Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown infection


  • This topic is locked This topic is locked
22 replies to this topic

#1 Darkumas

Darkumas

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 24 November 2012 - 06:32 PM

An email was opened that contained some imnfection and the laptop hasn't ran correctly since. I cannot post a dds log as it gets about 90% complete and doesn't go any further. Please help. Thanks

BC AdBot (Login to Remove)

 


#2 Darkumas

Darkumas
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 24 November 2012 - 06:45 PM

Well after about 10 minutes the scan completed. The DDS log is below and the other is attached.




DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16450
Run by Kirk at 18:21:23 on 2012-11-24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1023 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\BBSvc.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\SFT\GuardedID\GIDD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Users\Kirk\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~1\Dell\QuickSet\quickset.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\PROGRA~1\Dell\DellDock\DellDock.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-V4.14-delta.exe
c:\3828f6c97f14628897\mrtstub.exe
C:\Windows\system32\MRT.exe
C:\Windows\system32\taskeng.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\5.2.2.3\ips\ipsbho.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - c:\programdata\white sky, inc\id vault\iebho1.12.1012.1\NativeBHO.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\kirk\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\kirk\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\kirk\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0BEF8BD2-46EE-48F0-BC3F-0B0A8D683E1D} : DHCPNameServer = 168.94.0.14 168.94.0.15
TCP: Interfaces\{1E093E87-03F2-4B74-A1DA-A8923D48A577} : DHCPNameServer = 192.168.1.1
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-22 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-22 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20121106.001\BHDrvx86.sys [2012-10-23 995488]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-5-29 25232]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20121115.001\IDSvix86.sys [2012-11-15 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-22 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys [2012-7-22 331384]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-2-21 73728]
R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-10-16 61552]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-22 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-2-22 111616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-24 23:19:04 -------- d-----w- C:\3828f6c97f14628897
.
==================== Find3M ====================
.
2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user != kernel MBR !!!
.
============= FINISH: 18:31:50.32 ===============

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:57 PM

Posted 25 November 2012 - 08:34 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Darkumas

Darkumas
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 25 November 2012 - 03:13 PM

Ihad issues running both adwcleaner and roguekiller. I had to run adw in safe mode and roguekiller finally ran after I temp disable norton. The logs are below.


Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 7
Java version out of Date!
Adobe Reader 10.1.0 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome CommonDotNET.dll..
Google Chrome IdVaultCore.dll..
Google Chrome IdVaultCore.XmlSerializers.dll.
Google Chrome Microsoft.mshtml.dll.
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````



# AdwCleaner v2.009 - Logfile created 11/25/2012 at 14:54:41
# Updated 24/11/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Kirk - INSPIRON1525
# Boot Mode : Safe mode
# Running from : C:\Users\Kirk\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [669 octets] - [25/11/2012 14:54:41]

########## EOF - C:\AdwCleaner[S1].txt - [728 octets] ##########





RogueKiller V8.3.1 [Nov 25 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Kirk [Admin rights]
Mode : Scan -- Date : 11/25/2012 15:08:49

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] hnm_svc.exe -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x81E9365D -> HOOKED (Unknown @ 0x875065C8)
SSDT[14] : NtAlertThread @ 0x81E0C295 -> HOOKED (Unknown @ 0x875066A8)
SSDT[18] : NtAllocateVirtualMemory @ 0x81E4854B -> HOOKED (Unknown @ 0x87506FC0)
SSDT[21] : NtAlpcConnectPort @ 0x81DEA88B -> HOOKED (Unknown @ 0x8744CBC0)
SSDT[42] : NtAssignProcessToJobObject @ 0x81DBDB47 -> HOOKED (Unknown @ 0x87516D68)
SSDT[67] : NtCreateMutant @ 0x81E20862 -> HOOKED (Unknown @ 0x87506318)
SSDT[77] : NtCreateSymbolicLinkObject @ 0x81DC035E -> HOOKED (Unknown @ 0x87516A88)
SSDT[78] : NtCreateThread @ 0x81E91C74 -> HOOKED (Unknown @ 0x875057F0)
SSDT[116] : NtDebugActiveProcess @ 0x81E64D78 -> HOOKED (Unknown @ 0x87516E48)
SSDT[129] : NtDuplicateObject @ 0x81DF8581 -> HOOKED (Unknown @ 0x87505538)
SSDT[147] : NtFreeVirtualMemory @ 0x81C84F1D -> HOOKED (Unknown @ 0x87506DD8)
SSDT[156] : NtImpersonateAnonymousToken @ 0x81DBAF16 -> HOOKED (Unknown @ 0x87506408)
SSDT[158] : NtImpersonateThread @ 0x81DD0553 -> HOOKED (Unknown @ 0x875064E8)
SSDT[165] : NtLoadDriver @ 0x81D6BDEE -> HOOKED (Unknown @ 0x8744CB48)
SSDT[177] : NtMapViewOfSection @ 0x81E108DA -> HOOKED (Unknown @ 0x87506CD8)
SSDT[184] : NtOpenEvent @ 0x81DF9DFF -> HOOKED (Unknown @ 0x87506238)
SSDT[194] : NtOpenProcess @ 0x81E20FFE -> HOOKED (Unknown @ 0x875056D8)
SSDT[195] : NtOpenProcessToken @ 0x81E01A60 -> HOOKED (Unknown @ 0x87505478)
SSDT[197] : NtOpenSection @ 0x81E116AD -> HOOKED (Unknown @ 0x87506078)
SSDT[201] : NtOpenThread @ 0x81E1C54F -> HOOKED (Unknown @ 0x87505608)
SSDT[210] : NtProtectVirtualMemory @ 0x81E1A332 -> HOOKED (Unknown @ 0x87516C78)
SSDT[282] : NtResumeThread @ 0x81E1BB9A -> HOOKED (Unknown @ 0x87506788)
SSDT[289] : NtSetContextThread @ 0x81E9310B -> HOOKED (Unknown @ 0x87506A28)
SSDT[305] : NtSetInformationProcess @ 0x81E14908 -> HOOKED (Unknown @ 0x87506B08)
SSDT[317] : NtSetSystemInformation @ 0x81DE6EEF -> HOOKED (Unknown @ 0x87516F28)
SSDT[330] : NtSuspendProcess @ 0x81E93597 -> HOOKED (Unknown @ 0x87506158)
SSDT[331] : NtSuspendThread @ 0x81D9A92D -> HOOKED (Unknown @ 0x87506868)
SSDT[334] : NtTerminateProcess @ 0x81DF1173 -> HOOKED (Unknown @ 0x875058D0)
SSDT[335] : NtTerminateThread @ 0x81E1C584 -> HOOKED (Unknown @ 0x87506948)
SSDT[348] : NtUnmapViewOfSection @ 0x81E10B9D -> HOOKED (Unknown @ 0x87506BF8)
SSDT[358] : NtWriteVirtualMemory @ 0x81E0D96D -> HOOKED (Unknown @ 0x87506EA8)
SSDT[382] : NtCreateThreadEx @ 0x81E1C039 -> HOOKED (Unknown @ 0x87516B78)
S_SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x868D2090)
S_SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x86989C00)
S_SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8753DC38)
S_SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8699E230)
S_SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x86ABF638)
S_SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x875998D0)
S_SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x86ABF3D0)
S_SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x875999A0)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x86ABF938)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8753DC70)

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543225L9A300 +++++
--- User ---
[MBR] 843a14444feb25073bb5d844b92c4230
[BSP] 54d20d43fa3e91f95afc60f155d7d2e4 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 220874 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 483153920 | Size: 2559 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11252012_02d1508.txt >>
RKreport[1]_S_11252012_02d1508.txt

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:57 PM

Posted 25 November 2012 - 05:25 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Darkumas

Darkumas
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 25 November 2012 - 06:56 PM

There were no issues running the scan.


ComboFix 12-11-25.01 - Kirk 11/25/2012 18:39:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1426 [GMT -5:00]
Running from: c:\users\Kirk\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-25 to 2012-11-25 )))))))))))))))))))))))))))))))
.
.
2012-11-25 23:47 . 2012-11-25 23:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-20 00:24 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-20 00:23 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 13:28 . 2012-10-15 02:41 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-29 11:27 . 2012-10-15 02:40 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-15 02:40 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Kirk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Kirk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Kirk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Kirk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 3810304]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\Kirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kirk\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-10-16 5958256]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-2-22 50688]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-22 05:51 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 04:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4080317293-2241603063-2931841048-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4080317293-2241603063-2931841048-1000Core.job
- c:\users\Kirk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-02 01:09]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4080317293-2241603063-2931841048-1000UA.job
- c:\users\Kirk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-02 01:09]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
MSConfigStartUp-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-25 18:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3316)
c:\windows\system32\GIDHook.dll
c:\windows\system32\GIDBIN1.dll
c:\windows\system32\EasyHook32.dll
c:\users\Kirk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\cscapi.dll
c:\windows\ehome\ehSSO.dll
c:\windows\System32\netshell.dll
c:\windows\system32\pnidui.dll
c:\windows\system32\QUtil.dll
c:\windows\System32\QAgent.dll
.
Completion time: 2012-11-25 18:50:01
ComboFix-quarantined-files.txt 2012-11-25 23:49
.
Pre-Run: 61,870,829,568 bytes free
Post-Run: 61,813,035,008 bytes free
.
- - End Of File - - EABEED846A1B1146D7C08FD392F7669E

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:57 PM

Posted 25 November 2012 - 07:33 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Darkumas

Darkumas
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 25 November 2012 - 10:39 PM

There were no issues running the scans. Logs are below.




22:04:19.0473 5912 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:04:20.0050 5912 ============================================================
22:04:20.0050 5912 Current date / time: 2012/11/25 22:04:20.0050
22:04:20.0050 5912 SystemInfo:
22:04:20.0050 5912
22:04:20.0050 5912 OS Version: 6.0.6002 ServicePack: 2.0
22:04:20.0050 5912 Product type: Workstation
22:04:20.0050 5912 ComputerName: INSPIRON1525
22:04:20.0050 5912 UserName: Kirk
22:04:20.0050 5912 Windows directory: C:\Windows
22:04:20.0050 5912 System windows directory: C:\Windows
22:04:20.0050 5912 Processor architecture: Intel x86
22:04:20.0050 5912 Number of processors: 2
22:04:20.0050 5912 Page size: 0x1000
22:04:20.0050 5912 Boot type: Normal boot
22:04:20.0050 5912 ============================================================
22:04:20.0815 5912 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:04:20.0815 5912 ============================================================
22:04:20.0815 5912 \Device\Harddisk0\DR0:
22:04:20.0815 5912 MBR partitions:
22:04:20.0815 5912 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
22:04:20.0815 5912 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1AF65168
22:04:20.0846 5912 ============================================================
22:04:20.0893 5912 C: <-> \Device\Harddisk0\DR0\Partition2
22:04:20.0924 5912 D: <-> \Device\Harddisk0\DR0\Partition1
22:04:20.0924 5912 ============================================================
22:04:20.0924 5912 Initialize success
22:04:20.0924 5912 ============================================================
22:04:25.0058 5544 ============================================================
22:04:25.0058 5544 Scan started
22:04:25.0058 5544 Mode: Manual;
22:04:25.0058 5544 ============================================================
22:04:25.0729 5544 ================ Scan system memory ========================
22:04:25.0729 5544 System memory - ok
22:04:25.0729 5544 ================ Scan services =============================
22:04:25.0947 5544 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
22:04:25.0963 5544 ACPI - ok
22:04:26.0025 5544 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:04:26.0025 5544 AdobeARMservice - ok
22:04:26.0087 5544 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:04:26.0103 5544 adp94xx - ok
22:04:26.0134 5544 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:04:26.0134 5544 adpahci - ok
22:04:26.0197 5544 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
22:04:26.0197 5544 adpu160m - ok
22:04:26.0243 5544 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:04:26.0243 5544 adpu320 - ok
22:04:26.0290 5544 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:04:26.0290 5544 AeLookupSvc - ok
22:04:26.0337 5544 [ EF1142512BEC12F1C2C87735DA1755BE ] AESTFilters C:\Windows\system32\aestsrv.exe
22:04:26.0337 5544 AESTFilters - ok
22:04:26.0384 5544 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
22:04:26.0384 5544 AFD - ok
22:04:26.0446 5544 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:04:26.0446 5544 agp440 - ok
22:04:26.0509 5544 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:04:26.0509 5544 aic78xx - ok
22:04:26.0555 5544 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
22:04:26.0555 5544 ALG - ok
22:04:26.0587 5544 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
22:04:26.0587 5544 aliide - ok
22:04:26.0618 5544 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:04:26.0618 5544 amdagp - ok
22:04:26.0649 5544 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
22:04:26.0649 5544 amdide - ok
22:04:26.0727 5544 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
22:04:26.0727 5544 AmdK7 - ok
22:04:26.0758 5544 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:04:26.0774 5544 AmdK8 - ok
22:04:26.0805 5544 [ A80230BD04F0B8BF05185B369BB1CBB8 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
22:04:26.0821 5544 ApfiltrService - ok
22:04:26.0867 5544 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
22:04:26.0867 5544 Appinfo - ok
22:04:26.0945 5544 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:04:26.0945 5544 Apple Mobile Device - ok
22:04:26.0992 5544 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
22:04:26.0992 5544 arc - ok
22:04:27.0055 5544 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:04:27.0055 5544 arcsas - ok
22:04:27.0101 5544 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:04:27.0101 5544 AsyncMac - ok
22:04:27.0164 5544 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
22:04:27.0164 5544 atapi - ok
22:04:27.0211 5544 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:04:27.0211 5544 AudioEndpointBuilder - ok
22:04:27.0226 5544 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:04:27.0226 5544 Audiosrv - ok
22:04:27.0304 5544 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
22:04:27.0320 5544 BBSvc - ok
22:04:27.0382 5544 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
22:04:27.0382 5544 BBUpdate - ok
22:04:27.0429 5544 [ 423C7B87E886AC93D22936EA82665F83 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
22:04:27.0429 5544 BCM42RLY - ok
22:04:27.0491 5544 [ 41A70777E892C3DEA606758366566A77 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
22:04:27.0523 5544 BCM43XX - ok
22:04:27.0585 5544 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
22:04:27.0585 5544 Beep - ok
22:04:27.0632 5544 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
22:04:27.0632 5544 BFE - ok
22:04:27.0819 5544 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121106.001\BHDrvx86.sys
22:04:27.0850 5544 BHDrvx86 - ok
22:04:27.0928 5544 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
22:04:27.0944 5544 BITS - ok
22:04:27.0975 5544 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:04:27.0975 5544 blbdrive - ok
22:04:28.0037 5544 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:04:28.0053 5544 Bonjour Service - ok
22:04:28.0084 5544 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:04:28.0084 5544 bowser - ok
22:04:28.0115 5544 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
22:04:28.0115 5544 BrFiltLo - ok
22:04:28.0162 5544 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
22:04:28.0162 5544 BrFiltUp - ok
22:04:28.0193 5544 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
22:04:28.0193 5544 Browser - ok
22:04:28.0240 5544 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
22:04:28.0240 5544 Brserid - ok
22:04:28.0271 5544 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
22:04:28.0271 5544 BrSerWdm - ok
22:04:28.0287 5544 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
22:04:28.0303 5544 BrUsbMdm - ok
22:04:28.0349 5544 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
22:04:28.0349 5544 BrUsbSer - ok
22:04:28.0412 5544 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:04:28.0427 5544 BTHMODEM - ok
22:04:28.0521 5544 catchme - ok
22:04:28.0552 5544 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:04:28.0552 5544 cdfs - ok
22:04:28.0583 5544 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:04:28.0583 5544 cdrom - ok
22:04:28.0615 5544 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
22:04:28.0615 5544 CertPropSvc - ok
22:04:28.0646 5544 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
22:04:28.0646 5544 circlass - ok
22:04:28.0693 5544 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
22:04:28.0693 5544 CLFS - ok
22:04:28.0771 5544 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:04:28.0771 5544 clr_optimization_v2.0.50727_32 - ok
22:04:28.0864 5544 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:04:28.0864 5544 clr_optimization_v4.0.30319_32 - ok
22:04:28.0895 5544 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:04:28.0895 5544 CmBatt - ok
22:04:28.0942 5544 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:04:28.0942 5544 cmdide - ok
22:04:28.0973 5544 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:04:28.0973 5544 Compbatt - ok
22:04:28.0989 5544 COMSysApp - ok
22:04:29.0005 5544 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:04:29.0005 5544 crcdisk - ok
22:04:29.0051 5544 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
22:04:29.0051 5544 Crusoe - ok
22:04:29.0098 5544 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:04:29.0098 5544 CryptSvc - ok
22:04:29.0176 5544 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:04:29.0192 5544 DcomLaunch - ok
22:04:29.0223 5544 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:04:29.0223 5544 DfsC - ok
22:04:29.0317 5544 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
22:04:29.0348 5544 DFSR - ok
22:04:29.0379 5544 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
22:04:29.0379 5544 Dhcp - ok
22:04:29.0426 5544 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
22:04:29.0426 5544 disk - ok
22:04:29.0473 5544 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:04:29.0473 5544 Dnscache - ok
22:04:29.0519 5544 [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
22:04:29.0519 5544 DockLoginService - ok
22:04:29.0535 5544 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:04:29.0535 5544 dot3svc - ok
22:04:29.0582 5544 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
22:04:29.0582 5544 DPS - ok
22:04:29.0629 5544 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:04:29.0629 5544 drmkaud - ok
22:04:29.0675 5544 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:04:29.0675 5544 DXGKrnl - ok
22:04:29.0722 5544 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
22:04:29.0738 5544 e1express - ok
22:04:29.0785 5544 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
22:04:29.0785 5544 E1G60 - ok
22:04:29.0847 5544 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
22:04:29.0847 5544 EapHost - ok
22:04:29.0878 5544 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
22:04:29.0878 5544 Ecache - ok
22:04:29.0987 5544 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:04:29.0987 5544 eeCtrl - ok
22:04:30.0050 5544 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:04:30.0065 5544 ehRecvr - ok
22:04:30.0112 5544 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
22:04:30.0112 5544 ehSched - ok
22:04:30.0143 5544 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
22:04:30.0143 5544 ehstart - ok
22:04:30.0206 5544 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:04:30.0221 5544 elxstor - ok
22:04:30.0268 5544 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
22:04:30.0284 5544 EMDMgmt - ok
22:04:30.0331 5544 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:04:30.0331 5544 EraserUtilRebootDrv - ok
22:04:30.0377 5544 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:04:30.0377 5544 ErrDev - ok
22:04:30.0440 5544 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
22:04:30.0440 5544 EventSystem - ok
22:04:30.0487 5544 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
22:04:30.0487 5544 exfat - ok
22:04:30.0533 5544 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:04:30.0549 5544 fastfat - ok
22:04:30.0580 5544 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:04:30.0580 5544 fdc - ok
22:04:30.0611 5544 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
22:04:30.0611 5544 fdPHost - ok
22:04:30.0611 5544 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
22:04:30.0611 5544 FDResPub - ok
22:04:30.0674 5544 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:04:30.0674 5544 FileInfo - ok
22:04:30.0721 5544 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:04:30.0721 5544 Filetrace - ok
22:04:30.0752 5544 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:04:30.0752 5544 flpydisk - ok
22:04:30.0814 5544 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:04:30.0814 5544 FltMgr - ok
22:04:30.0892 5544 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
22:04:30.0908 5544 FontCache - ok
22:04:30.0970 5544 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:04:30.0970 5544 FontCache3.0.0.0 - ok
22:04:31.0017 5544 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:04:31.0017 5544 Fs_Rec - ok
22:04:31.0048 5544 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:04:31.0048 5544 gagp30kx - ok
22:04:31.0173 5544 [ 311ACFCDD2C9A99481E91FA4CB028D70 ] GameConsoleService C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
22:04:31.0173 5544 GameConsoleService - ok
22:04:31.0220 5544 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:04:31.0220 5544 GEARAspiWDM - ok
22:04:31.0267 5544 [ 20F6C49E2C410FCD32D781F521579BF5 ] GIDv2 C:\Windows\system32\drivers\GIDv2.sys
22:04:31.0267 5544 GIDv2 - ok
22:04:31.0329 5544 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
22:04:31.0329 5544 GoToAssist - ok
22:04:31.0376 5544 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
22:04:31.0391 5544 gpsvc - ok
22:04:31.0438 5544 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:04:31.0438 5544 HDAudBus - ok
22:04:31.0469 5544 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:04:31.0485 5544 HidBth - ok
22:04:31.0516 5544 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
22:04:31.0516 5544 HidIr - ok
22:04:31.0547 5544 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
22:04:31.0547 5544 hidserv - ok
22:04:31.0579 5544 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:04:31.0579 5544 HidUsb - ok
22:04:31.0594 5544 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:04:31.0594 5544 hkmsvc - ok
22:04:31.0657 5544 [ 11ACCB0D76E0FE109624224B6713893C ] hnmsvc c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
22:04:31.0672 5544 hnmsvc - ok
22:04:31.0703 5544 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
22:04:31.0703 5544 HpCISSs - ok
22:04:31.0781 5544 [ 99F85640054BA65190B860D878A7C9AE ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:04:31.0797 5544 HSF_DPV - ok
22:04:31.0828 5544 [ CFBC2B81972E298F0E19EE68FA9E73DA ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:04:31.0828 5544 HSXHWAZL - ok
22:04:31.0875 5544 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:04:31.0891 5544 HTTP - ok
22:04:31.0937 5544 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
22:04:31.0937 5544 i2omp - ok
22:04:32.0015 5544 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:04:32.0015 5544 i8042prt - ok
22:04:32.0078 5544 [ AE38A12F79A4980DDB88F36514F8A1DA ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
22:04:32.0078 5544 IAANTMON - ok
22:04:32.0125 5544 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\drivers\iastor.sys
22:04:32.0125 5544 iaStor - ok
22:04:32.0171 5544 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
22:04:32.0171 5544 iaStorV - ok
22:04:32.0234 5544 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:04:32.0249 5544 idsvc - ok
22:04:32.0359 5544 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121123.001\IDSvix86.sys
22:04:32.0374 5544 IDSVix86 - ok
22:04:32.0452 5544 [ 9995160D6F69A603FA5B8DA9A42E8F9F ] IDVaultSvc C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
22:04:32.0452 5544 IDVaultSvc - ok
22:04:32.0546 5544 [ C134E69CE901422D1F2D7EA8D69098FE ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
22:04:32.0593 5544 igfx - ok
22:04:32.0671 5544 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:04:32.0671 5544 iirsp - ok
22:04:32.0764 5544 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
22:04:32.0764 5544 IKEEXT - ok
22:04:32.0858 5544 [ 98D303CCB3415E9202E82043B37D66DC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
22:04:32.0858 5544 IntcHdmiAddService - ok
22:04:32.0905 5544 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:04:32.0905 5544 intelide - ok
22:04:32.0936 5544 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:04:32.0936 5544 intelppm - ok
22:04:32.0967 5544 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:04:32.0967 5544 IPBusEnum - ok
22:04:33.0014 5544 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:04:33.0014 5544 IpFilterDriver - ok
22:04:33.0092 5544 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:04:33.0092 5544 iphlpsvc - ok
22:04:33.0092 5544 IpInIp - ok
22:04:33.0154 5544 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
22:04:33.0154 5544 IPMIDRV - ok
22:04:33.0185 5544 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
22:04:33.0201 5544 IPNAT - ok
22:04:33.0295 5544 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:04:33.0310 5544 iPod Service - ok
22:04:33.0326 5544 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:04:33.0326 5544 IRENUM - ok
22:04:33.0357 5544 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:04:33.0357 5544 isapnp - ok
22:04:33.0419 5544 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:04:33.0419 5544 iScsiPrt - ok
22:04:33.0482 5544 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
22:04:33.0482 5544 iteatapi - ok
22:04:33.0497 5544 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
22:04:33.0497 5544 iteraid - ok
22:04:33.0529 5544 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:04:33.0529 5544 kbdclass - ok
22:04:33.0575 5544 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:04:33.0575 5544 kbdhid - ok
22:04:33.0622 5544 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
22:04:33.0622 5544 KeyIso - ok
22:04:33.0685 5544 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:04:33.0700 5544 KSecDD - ok
22:04:33.0747 5544 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
22:04:33.0747 5544 KtmRm - ok
22:04:33.0794 5544 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
22:04:33.0794 5544 LanmanServer - ok
22:04:33.0841 5544 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:04:33.0841 5544 LanmanWorkstation - ok
22:04:33.0887 5544 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:04:33.0887 5544 lltdio - ok
22:04:33.0934 5544 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:04:33.0950 5544 lltdsvc - ok
22:04:33.0981 5544 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:04:33.0981 5544 lmhosts - ok
22:04:34.0028 5544 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:04:34.0028 5544 LSI_FC - ok
22:04:34.0059 5544 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:04:34.0059 5544 LSI_SAS - ok
22:04:34.0121 5544 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:04:34.0121 5544 LSI_SCSI - ok
22:04:34.0153 5544 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
22:04:34.0168 5544 luafv - ok
22:04:34.0168 5544 MBAMSwissArmy - ok
22:04:34.0215 5544 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:04:34.0215 5544 Mcx2Svc - ok
22:04:34.0246 5544 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:04:34.0246 5544 mdmxsdk - ok
22:04:34.0324 5544 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
22:04:34.0324 5544 megasas - ok
22:04:34.0355 5544 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
22:04:34.0371 5544 MegaSR - ok
22:04:34.0402 5544 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
22:04:34.0402 5544 MMCSS - ok
22:04:34.0449 5544 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
22:04:34.0449 5544 Modem - ok
22:04:34.0480 5544 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:04:34.0480 5544 monitor - ok
22:04:34.0480 5544 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:04:34.0496 5544 mouclass - ok
22:04:34.0527 5544 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:04:34.0527 5544 mouhid - ok
22:04:34.0558 5544 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
22:04:34.0558 5544 MountMgr - ok
22:04:34.0589 5544 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
22:04:34.0589 5544 mpio - ok
22:04:34.0699 5544 MpKsl372f7895 - ok
22:04:34.0745 5544 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:04:34.0745 5544 mpsdrv - ok
22:04:34.0777 5544 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
22:04:34.0777 5544 MpsSvc - ok
22:04:34.0823 5544 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
22:04:34.0823 5544 Mraid35x - ok
22:04:34.0855 5544 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:04:34.0870 5544 MRxDAV - ok
22:04:34.0901 5544 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:04:34.0901 5544 mrxsmb - ok
22:04:34.0933 5544 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:04:34.0933 5544 mrxsmb10 - ok
22:04:34.0948 5544 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:04:34.0948 5544 mrxsmb20 - ok
22:04:34.0979 5544 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
22:04:34.0979 5544 msahci - ok
22:04:35.0011 5544 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:04:35.0026 5544 msdsm - ok
22:04:35.0042 5544 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
22:04:35.0057 5544 MSDTC - ok
22:04:35.0089 5544 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:04:35.0089 5544 Msfs - ok
22:04:35.0104 5544 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:04:35.0104 5544 msisadrv - ok
22:04:35.0151 5544 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:04:35.0151 5544 MSiSCSI - ok
22:04:35.0167 5544 msiserver - ok
22:04:35.0213 5544 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:04:35.0229 5544 MSKSSRV - ok
22:04:35.0245 5544 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:04:35.0245 5544 MSPCLOCK - ok
22:04:35.0260 5544 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:04:35.0260 5544 MSPQM - ok
22:04:35.0291 5544 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:04:35.0291 5544 MsRPC - ok
22:04:35.0323 5544 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:04:35.0323 5544 mssmbios - ok
22:04:35.0338 5544 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:04:35.0354 5544 MSTEE - ok
22:04:35.0385 5544 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
22:04:35.0385 5544 Mup - ok
22:04:35.0447 5544 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
22:04:35.0463 5544 N360 - ok
22:04:35.0510 5544 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
22:04:35.0510 5544 napagent - ok
22:04:35.0557 5544 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:04:35.0557 5544 NativeWifiP - ok
22:04:35.0619 5544 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121124.005\NAVENG.SYS
22:04:35.0619 5544 NAVENG - ok
22:04:35.0713 5544 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121124.005\NAVEX15.SYS
22:04:35.0744 5544 NAVEX15 - ok
22:04:35.0822 5544 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:04:35.0822 5544 NDIS - ok
22:04:35.0853 5544 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:04:35.0853 5544 NdisTapi - ok
22:04:35.0869 5544 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:04:35.0869 5544 Ndisuio - ok
22:04:35.0900 5544 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:04:35.0900 5544 NdisWan - ok
22:04:35.0915 5544 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:04:35.0915 5544 NDProxy - ok
22:04:36.0009 5544 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
22:04:36.0025 5544 Nero BackItUp Scheduler 4.0 - ok
22:04:36.0040 5544 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:04:36.0040 5544 NetBIOS - ok
22:04:36.0087 5544 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
22:04:36.0087 5544 netbt - ok
22:04:36.0103 5544 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
22:04:36.0103 5544 Netlogon - ok
22:04:36.0149 5544 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
22:04:36.0149 5544 Netman - ok
22:04:36.0181 5544 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
22:04:36.0181 5544 netprofm - ok
22:04:36.0227 5544 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:04:36.0227 5544 NetTcpPortSharing - ok
22:04:36.0274 5544 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:04:36.0274 5544 nfrd960 - ok
22:04:36.0321 5544 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:04:36.0321 5544 NlaSvc - ok
22:04:36.0337 5544 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:04:36.0352 5544 Npfs - ok
22:04:36.0368 5544 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
22:04:36.0368 5544 nsi - ok
22:04:36.0383 5544 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:04:36.0383 5544 nsiproxy - ok
22:04:36.0446 5544 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:04:36.0461 5544 Ntfs - ok
22:04:36.0508 5544 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
22:04:36.0508 5544 ntrigdigi - ok
22:04:36.0539 5544 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
22:04:36.0539 5544 Null - ok
22:04:36.0586 5544 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:04:36.0586 5544 nvraid - ok
22:04:36.0602 5544 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:04:36.0602 5544 nvstor - ok
22:04:36.0633 5544 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:04:36.0633 5544 nv_agp - ok
22:04:36.0633 5544 NwlnkFlt - ok
22:04:36.0649 5544 NwlnkFwd - ok
22:04:36.0773 5544 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:04:36.0789 5544 odserv - ok
22:04:36.0820 5544 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:04:36.0820 5544 ohci1394 - ok
22:04:36.0851 5544 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:04:36.0867 5544 ose - ok
22:04:36.0945 5544 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
22:04:36.0961 5544 p2pimsvc - ok
22:04:36.0976 5544 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
22:04:36.0992 5544 p2psvc - ok
22:04:37.0054 5544 [ 9D80E0BE979C3EDAF2863F23B88F4DE6 ] Packet C:\Windows\system32\DRIVERS\packet.sys
22:04:37.0054 5544 Packet - ok
22:04:37.0085 5544 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
22:04:37.0085 5544 Parport - ok
22:04:37.0117 5544 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:04:37.0132 5544 partmgr - ok
22:04:37.0179 5544 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
22:04:37.0179 5544 Parvdm - ok
22:04:37.0210 5544 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
22:04:37.0210 5544 PcaSvc - ok
22:04:37.0241 5544 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
22:04:37.0241 5544 pci - ok
22:04:37.0273 5544 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
22:04:37.0273 5544 pciide - ok
22:04:37.0319 5544 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:04:37.0319 5544 pcmcia - ok
22:04:37.0382 5544 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:04:37.0397 5544 PEAUTH - ok
22:04:37.0491 5544 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
22:04:37.0522 5544 pla - ok
22:04:37.0569 5544 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:04:37.0569 5544 PlugPlay - ok
22:04:37.0616 5544 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
22:04:37.0616 5544 PNRPAutoReg - ok
22:04:37.0647 5544 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
22:04:37.0647 5544 PNRPsvc - ok
22:04:37.0694 5544 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:04:37.0709 5544 PolicyAgent - ok
22:04:37.0741 5544 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:04:37.0741 5544 PptpMiniport - ok
22:04:37.0772 5544 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
22:04:37.0772 5544 Processor - ok
22:04:37.0819 5544 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
22:04:37.0819 5544 ProfSvc - ok
22:04:37.0881 5544 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:04:37.0881 5544 ProtectedStorage - ok
22:04:37.0912 5544 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
22:04:37.0912 5544 PSched - ok
22:04:37.0943 5544 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
22:04:37.0943 5544 PxHelp20 - ok
22:04:38.0037 5544 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:04:38.0068 5544 ql2300 - ok
22:04:38.0099 5544 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:04:38.0099 5544 ql40xx - ok
22:04:38.0146 5544 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
22:04:38.0162 5544 QWAVE - ok
22:04:38.0177 5544 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:04:38.0177 5544 QWAVEdrv - ok
22:04:38.0302 5544 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
22:04:38.0333 5544 R300 - ok
22:04:38.0380 5544 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:04:38.0380 5544 RasAcd - ok
22:04:38.0396 5544 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
22:04:38.0411 5544 RasAuto - ok
22:04:38.0427 5544 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:04:38.0427 5544 Rasl2tp - ok
22:04:38.0474 5544 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
22:04:38.0474 5544 RasMan - ok
22:04:38.0489 5544 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:04:38.0489 5544 RasPppoe - ok
22:04:38.0505 5544 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:04:38.0505 5544 RasSstp - ok
22:04:38.0552 5544 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:04:38.0552 5544 rdbss - ok
22:04:38.0567 5544 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:04:38.0567 5544 RDPCDD - ok
22:04:38.0614 5544 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
22:04:38.0614 5544 rdpdr - ok
22:04:38.0630 5544 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:04:38.0630 5544 RDPENCDD - ok
22:04:38.0692 5544 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:04:38.0692 5544 RDPWD - ok
22:04:38.0770 5544 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:04:38.0770 5544 RemoteAccess - ok
22:04:38.0817 5544 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:04:38.0817 5544 RemoteRegistry - ok
22:04:38.0864 5544 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
22:04:38.0864 5544 rimmptsk - ok
22:04:38.0942 5544 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
22:04:38.0942 5544 rimsptsk - ok
22:04:39.0004 5544 [ 616EAC1B0E48B236A5A9B8AE07FDB81C ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
22:04:39.0004 5544 RimUsb - ok
22:04:39.0067 5544 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
22:04:39.0067 5544 RimVSerPort - ok
22:04:39.0082 5544 [ D231B577024AA324AF13A42F3A807D10 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
22:04:39.0082 5544 rismxdp - ok
22:04:39.0098 5544 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
22:04:39.0098 5544 ROOTMODEM - ok
22:04:39.0129 5544 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
22:04:39.0145 5544 RpcLocator - ok
22:04:39.0176 5544 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
22:04:39.0176 5544 RpcSs - ok
22:04:39.0207 5544 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:04:39.0207 5544 rspndr - ok
22:04:39.0223 5544 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
22:04:39.0223 5544 SamSs - ok
22:04:39.0254 5544 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:04:39.0269 5544 sbp2port - ok
22:04:39.0301 5544 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:04:39.0301 5544 SCardSvr - ok
22:04:39.0363 5544 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
22:04:39.0363 5544 Schedule - ok
22:04:39.0394 5544 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:04:39.0394 5544 SCPolicySvc - ok
22:04:39.0410 5544 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
22:04:39.0410 5544 sdbus - ok
22:04:39.0457 5544 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:04:39.0457 5544 SDRSVC - ok
22:04:39.0472 5544 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:04:39.0488 5544 secdrv - ok
22:04:39.0503 5544 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
22:04:39.0503 5544 seclogon - ok
22:04:39.0519 5544 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
22:04:39.0519 5544 SENS - ok
22:04:39.0550 5544 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
22:04:39.0550 5544 Serenum - ok
22:04:39.0597 5544 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
22:04:39.0597 5544 Serial - ok
22:04:39.0628 5544 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:04:39.0628 5544 sermouse - ok
22:04:39.0675 5544 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
22:04:39.0675 5544 SessionEnv - ok
22:04:39.0722 5544 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:04:39.0722 5544 sffdisk - ok
22:04:39.0753 5544 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:04:39.0753 5544 sffp_mmc - ok
22:04:39.0800 5544 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:04:39.0815 5544 sffp_sd - ok
22:04:39.0847 5544 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:04:39.0847 5544 sfloppy - ok
22:04:39.0909 5544 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:04:39.0925 5544 SharedAccess - ok
22:04:39.0971 5544 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:04:39.0971 5544 ShellHWDetection - ok
22:04:40.0034 5544 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:04:40.0034 5544 sisagp - ok
22:04:40.0096 5544 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
22:04:40.0112 5544 SiSRaid2 - ok
22:04:40.0143 5544 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:04:40.0143 5544 SiSRaid4 - ok
22:04:40.0533 5544 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
22:04:40.0580 5544 slsvc - ok
22:04:40.0611 5544 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
22:04:40.0627 5544 SLUINotify - ok
22:04:40.0642 5544 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:04:40.0642 5544 Smb - ok
22:04:40.0673 5544 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:04:40.0673 5544 SNMPTRAP - ok
22:04:40.0720 5544 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
22:04:40.0720 5544 spldr - ok
22:04:40.0798 5544 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
22:04:40.0814 5544 Spooler - ok
22:04:41.0032 5544 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS
22:04:41.0063 5544 SRTSP - ok
22:04:41.0079 5544 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS
22:04:41.0095 5544 SRTSPX - ok
22:04:41.0126 5544 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:04:41.0126 5544 srv - ok
22:04:41.0157 5544 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:04:41.0188 5544 srv2 - ok
22:04:41.0235 5544 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:04:41.0235 5544 srvnet - ok
22:04:41.0266 5544 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:04:41.0266 5544 SSDPSRV - ok
22:04:41.0297 5544 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:04:41.0297 5544 SstpSvc - ok
22:04:41.0329 5544 [ 7E6DD4B34ACD36AF6C711D2BDE91B040 ] STacSV C:\Windows\system32\STacSV.exe
22:04:41.0329 5544 STacSV - ok
22:04:41.0453 5544 [ 6A2A5E809C2C0178326D92B19EE4AAD3 ] STHDA C:\Windows\system32\drivers\stwrt.sys
22:04:41.0469 5544 STHDA - ok
22:04:41.0516 5544 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
22:04:41.0531 5544 stisvc - ok
22:04:41.0641 5544 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
22:04:41.0672 5544 stllssvr - ok
22:04:41.0703 5544 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:04:41.0703 5544 swenum - ok
22:04:41.0765 5544 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
22:04:41.0765 5544 swprv - ok
22:04:41.0797 5544 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
22:04:41.0797 5544 Symc8xx - ok
22:04:41.0921 5544 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS C:\Windows\system32\drivers\N360\0502020.003\SYMDS.SYS
22:04:41.0937 5544 SymDS - ok
22:04:42.0124 5544 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA C:\Windows\system32\drivers\N360\0502020.003\SYMEFA.SYS
22:04:42.0171 5544 SymEFA - ok
22:04:42.0202 5544 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
22:04:42.0202 5544 SymEvent - ok
22:04:42.0218 5544 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS
22:04:42.0233 5544 SymIRON - ok
22:04:42.0280 5544 [ D42A7229E333AF725F1445F785E4658D ] SYMTDIv C:\Windows\System32\Drivers\N360\0502020.003\SYMTDIV.SYS
22:04:42.0296 5544 SYMTDIv - ok
22:04:42.0311 5544 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
22:04:42.0311 5544 Sym_hi - ok
22:04:42.0343 5544 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
22:04:42.0343 5544 Sym_u3 - ok
22:04:42.0389 5544 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
22:04:42.0405 5544 SysMain - ok
22:04:42.0436 5544 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:04:42.0452 5544 TabletInputService - ok
22:04:42.0499 5544 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:04:42.0530 5544 TapiSrv - ok
22:04:42.0545 5544 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
22:04:42.0545 5544 TBS - ok
22:04:42.0764 5544 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:04:42.0779 5544 Tcpip - ok
22:04:42.0811 5544 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
22:04:42.0811 5544 Tcpip6 - ok
22:04:42.0889 5544 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:04:42.0904 5544 tcpipreg - ok
22:04:42.0935 5544 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:04:42.0935 5544 TDPIPE - ok
22:04:42.0967 5544 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:04:42.0982 5544 TDTCP - ok
22:04:43.0013 5544 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:04:43.0013 5544 tdx - ok
22:04:43.0045 5544 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:04:43.0045 5544 TermDD - ok
22:04:43.0060 5544 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
22:04:43.0076 5544 TermService - ok
22:04:43.0107 5544 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
22:04:43.0107 5544 Themes - ok
22:04:43.0138 5544 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
22:04:43.0138 5544 THREADORDER - ok
22:04:43.0232 5544 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
22:04:43.0232 5544 TrkWks - ok
22:04:43.0325 5544 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:04:43.0341 5544 TrustedInstaller - ok
22:04:43.0388 5544 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:04:43.0388 5544 tssecsrv - ok
22:04:43.0419 5544 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
22:04:43.0419 5544 tunmp - ok
22:04:43.0450 5544 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:04:43.0450 5544 tunnel - ok
22:04:43.0481 5544 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:04:43.0481 5544 uagp35 - ok
22:04:43.0559 5544 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:04:43.0559 5544 udfs - ok
22:04:43.0622 5544 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:04:43.0637 5544 UI0Detect - ok
22:04:43.0684 5544 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:04:43.0700 5544 uliagpkx - ok
22:04:43.0747 5544 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
22:04:43.0747 5544 uliahci - ok
22:04:43.0793 5544 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
22:04:43.0793 5544 UlSata - ok
22:04:43.0809 5544 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
22:04:43.0809 5544 ulsata2 - ok
22:04:43.0856 5544 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:04:43.0856 5544 umbus - ok
22:04:43.0996 5544 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
22:04:44.0027 5544 upnphost - ok
22:04:44.0059 5544 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
22:04:44.0074 5544 USBAAPL - ok
22:04:44.0105 5544 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:04:44.0121 5544 usbccgp - ok
22:04:44.0152 5544 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:04:44.0152 5544 usbcir - ok
22:04:44.0199 5544 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:04:44.0199 5544 usbehci - ok
22:04:44.0230 5544 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:04:44.0230 5544 usbhub - ok
22:04:44.0261 5544 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:04:44.0261 5544 usbohci - ok
22:04:44.0308 5544 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
22:04:44.0324 5544 usbprint - ok
22:04:44.0386 5544 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:04:44.0402 5544 USBSTOR - ok
22:04:44.0433 5544 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:04:44.0433 5544 usbuhci - ok
22:04:44.0480 5544 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
22:04:44.0480 5544 UxSms - ok
22:04:44.0620 5544 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
22:04:44.0636 5544 vds - ok
22:04:44.0698 5544 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:04:44.0729 5544 vga - ok
22:04:44.0761 5544 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
22:04:44.0761 5544 VgaSave - ok
22:04:44.0807 5544 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:04:44.0807 5544 viaagp - ok
22:04:44.0839 5544 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
22:04:44.0839 5544 ViaC7 - ok
22:04:44.0885 5544 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
22:04:44.0917 5544 viaide - ok
22:04:44.0948 5544 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:04:44.0948 5544 volmgr - ok
22:04:45.0088 5544 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:04:45.0104 5544 volmgrx - ok
22:04:45.0166 5544 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:04:45.0166 5544 volsnap - ok
22:04:45.0229 5544 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:04:45.0244 5544 vsmraid - ok
22:04:45.0338 5544 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
22:04:45.0353 5544 VSS - ok
22:04:45.0385 5544 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
22:04:45.0385 5544 W32Time - ok
22:04:45.0416 5544 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:04:45.0416 5544 WacomPen - ok
22:04:45.0447 5544 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
22:04:45.0447 5544 Wanarp - ok
22:04:45.0447 5544 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:04:45.0447 5544 Wanarpv6 - ok
22:04:45.0494 5544 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:04:45.0509 5544 wcncsvc - ok
22:04:45.0541 5544 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:04:45.0541 5544 WcsPlugInService - ok
22:04:45.0572 5544 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
22:04:45.0572 5544 Wd - ok
22:04:45.0619 5544 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:04:45.0619 5544 Wdf01000 - ok
22:04:45.0650 5544 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:04:45.0650 5544 WdiServiceHost - ok
22:04:45.0665 5544 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:04:45.0665 5544 WdiSystemHost - ok
22:04:45.0697 5544 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
22:04:45.0712 5544 WebClient - ok
22:04:45.0743 5544 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:04:45.0743 5544 Wecsvc - ok
22:04:45.0775 5544 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:04:45.0775 5544 wercplsupport - ok
22:04:45.0837 5544 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
22:04:45.0837 5544 WerSvc - ok
22:04:45.0868 5544 [ 72CC6A8CA7891031D6380DB5025C773C ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:04:45.0884 5544 winachsf - ok
22:04:45.0946 5544 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:04:45.0962 5544 WinDefend - ok
22:04:45.0962 5544 WinHttpAutoProxySvc - ok
22:04:46.0040 5544 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:04:46.0040 5544 Winmgmt - ok
22:04:46.0118 5544 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
22:04:46.0149 5544 WinRM - ok
22:04:46.0196 5544 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:04:46.0211 5544 Wlansvc - ok
22:04:46.0211 5544 wltrysvc - ok
22:04:46.0243 5544 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:04:46.0243 5544 WmiAcpi - ok
22:04:46.0289 5544 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:04:46.0305 5544 wmiApSrv - ok
22:04:46.0367 5544 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:04:46.0383 5544 WMPNetworkSvc - ok
22:04:46.0414 5544 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:04:46.0414 5544 WPCSvc - ok
22:04:46.0445 5544 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:04:46.0445 5544 WPDBusEnum - ok
22:04:46.0555 5544 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:04:46.0570 5544 WPFFontCache_v0400 - ok
22:04:46.0601 5544 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:04:46.0601 5544 ws2ifsl - ok
22:04:46.0633 5544 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
22:04:46.0633 5544 wscsvc - ok
22:04:46.0648 5544 WSearch - ok
22:04:46.0773 5544 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:04:46.0851 5544 wuauserv - ok
22:04:46.0882 5544 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:04:46.0898 5544 WUDFRd - ok
22:04:46.0976 5544 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:04:46.0976 5544 wudfsvc - ok
22:04:47.0007 5544 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
22:04:47.0007 5544 XAudio - ok
22:04:47.0038 5544 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
22:04:47.0038 5544 XAudioService - ok
22:04:47.0101 5544 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
22:04:47.0101 5544 yukonwlh - ok
22:04:47.0116 5544 ================ Scan global ===============================
22:04:47.0147 5544 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:04:47.0194 5544 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:04:47.0225 5544 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:04:47.0257 5544 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
22:04:47.0257 5544 [Global] - ok
22:04:47.0257 5544 ================ Scan MBR ==================================
22:04:47.0272 5544 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
22:04:47.0553 5544 \Device\Harddisk0\DR0 - ok
22:04:47.0569 5544 ================ Scan VBR ==================================
22:04:47.0584 5544 [ C65EBB53AD6AB8CE1915D4348CCE8AEE ] \Device\Harddisk0\DR0\Partition1
22:04:47.0584 5544 \Device\Harddisk0\DR0\Partition1 - ok
22:04:47.0600 5544 [ 195026518029E139BA3B8E82F1124F44 ] \Device\Harddisk0\DR0\Partition2
22:04:47.0600 5544 \Device\Harddisk0\DR0\Partition2 - ok
22:04:47.0600 5544 ============================================================
22:04:47.0600 5544 Scan finished
22:04:47.0600 5544 ============================================================
22:04:47.0615 5196 Detected object count: 0
22:04:47.0615 5196 Actual detected object count: 0
22:04:55.0603 4912 Deinitialize success





aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-25 22:05:06
-----------------------------
22:05:06.523 OS Version: Windows 6.0.6002 Service Pack 2
22:05:06.523 Number of processors: 2 586 0x170A
22:05:06.523 ComputerName: INSPIRON1525 UserName: Kirk
22:05:08.161 Initialize success
22:06:06.469 AVAST engine defs: 12112501
22:07:53.135 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:07:53.135 Disk 0 Vendor: Size: 0MB BusType: 0
22:07:53.166 Disk 0 MBR read successfully
22:07:53.166 Disk 0 MBR scan
22:07:53.166 Disk 0 Windows VISTA default MBR code
22:07:53.181 Disk 0 MBR hidden
22:07:53.181 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
22:07:53.197 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
22:07:53.228 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 220874 MB offset 30801920
22:07:53.228 Disk 0 Partition - 00 0F Extended LBA 2559 MB offset 483153920
22:07:53.275 Disk 0 Partition 4 00 DD MSDOS5.0 2558 MB offset 483155968
22:07:53.322 Disk 0 scanning C:\Windows\system32\drivers
22:08:07.331 Service scanning
22:08:40.793 Modules scanning
22:08:50.246 Disk 0 trace - called modules:
22:08:50.262
22:08:51.697 AVAST engine scan C:\Windows
22:08:55.706 AVAST engine scan C:\Windows\system32
22:13:25.045 AVAST engine scan C:\Windows\system32\drivers
22:13:45.388 AVAST engine scan C:\Users\Kirk
22:29:52.544 AVAST engine scan C:\ProgramData
22:34:58.493 Scan finished successfully
22:37:21.857 Disk 0 MBR has been saved successfully to "C:\Users\Kirk\Desktop\MBR.dat"
22:37:21.857 The log file has been saved successfully to "C:\Users\Kirk\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:57 PM

Posted 26 November 2012 - 07:11 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Darkumas

Darkumas
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 26 November 2012 - 09:02 AM

There were no issues running the scan. The computer is going good so far.


ComboFix 12-11-26.01 - Kirk 11/26/2012 8:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1544 [GMT -5:00]
Running from: c:\users\Kirk\Desktop\ComboFix.exe
Command switches used :: c:\users\Kirk\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Version.dll was found and disinfected
Restored copy from - c:\windows\erdnt\cache\version.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-10-26 to 2012-11-26 )))))))))))))))))))))))))))))))
.
.
2012-11-26 13:31 . 2012-11-26 13:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-20 00:24 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-20 00:23 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 13:28 . 2012-10-15 02:41 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-29 11:27 . 2012-10-15 02:40 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-15 02:40 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Kirk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Kirk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Kirk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Kirk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 3810304]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\Kirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kirk\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-10-16 5958256]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-2-22 50688]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-22 05:51 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 04:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4080317293-2241603063-2931841048-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4080317293-2241603063-2931841048-1000Core.job
- c:\users\Kirk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-02 01:09]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4080317293-2241603063-2931841048-1000UA.job
- c:\users\Kirk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-02 01:09]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-26 08:42
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3652)
c:\users\Kirk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Norton Security Suite\Engine\5.2.2.3\buShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft\BingBar\BBSvc.EXE
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe
c:\windows\system32\DllHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-11-26 08:44:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-26 13:44
ComboFix2.txt 2012-11-25 23:50
.
Pre-Run: 60,826,562,560 bytes free
Post-Run: 60,786,118,656 bytes free
.
- - End Of File - - E5667F31B3C03F8AF31368F903A6A175

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:57 PM

Posted 26 November 2012 - 04:37 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Bing Bar
Java™ 6 Update 7
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Darkumas

Darkumas
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 26 November 2012 - 05:30 PM

I will be posting the logs in an other reply. I wanted to let you know that so far Java would not install. It says the file is corrupt. Any advice?

#13 Darkumas

Darkumas
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 26 November 2012 - 05:45 PM

The logs are below. As mentioned I have not yet been able to install Java. The error I get when trying to install is C:\Users\Kirk\AppData\LocalLow\Sun\Java\jre1.7.0_09\java_sp.dll is corrupt. Hope that helps


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.26.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Kirk :: INSPIRON1525 [administrator]

11/26/2012 5:29:53 PM
mbam-log-2012-11-26 (17-29-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208039
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:43:04 PM, on 11/26/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~1\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\PROGRA~1\Dell\DellDock\DellDock.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Kirk\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.12.1012.1\NativeBHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe /s
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\Kirk\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Constant Guard.lnk = C:\Program Files\Constant Guard Protection Suite\IDVault.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7652 bytes

Edited by Darkumas, 26 November 2012 - 06:08 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:57 PM

Posted 26 November 2012 - 09:05 PM

:Run JavaRa

  • Please download JavaRa and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Darkumas

Darkumas
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 26 November 2012 - 09:22 PM

I ran JavaRa. Not sure if you wanted me to post the logfile. It is below just in case.


JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Nov 26 21:18:52 2012

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: JavaScript1.2 Author

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Classes\JavaPlugin.160_07

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

------------------------------------

Finished reporting.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users