok
18:49:36.0898 4400 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
18:49:36.0898 4400 LSI_SAS2 - ok
18:49:36.0929 4400 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
18:49:36.0929 4400 LSI_SCSI - ok
18:49:36.0960 4400 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
18:49:36.0976 4400 luafv - ok
18:49:37.0085 4400 [ 6311F8863D898CE60C048779F9D86E74 ] lxecCATSCustConnectService C:\windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe
18:49:37.0132 4400 lxecCATSCustConnectService - ok
18:49:37.0148 4400 lxec_device - ok
18:49:37.0226 4400 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
18:49:37.0226 4400 MBAMProtector - ok
18:49:37.0335 4400 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:49:37.0350 4400 MBAMScheduler - ok
18:49:37.0413 4400 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:49:37.0444 4400 MBAMService - ok
18:49:37.0491 4400 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
18:49:37.0491 4400 megasas - ok
18:49:37.0522 4400 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
18:49:37.0538 4400 MegaSR - ok
18:49:37.0584 4400 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
18:49:37.0584 4400 MMCSS - ok
18:49:37.0616 4400 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
18:49:37.0631 4400 Modem - ok
18:49:37.0662 4400 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
18:49:37.0662 4400 monitor - ok
18:49:37.0725 4400 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\drivers\mouclass.sys
18:49:37.0725 4400 mouclass - ok
18:49:37.0772 4400 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
18:49:37.0772 4400 mouhid - ok
18:49:37.0803 4400 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
18:49:37.0818 4400 mountmgr - ok
18:49:37.0896 4400 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:49:37.0912 4400 MozillaMaintenance - ok
18:49:37.0943 4400 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
18:49:37.0959 4400 mpio - ok
18:49:37.0990 4400 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
18:49:38.0006 4400 mpsdrv - ok
18:49:38.0084 4400 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll
18:49:38.0115 4400 MpsSvc - ok
18:49:38.0177 4400 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
18:49:38.0177 4400 MRxDAV - ok
18:49:38.0224 4400 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
18:49:38.0240 4400 mrxsmb - ok
18:49:38.0286 4400 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
18:49:38.0302 4400 mrxsmb10 - ok
18:49:38.0333 4400 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
18:49:38.0349 4400 mrxsmb20 - ok
18:49:38.0396 4400 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
18:49:38.0411 4400 msahci - ok
18:49:38.0474 4400 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
18:49:38.0474 4400 msdsm - ok
18:49:38.0520 4400 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
18:49:38.0536 4400 MSDTC - ok
18:49:38.0645 4400 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
18:49:38.0645 4400 Msfs - ok
18:49:38.0661 4400 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
18:49:38.0676 4400 mshidkmdf - ok
18:49:38.0708 4400 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
18:49:38.0708 4400 msisadrv - ok
18:49:38.0770 4400 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
18:49:38.0786 4400 MSiSCSI - ok
18:49:38.0802 4400 msiserver - ok
18:49:38.0865 4400 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
18:49:38.0865 4400 MSKSSRV - ok
18:49:38.0911 4400 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
18:49:38.0911 4400 MSPCLOCK - ok
18:49:38.0927 4400 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
18:49:38.0927 4400 MSPQM - ok
18:49:38.0958 4400 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
18:49:38.0974 4400 MsRPC - ok
18:49:39.0021 4400 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
18:49:39.0036 4400 mssmbios - ok
18:49:39.0067 4400 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
18:49:39.0067 4400 MSTEE - ok
18:49:39.0099 4400 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
18:49:39.0099 4400 MTConfig - ok
18:49:39.0130 4400 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
18:49:39.0130 4400 Mup - ok
18:49:39.0192 4400 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
18:49:39.0208 4400 napagent - ok
18:49:39.0270 4400 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
18:49:39.0286 4400 NativeWifiP - ok
18:49:39.0395 4400 [ 4A9258B9597A31DB68EC9740F3A8A70B ] NAV C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
18:49:39.0411 4400 NAV - ok
18:49:39.0489 4400 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20121116.003\NAVENG.SYS
18:49:39.0489 4400 NAVENG - ok
18:49:39.0598 4400 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20121116.003\NAVEX15.SYS
18:49:39.0645 4400 NAVEX15 - ok
18:49:39.0754 4400 [ 4A9258B9597A31DB68EC9740F3A8A70B ] NCO C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
18:49:39.0754 4400 NCO - ok
18:49:39.0833 4400 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys
18:49:39.0864 4400 NDIS - ok
18:49:39.0911 4400 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
18:49:39.0926 4400 NdisCap - ok
18:49:39.0958 4400 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
18:49:39.0958 4400 NdisTapi - ok
18:49:40.0020 4400 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
18:49:40.0020 4400 Ndisuio - ok
18:49:40.0098 4400 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
18:49:40.0098 4400 NdisWan - ok
18:49:40.0145 4400 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
18:49:40.0160 4400 NDProxy - ok
18:49:40.0270 4400 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
18:49:40.0332 4400 Nero BackItUp Scheduler 4.0 - ok
18:49:40.0410 4400 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
18:49:40.0426 4400 Net Driver HPZ12 - ok
18:49:40.0472 4400 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
18:49:40.0472 4400 NetBIOS - ok
18:49:40.0535 4400 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
18:49:40.0535 4400 NetBT - ok
18:49:40.0550 4400 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
18:49:40.0566 4400 Netlogon - ok
18:49:40.0644 4400 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
18:49:40.0644 4400 Netman - ok
18:49:40.0691 4400 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
18:49:40.0706 4400 netprofm - ok
18:49:40.0738 4400 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:49:40.0753 4400 NetTcpPortSharing - ok
18:49:40.0800 4400 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
18:49:40.0816 4400 nfrd960 - ok
18:49:40.0878 4400 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\windows\System32\nlasvc.dll
18:49:40.0894 4400 NlaSvc - ok
18:49:40.0909 4400 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
18:49:40.0925 4400 Npfs - ok
18:49:40.0956 4400 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
18:49:40.0972 4400 nsi - ok
18:49:40.0987 4400 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
18:49:40.0987 4400 nsiproxy - ok
18:49:41.0096 4400 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
18:49:41.0128 4400 Ntfs - ok
18:49:41.0174 4400 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
18:49:41.0190 4400 Null - ok
18:49:41.0221 4400 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
18:49:41.0221 4400 nvraid - ok
18:49:41.0268 4400 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
18:49:41.0284 4400 nvstor - ok
18:49:41.0315 4400 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
18:49:41.0315 4400 nv_agp - ok
18:49:41.0346 4400 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
18:49:41.0362 4400 ohci1394 - ok
18:49:41.0408 4400 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:49:41.0408 4400 ose - ok
18:49:41.0627 4400 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:49:41.0767 4400 osppsvc - ok
18:49:41.0830 4400 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
18:49:41.0845 4400 p2pimsvc - ok
18:49:41.0923 4400 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
18:49:41.0939 4400 p2psvc - ok
18:49:41.0986 4400 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
18:49:41.0986 4400 Parport - ok
18:49:42.0032 4400 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
18:49:42.0032 4400 partmgr - ok
18:49:42.0064 4400 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
18:49:42.0064 4400 Parvdm - ok
18:49:42.0110 4400 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
18:49:42.0110 4400 PcaSvc - ok
18:49:42.0157 4400 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
18:49:42.0173 4400 pci - ok
18:49:42.0204 4400 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
18:49:42.0220 4400 pciide - ok
18:49:42.0282 4400 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
18:49:42.0282 4400 pcmcia - ok
18:49:42.0313 4400 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
18:49:42.0313 4400 pcw - ok
18:49:42.0360 4400 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
18:49:42.0391 4400 PEAUTH - ok
18:49:42.0516 4400 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
18:49:42.0563 4400 pla - ok
18:49:42.0625 4400 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
18:49:42.0641 4400 PlugPlay - ok
18:49:42.0719 4400 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
18:49:42.0719 4400 Pml Driver HPZ12 - ok
18:49:42.0781 4400 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
18:49:42.0781 4400 PNRPAutoReg - ok
18:49:42.0828 4400 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
18:49:42.0828 4400 PNRPsvc - ok
18:49:42.0875 4400 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
18:49:42.0890 4400 PolicyAgent - ok
18:49:42.0953 4400 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
18:49:42.0968 4400 Power - ok
18:49:43.0046 4400 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
18:49:43.0062 4400 PptpMiniport - ok
18:49:43.0078 4400 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
18:49:43.0093 4400 Processor - ok
18:49:43.0140 4400 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
18:49:43.0140 4400 ProfSvc - ok
18:49:43.0171 4400 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
18:49:43.0171 4400 ProtectedStorage - ok
18:49:43.0202 4400 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
18:49:43.0202 4400 Psched - ok
18:49:43.0265 4400 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
18:49:43.0327 4400 ql2300 - ok
18:49:43.0374 4400 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
18:49:43.0374 4400 ql40xx - ok
18:49:43.0436 4400 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
18:49:43.0468 4400 QWAVE - ok
18:49:43.0483 4400 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
18:49:43.0483 4400 QWAVEdrv - ok
18:49:43.0514 4400 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
18:49:43.0514 4400 RasAcd - ok
18:49:43.0577 4400 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
18:49:43.0577 4400 RasAgileVpn - ok
18:49:43.0624 4400 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
18:49:43.0639 4400 RasAuto - ok
18:49:43.0686 4400 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
18:49:43.0686 4400 Rasl2tp - ok
18:49:43.0748 4400 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
18:49:43.0780 4400 RasMan - ok
18:49:43.0811 4400 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
18:49:43.0811 4400 RasPppoe - ok
18:49:43.0842 4400 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
18:49:43.0842 4400 RasSstp - ok
18:49:43.0889 4400 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
18:49:43.0904 4400 rdbss - ok
18:49:43.0951 4400 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
18:49:43.0951 4400 rdpbus - ok
18:49:43.0982 4400 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
18:49:43.0998 4400 RDPCDD - ok
18:49:44.0045 4400 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
18:49:44.0060 4400 RDPENCDD - ok
18:49:44.0092 4400 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
18:49:44.0092 4400 RDPREFMP - ok
18:49:44.0138 4400 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
18:49:44.0154 4400 RDPWD - ok
18:49:44.0216 4400 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
18:49:44.0216 4400 rdyboost - ok
18:49:44.0310 4400 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
18:49:44.0310 4400 RemoteAccess - ok
18:49:44.0357 4400 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
18:49:44.0372 4400 RemoteRegistry - ok
18:49:44.0419 4400 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
18:49:44.0450 4400 RFCOMM - ok
18:49:44.0482 4400 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
18:49:44.0497 4400 RpcEptMapper - ok
18:49:44.0528 4400 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
18:49:44.0544 4400 RpcLocator - ok
18:49:44.0575 4400 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll
18:49:44.0606 4400 RpcSs - ok
18:49:44.0653 4400 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
18:49:44.0669 4400 rspndr - ok
18:49:44.0684 4400 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
18:49:44.0700 4400 SamSs - ok
18:49:44.0731 4400 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
18:49:44.0747 4400 sbp2port - ok
18:49:44.0778 4400 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
18:49:44.0794 4400 SCardSvr - ok
18:49:44.0825 4400 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
18:49:44.0825 4400 scfilter - ok
18:49:44.0887 4400 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
18:49:44.0934 4400 Schedule - ok
18:49:44.0950 4400 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
18:49:44.0965 4400 SCPolicySvc - ok
18:49:45.0028 4400 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
18:49:45.0028 4400 SDRSVC - ok
18:49:45.0090 4400 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
18:49:45.0090 4400 secdrv - ok
18:49:45.0137 4400 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
18:49:45.0152 4400 seclogon - ok
18:49:45.0184 4400 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\system32\sens.dll
18:49:45.0199 4400 SENS - ok
18:49:45.0230 4400 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
18:49:45.0230 4400 Serenum - ok
18:49:45.0277 4400 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
18:49:45.0277 4400 Serial - ok
18:49:45.0308 4400 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
18:49:45.0308 4400 sermouse - ok
18:49:45.0371 4400 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
18:49:45.0386 4400 SessionEnv - ok
18:49:45.0433 4400 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
18:49:45.0433 4400 sffdisk - ok
18:49:45.0480 4400 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
18:49:45.0480 4400 sffp_mmc - ok
18:49:45.0527 4400 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
18:49:45.0527 4400 sffp_sd - ok
18:49:45.0558 4400 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
18:49:45.0558 4400 sfloppy - ok
18:49:45.0636 4400 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
18:49:45.0652 4400 Sftfs - ok
18:49:45.0730 4400 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
18:49:45.0745 4400 sftlist - ok
18:49:45.0776 4400 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
18:49:45.0776 4400 Sftplay - ok
18:49:45.0808 4400 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
18:49:45.0808 4400 Sftredir - ok
18:49:45.0839 4400 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
18:49:45.0839 4400 Sftvol - ok
18:49:45.0870 4400 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
18:49:45.0870 4400 sftvsa - ok
18:49:45.0948 4400 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
18:49:45.0964 4400 SharedAccess - ok
18:49:46.0026 4400 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
18:49:46.0042 4400 ShellHWDetection - ok
18:49:46.0057 4400 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
18:49:46.0073 4400 sisagp - ok
18:49:46.0120 4400 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
18:49:46.0135 4400 SiSRaid2 - ok
18:49:46.0151 4400 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
18:49:46.0166 4400 SiSRaid4 - ok
18:49:46.0213 4400 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
18:49:46.0213 4400 Smb - ok
18:49:46.0291 4400 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
18:49:46.0291 4400 SNMPTRAP - ok
18:49:46.0322 4400 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
18:49:46.0322 4400 spldr - ok
18:49:46.0400 4400 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe
18:49:46.0416 4400 Spooler - ok
18:49:46.0541 4400 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
18:49:46.0650 4400 sppsvc - ok
18:49:46.0728 4400 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
18:49:46.0728 4400 sppuinotify - ok
18:49:46.0837 4400 [ 26C1B59C80FEF94B025DF5C3C1B791A7 ] SRTSP C:\windows\system32\drivers\NAV\1402000.013\SRTSP.SYS
18:49:46.0868 4400 SRTSP - ok
18:49:46.0915 4400 [ 21AC3AE81E8263061624C4ED3B11509A ] SRTSPX C:\windows\system32\drivers\NAV\1402000.013\SRTSPX.SYS
18:49:46.0915 4400 SRTSPX - ok
18:49:46.0978 4400 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
18:49:46.0993 4400 srv - ok
18:49:47.0024 4400 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
18:49:47.0040 4400 srv2 - ok
18:49:47.0087 4400 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
18:49:47.0102 4400 srvnet - ok
18:49:47.0134 4400 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
18:49:47.0149 4400 SSDPSRV - ok
18:49:47.0196 4400 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
18:49:47.0196 4400 SstpSvc - ok
18:49:47.0243 4400 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
18:49:47.0243 4400 stexstor - ok
18:49:47.0321 4400 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
18:49:47.0352 4400 StiSvc - ok
18:49:47.0399 4400 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys
18:49:47.0399 4400 swenum - ok
18:49:47.0461 4400 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
18:49:47.0477 4400 swprv - ok
18:49:47.0539 4400 [ FB69A67FEEE3026C7F99774A1C405326 ] SymDS C:\windows\system32\drivers\NAV\1402000.013\SYMDS.SYS
18:49:47.0539 4400 SymDS - ok
18:49:47.0617 4400 [ 28C5FAFA7FD1C522B8DCD59694D39412 ] SymEFA C:\windows\system32\drivers\NAV\1402000.013\SYMEFA.SYS
18:49:47.0648 4400 SymEFA - ok
18:49:47.0695 4400 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\windows\system32\Drivers\SYMEVENT.SYS
18:49:47.0695 4400 SymEvent - ok
18:49:47.0742 4400 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\windows\system32\drivers\NAV\1402000.013\Ironx86.SYS
18:49:47.0758 4400 SymIRON - ok
18:49:47.0789 4400 [ 21698476A90ACAA056B8CFE09A82785F ] SymNetS C:\windows\system32\drivers\NAV\1402000.013\SYMNETS.SYS
18:49:47.0804 4400 SymNetS - ok
18:49:47.0882 4400 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
18:49:47.0929 4400 SysMain - ok
18:49:47.0976 4400 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
18:49:47.0992 4400 TabletInputService - ok
18:49:48.0038 4400 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
18:49:48.0054 4400 TapiSrv - ok
18:49:48.0101 4400 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
18:49:48.0116 4400 TBS - ok
18:49:48.0210 4400 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\windows\system32\drivers\tcpip.sys
18:49:48.0257 4400 Tcpip - ok
18:49:48.0319 4400 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
18:49:48.0350 4400 TCPIP6 - ok
18:49:48.0413 4400 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
18:49:48.0413 4400 tcpipreg - ok
18:49:48.0475 4400 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
18:49:48.0475 4400 TDPIPE - ok
18:49:48.0522 4400 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
18:49:48.0538 4400 TDTCP - ok
18:49:48.0584 4400 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
18:49:48.0600 4400 tdx - ok
18:49:48.0631 4400 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys
18:49:48.0647 4400 TermDD - ok
18:49:48.0709 4400 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
18:49:48.0740 4400 TermService - ok
18:49:48.0787 4400 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
18:49:48.0787 4400 Themes - ok
18:49:48.0818 4400 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
18:49:48.0818 4400 THREADORDER - ok
18:49:48.0850 4400 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
18:49:48.0850 4400 TrkWks - ok
18:49:48.0943 4400 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
18:49:48.0943 4400 TrustedInstaller - ok
18:49:48.0990 4400 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
18:49:48.0990 4400 tssecsrv - ok
18:49:49.0068 4400 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
18:49:49.0084 4400 TsUsbFlt - ok
18:49:49.0146 4400 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
18:49:49.0146 4400 tunnel - ok
18:49:49.0193 4400 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
18:49:49.0193 4400 uagp35 - ok
18:49:49.0255 4400 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
18:49:49.0271 4400 udfs - ok
18:49:49.0333 4400 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
18:49:49.0349 4400 UI0Detect - ok
18:49:49.0396 4400 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
18:49:49.0411 4400 uliagpkx - ok
18:49:49.0442 4400 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\drivers\umbus.sys
18:49:49.0442 4400 umbus - ok
18:49:49.0474 4400 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
18:49:49.0489 4400 UmPass - ok
18:49:49.0536 4400 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
18:49:49.0552 4400 upnphost - ok
18:49:49.0614 4400 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys
18:49:49.0614 4400 USBAAPL - ok
18:49:49.0661 4400 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
18:49:49.0661 4400 usbccgp - ok
18:49:49.0708 4400 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
18:49:49.0708 4400 usbcir - ok
18:49:49.0739 4400 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\drivers\usbehci.sys
18:49:49.0739 4400 usbehci - ok
18:49:49.0801 4400 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
18:49:49.0801 4400 usbhub - ok
18:49:49.0848 4400 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\windows\system32\drivers\usbohci.sys
18:49:49.0864 4400 usbohci - ok
18:49:49.0895 4400 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
18:49:49.0910 4400 usbprint - ok
18:49:49.0957 4400 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
18:49:49.0957 4400 usbscan - ok
18:49:49.0973 4400 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
18:49:49.0988 4400 USBSTOR - ok
18:49:50.0020 4400 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\drivers\usbuhci.sys
18:49:50.0035 4400 usbuhci - ok
18:49:50.0098 4400 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
18:49:50.0098 4400 usbvideo - ok
18:49:50.0144 4400 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
18:49:50.0160 4400 UxSms - ok
18:49:50.0191 4400 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
18:49:50.0191 4400 VaultSvc - ok
18:49:50.0222 4400 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
18:49:50.0238 4400 vdrvroot - ok
18:49:50.0300 4400 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
18:49:50.0332 4400 vds - ok
18:49:50.0378 4400 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
18:49:50.0378 4400 vga - ok
18:49:50.0410 4400 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
18:49:50.0425 4400 VgaSave - ok
18:49:50.0472 4400 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
18:49:50.0488 4400 vhdmp - ok
18:49:50.0519 4400 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
18:49:50.0519 4400 viaagp - ok
18:49:50.0550 4400 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
18:49:50.0550 4400 ViaC7 - ok
18:49:50.0581 4400 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
18:49:50.0597 4400 viaide - ok
18:49:50.0612 4400 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
18:49:50.0628 4400 volmgr - ok
18:49:50.0659 4400 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
18:49:50.0675 4400 volmgrx - ok
18:49:50.0706 4400 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys
18:49:50.0722 4400 volsnap - ok
18:49:50.0768 4400 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
18:49:50.0768 4400 vsmraid - ok
18:49:50.0846 4400 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
18:49:50.0893 4400 VSS - ok
18:49:50.0924 4400 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
18:49:50.0924 4400 vwifibus - ok
18:49:50.0987 4400 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
18:49:50.0987 4400 vwififlt - ok
18:49:51.0018 4400 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
18:49:51.0034 4400 vwifimp - ok
18:49:51.0096 4400 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
18:49:51.0112 4400 W32Time - ok
18:49:51.0158 4400 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
18:49:51.0174 4400 WacomPen - ok
18:49:51.0236 4400 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
18:49:51.0236 4400 WANARP - ok
18:49:51.0252 4400 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
18:49:51.0252 4400 Wanarpv6 - ok
18:49:51.0314 4400 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
18:49:51.0361 4400 wbengine - ok
18:49:51.0408 4400 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
18:49:51.0424 4400 WbioSrvc - ok
18:49:51.0486 4400 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
18:49:51.0502 4400 wcncsvc - ok
18:49:51.0533 4400 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
18:49:51.0548 4400 WcsPlugInService - ok
18:49:51.0580 4400 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
18:49:51.0580 4400 Wd - ok
18:49:51.0626 4400 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
18:49:51.0642 4400 Wdf01000 - ok
18:49:51.0673 4400 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
18:49:51.0689 4400 WdiServiceHost - ok
18:49:51.0704 4400 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
18:49:51.0720 4400 WdiSystemHost - ok
18:49:51.0767 4400 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
18:49:51.0782 4400 WebClient - ok
18:49:51.0814 4400 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
18:49:51.0814 4400 Wecsvc - ok
18:49:51.0860 4400 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
18:49:51.0876 4400 wercplsupport - ok
18:49:51.0923 4400 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
18:49:51.0923 4400 WerSvc - ok
18:49:51.0970 4400 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
18:49:51.0970 4400 WfpLwf - ok
18:49:52.0016 4400 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
18:49:52.0016 4400 WIMMount - ok
18:49:52.0126 4400 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:49:52.0172 4400 WinDefend - ok
18:49:52.0188 4400 WinHttpAutoProxySvc - ok
18:49:52.0297 4400 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
18:49:52.0313 4400 Winmgmt - ok
18:49:52.0391 4400 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
18:49:52.0438 4400 WinRM - ok
18:49:52.0547 4400 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
18:49:52.0562 4400 WinUsb - ok
18:49:52.0625 4400 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
18:49:52.0656 4400 Wlansvc - ok
18:49:52.0750 4400 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:49:52.0765 4400 wlcrasvc - ok
18:49:52.0890 4400 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:49:52.0937 4400 wlidsvc - ok
18:49:52.0999 4400 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
18:49:52.0999 4400 WmiAcpi - ok
18:49:53.0062 4400 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
18:49:53.0062 4400 wmiApSrv - ok
18:49:53.0155 4400 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:49:53.0202 4400 WMPNetworkSvc - ok
18:49:53.0249 4400 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
18:49:53.0264 4400 WPCSvc - ok
18:49:53.0311 4400 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
18:49:53.0327 4400 WPDBusEnum - ok
18:49:53.0374 4400 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
18:49:53.0374 4400 ws2ifsl - ok
18:49:53.0452 4400 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\system32\wscsvc.dll
18:49:53.0452 4400 wscsvc - ok
18:49:53.0514 4400 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
18:49:53.0514 4400 WSDPrintDevice - ok
18:49:53.0530 4400 WSearch - ok
18:49:53.0654 4400 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
18:49:53.0717 4400 wuauserv - ok
18:49:53.0764 4400 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
18:49:53.0764 4400 WudfPf - ok
18:49:53.0810 4400 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\windows\System32\WUDFSvc.dll
18:49:53.0826 4400 wudfsvc - ok
18:49:53.0857 4400 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
18:49:53.0888 4400 WwanSvc - ok
18:49:53.0951 4400 ================ Scan global ===============================
18:49:54.0013 4400 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
18:49:54.0060 4400 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll
18:49:54.0076 4400 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll
18:49:54.0138 4400 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
18:49:54.0185 4400 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
18:49:54.0200 4400 [Global] - ok
18:49:54.0200 4400 ================ Scan MBR ==================================
18:49:54.0216 4400 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:49:55.0558 4400 \Device\Harddisk0\DR0 - ok
18:49:55.0558 4400 ================ Scan VBR ==================================
18:49:55.0573 4400 [ 52C8A71BE8E6E71187CAF07D63830D92 ] \Device\Harddisk0\DR0\Partition1
18:49:55.0573 4400 \Device\Harddisk0\DR0\Partition1 - ok
18:49:55.0573 4400 ============================================================
18:49:55.0573 4400 Scan finished
18:49:55.0573 4400 ============================================================
18:49:55.0620 2200 Detected object count: 0
18:49:55.0620 2200 Actual detected object count: 0


aswMBR:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-16 19:29:36
-----------------------------
19:29:36.716 OS Version: Windows 6.1.7601 Service Pack 1
19:29:36.716 Number of processors: 2 586 0x1C0A
19:29:36.716 ComputerName: JENNY-PC UserName: Jenny
19:29:54.578 Initialize success
19:36:20.540 AVAST engine defs: 12111601
19:39:45.297 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:39:45.307 Disk 0 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 3
19:39:45.347 Disk 0 MBR read successfully
19:39:45.357 Disk 0 MBR scan
19:39:46.387 Disk 0 Windows 7 default MBR code
19:39:46.427 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 137249 MB offset 2048
19:39:46.967 Disk 0 Partition 2 00 1B Hidd FAT32 MSDOS5.0 15360 MB offset 281088000
19:39:47.217 Disk 0 Partition 3 00 EF EFI FAT 16 MB offset 312545280
19:39:47.267 Disk 0 scanning sectors +312578048
19:39:47.827 Disk 0 scanning C:\windows\system32\drivers
19:40:25.699 Service scanning
19:41:49.555 Modules scanning
19:42:33.769 Disk 0 trace - called modules:
19:42:33.800 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
19:42:33.800 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85edb828]
19:42:33.800 3 CLASSPNP.SYS[86daa59e] -> nt!IofCallDriver -> [0x84432838]
19:42:33.800 5 ACPI.sys[864b73d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84052028]
19:42:36.405 AVAST engine scan C:\windows
19:42:46.395 AVAST engine scan C:\windows\system32
19:51:02.184 AVAST engine scan C:\windows\system32\drivers
19:51:43.473 AVAST engine scan C:\Users\Jenny
19:59:59.544 AVAST engine scan C:\ProgramData
20:02:05.420 Scan finished successfully
22:27:05.834 Disk 0 MBR has been saved successfully to "C:\Users\Jenny\Desktop\MBR.dat"
22:27:05.959 The log file has been saved successfully to "C:\Users\Jenny\Desktop\aswMBR

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 PM

Posted 16 November 2012 - 11:52 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jjmoon7172

jjmoon7172
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 17 November 2012 - 08:46 PM

My computer still appears to be running fine. A full NAV scan now completes (when not disabled for these scans.)

Here is the recent Combofix log:

ComboFix 12-11-16.02 - Jenny 11/17/2012 19:08:58.3.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1014.320 [GMT -6:00]
Running from: c:\users\Jenny\Downloads\ComboFix.exe
Command switches used :: c:\users\Jenny\Desktop\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))
.
.
2012-11-18 01:32 . 2012-11-18 01:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-18 01:32 . 2012-11-18 01:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-17 12:32 . 2012-11-17 12:32 0 ----a-w- c:\windows\system32\sho2F1C.tmp
2012-11-17 12:29 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 12:29 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 12:29 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-17 12:28 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-17 12:28 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-17 12:28 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-17 12:28 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-17 12:28 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-17 12:28 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-17 12:28 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-17 04:36 . 2012-11-17 04:36 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-16 23:09 . 2012-11-18 01:32 -------- d-----w- c:\users\Jenny\AppData\Local\temp
2012-11-16 14:07 . 2012-11-16 14:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-11-16 14:07 . 2012-11-16 14:07 -------- d-----w- c:\program files\Symantec
2012-11-16 14:07 . 2012-11-16 14:07 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-11-16 14:05 . 2012-11-16 14:05 -------- d-----w- c:\program files\Norton AntiVirus
2012-11-15 17:04 . 2012-11-15 17:04 -------- d-----w- c:\users\Jenny\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2012-11-15 17:03 . 2012-11-15 17:03 -------- d-----w- c:\programdata\Virtualized Applications
2012-11-15 12:59 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-15 12:59 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-15 12:59 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-15 12:59 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-15 12:59 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-15 12:59 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-15 12:59 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-15 12:59 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-15 12:59 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 12:59 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-15 12:59 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-15 12:59 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-13 15:48 . 2012-11-16 22:27 -------- d-----w- c:\users\Jenny\AppData\Local\CrashDumps
2012-11-10 00:26 . 2012-11-10 00:26 -------- d-----w- c:\windows\system32\drivers\NST
2012-11-10 00:26 . 2012-11-10 00:26 -------- d-----w- c:\program files\Norton Identity Safe
2012-11-10 00:25 . 2012-11-16 14:06 -------- d-----w- c:\windows\system32\drivers\NAV\1402000.013
2012-11-10 00:24 . 2012-11-16 14:05 -------- d-----w- c:\program files\NortonInstaller
2012-11-09 23:36 . 2012-11-09 23:36 -------- d-----w- c:\programdata\PCSettings
2012-11-09 22:54 . 2012-08-20 17:32 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-09 22:53 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-11-09 22:53 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-11-09 22:53 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-11-09 22:53 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 11:48 . 2012-05-23 03:11 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 11:48 . 2011-06-19 20:41 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 22:04 . 2011-06-19 03:55 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-07 14:54 . 2012-09-07 14:55 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-07 14:54 . 2012-07-20 14:42 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-07 14:54 . 2011-07-15 17:27 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-22 17:16 . 2012-09-13 11:41 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-13 11:41 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-13 11:41 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-27 03:11 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 18:01 . 2012-09-16 15:36 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01 . 2011-10-03 21:32 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-11-10 17:24 . 2012-11-10 17:24 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}]
2012-10-18 17:57 498584 ----a-r- c:\program files\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A13C2648-91D4-4bf3-BC6D-0079707C4389}"= "c:\program files\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll" [2012-10-18 498584]
.
[HKEY_CLASSES_ROOT\clsid\{a13c2648-91d4-4bf3-bc6d-0079707c4389}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-04-13 548744]
"HotkeyMon"="AsusSender.exe" [2010-09-08 34728]
"HotkeyService"="AsusSender.exe" [2010-09-08 34728]
"SuperHybridEngine"="AsusSender.exe" [2010-09-08 34728]
"LiveUpdate"="AsusSender.exe" [2010-09-08 34728]
"CapsHook"="AsusSender.exe" [2010-09-08 34728]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-06-10 414384]
"Intel AppUp(SM) center"="c:\program files\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-01-18 1260]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-10 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-10 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-12 8546848]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2011-01-18 2018032]
"Boingo Wi-Finder"="c:\program files\Boingo\Boingo Wi-Finder\Boingo.lnk" [2011-07-09 2429]
"lxecmon.exe"="c:\program files\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-24 148280]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-6-17 548528]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-4 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [x]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1402000.013\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1402000.013\SYMEFA.SYS [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121106.001\BHDrvx86.sys [x]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1402000.013\ccSetx86.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NST\7DD02000.012\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20121116.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1402000.013\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NAV\1402000.013\SYMNETS.SYS [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe [x]
S2 NCO;Norton Identity Safe;c:\program files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 11:48]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-16 20:59]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-16 20:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\3hfz3upc.default\
FF - prefs.js: browser.startup.homepage - www.usatoday.com
FF - ExtSQL: 2012-11-10 03:28; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2013.2.0.18\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,5c,7b,e7,c6,9e,6d,46,9c,0f,7f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,5c,7b,e7,c6,9e,6d,46,9c,0f,7f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3288)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2012-11-17 19:40:03
ComboFix-quarantined-files.txt 2012-11-18 01:39
ComboFix2.txt 2012-11-16 23:09
ComboFix3.txt 2012-07-19 18:30
.
Pre-Run: 108,330,614,784 bytes free
Post-Run: 108,185,755,648 bytes free
.
- - End Of File - - CE7E44A9AFD183B9037B479B41AC53E1

#10 jjmoon7172

jjmoon7172
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 17 November 2012 - 09:14 PM

I probably shouldn't have done this yet, but I uninstalled Java. I attempted to reinstall the latest version and a Windows pop-up informs the file is corrupt.

One minor other issue is that my cursor keeps "popping around" while typing. It will randomly jump several spaces back during typing. Don't know if that's relevant or not.

#11 jjmoon7172

jjmoon7172
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 17 November 2012 - 09:24 PM

I think I spoke too soon as well. When I say NAV completed a full scan, I realize it just resumed a stalled scan. I began a new one for good measure and it is picking up on a new "risk requiring attention." I would like to insert expletives here. But I will wait and see the results of the scan and run nothing else until then.

Cursor still skips.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 PM

Posted 17 November 2012 - 10:11 PM

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Bing Bar
Bing Rewards Client Installer
Java 7 Update 7
JavaFX 2.1.1
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jjmoon7172

jjmoon7172
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 18 November 2012 - 11:41 AM

NAV completed another full scan and the threat detected was the quarantined ZeroAccess file in FRST.

When installing CCleaner the toolbar option was Google, not Yahoo, and I unchecked the install.

MBAM log:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.18.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jenny :: JENNY-PC [administrator]

11/18/2012 10:03:55 AM
mbam-log-2012-11-18 (10-03-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205638
Time elapsed: 10 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

HJT log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:33:37 AM, on 11/18/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Boingo\Boingo Wi-Finder\Boingo Wi-Finder.exe
C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\Explorer.exe
C:\Program Files\Asus\Eee Docking\Eee Docking.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Users\Jenny\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll
O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [CapsHook] AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe
O4 - HKLM\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files\Intel\IntelAppStore\bin\serviceManager.lnk"
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE
O4 - HKLM\..\Run: [Boingo Wi-Finder] "C:\Program Files\Boingo\Boingo Wi-Finder\Boingo.lnk"
O4 - HKLM\..\Run: [lxecmon.exe] "C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Cobian Backup 11 Volume Shadow Copy Requester (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 11\cbVSCService11.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxecCATSCustConnectService - Lexmark International, Inc. - C:\windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe
O23 - Service: lxec_device - - C:\windows\system32\lxeccoms.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

--
End of file - 9679 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 PM

Posted 18 November 2012 - 12:56 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
      O4 - HKLM\..\Run: [CapsHook] AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe
      O4 - HKLM\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
      O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
      O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
      O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jjmoon7172

jjmoon7172
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 18 November 2012 - 08:16 PM

Scan result from ESET:

C:\FRST\Quarantine\services.exe Win32/Sirefef.FC trojan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users