Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer issues)multiple) Slow, Freezes, cant drag icons without it de


  • This topic is locked This topic is locked

#1
AFWaggle

AFWaggle

    Member

  • Member
  • PipPip
  • 19 posts
There are plenty of issues going on with my computer at the moment. Its very slow, when i drag an icon to put it somewhere it deselects and drops it almost instantly. programs tend to freeze a lot. Internet crashes a lot. I cant defrag the computer because it freezes. my computer has comcasts nortons firewall &security suite + I used stinger and spybot search and destroy and none of these can detect anything. Any suggestions? Thanks so much :)

here's the OTL

OTL logfile created on: 10/25/2012 3:52:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 33.91% Memory free
6.19 Gb Paging File | 3.80 Gb Available in Paging File | 61.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.84 Gb Total Space | 48.86 Gb Free Space | 22.43% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.27 Gb Free Space | 68.50% Space Free | Partition Type: NTFS
Drive G: | 465.70 Gb Total Space | 91.40 Gb Free Space | 19.63% Space Free | Partition Type: FAT32

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/10/09 15:50:16 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/09/20 17:55:05 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/30 07:04:24 | 000,062,064 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2012/08/30 07:04:22 | 005,965,936 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVault.exe
PRC - [2012/06/11 16:22:16 | 000,425,040 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BingBar.exe
PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2011/07/05 10:24:06 | 000,395,528 | ---- | M] (StrikeForce Technologies Inc.) -- C:\Program Files\SFT\GuardedID\GIDD.exe
PRC - [2011/06/01 09:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 09:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 09:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2010/03/06 05:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/30 13:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/13 21:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/07/15 09:12:48 | 001,226,024 | ---- | M] (Stardock Corporation) -- C:\Program Files\DELL\DellDock\DellDock.exe
PRC - [2008/05/08 19:36:10 | 002,166,784 | ---- | M] () -- C:\Windows\System32\MediaButtons.exe
PRC - [2008/05/08 19:35:14 | 000,229,376 | ---- | M] (TODO: <Company name>) -- C:\Windows\System32\TestUnitReady.exe
PRC - [2008/05/02 12:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\DELL\DellDock\DockLogin.exe
PRC - [2008/04/29 21:00:52 | 001,384,506 | ---- | M] (DELL COMPUTER INC.) -- C:\Windows\System32\DELLOSD.exe
PRC - [2008/04/16 02:55:24 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/04/16 02:55:22 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/03/04 07:37:18 | 001,017,240 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\DELL\DellComms\gs_agent\bcont.exe
PRC - [2008/03/04 07:37:18 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\DELL\DellComms\bin\sprtsvc.exe
PRC - [2008/03/04 07:37:16 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\DELL\DellComms\bin\sprtcmd.exe
PRC - [2008/01/14 08:13:02 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files\DELL\MediaDirect\PCMService.exe
PRC - [2007/03/15 18:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/09 15:50:16 | 009,814,968 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/09/20 17:55:04 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/08/30 07:04:23 | 000,104,048 | ---- | M] () -- C:\Program Files\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll
MOD - [2012/08/30 07:01:11 | 000,548,040 | ---- | M] () -- C:\Program Files\Constant Guard Protection Suite\sqlite3.dll
MOD - [2012/06/17 03:46:00 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll
MOD - [2012/06/17 03:45:56 | 001,356,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\f26b580d09e9a6805ad7ad56ce4e44b0\System.WorkflowServices.ni.dll
MOD - [2012/06/17 03:43:24 | 015,881,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\35d5c990de9a4f3960faa37e2cc1f50f\MenuSkinning.ni.dll
MOD - [2012/06/17 03:43:09 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012/06/17 03:43:08 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll
MOD - [2012/06/17 03:43:05 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/17 03:42:41 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\1802136e1ae5bc81fb17204ea694bc00\VistaBridgeLibrary.ni.dll
MOD - [2012/06/17 03:42:40 | 002,261,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\e510ac58495dd599fac0176a996c793b\DellDock.ni.exe
MOD - [2012/06/17 03:42:38 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\d47ab8d1043612fbc28fd67ff61e15cb\MyDock.Util.ni.dll
MOD - [2012/06/17 03:40:45 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/17 03:40:33 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/17 03:39:56 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/17 03:38:30 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/20 18:49:10 | 001,705,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\6546e0f4253ce30900e5ff902672a8bc\System.ServiceModel.Web.ni.dll
MOD - [2012/05/20 18:45:26 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll
MOD - [2012/05/20 18:45:24 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll
MOD - [2012/05/20 18:45:20 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll
MOD - [2012/05/20 18:45:19 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll
MOD - [2012/05/20 18:41:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/20 18:41:28 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5fd0071c259b92078ced7cd752a14730\UIAutomationProvider.ni.dll
MOD - [2012/05/20 18:41:17 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/20 18:40:54 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\442135bc0b503b42ab2d752c23bea631\System.Security.ni.dll
MOD - [2012/05/20 18:40:50 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/20 18:40:42 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
MOD - [2012/05/20 18:38:34 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/20 18:37:25 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012/05/20 18:37:02 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/20 18:36:00 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/20 18:35:56 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/20 18:35:39 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/01 09:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 09:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 09:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 09:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2009/08/16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/06/12 15:32:16 | 000,104,456 | ---- | M] () -- C:\Windows\System32\EasyHook32.dll
MOD - [2009/03/29 21:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/05/08 19:36:10 | 002,166,784 | ---- | M] () -- C:\Windows\System32\MediaButtons.exe


========== Services (SafeList) ==========

SRV - [2012/10/09 15:50:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/20 17:55:04 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/11 03:00:23 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)
SRV - [2012/08/30 07:04:24 | 000,062,064 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/01 09:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/04/30 13:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/08/13 21:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/05/02 12:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\DELL\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/04/16 02:55:22 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/03/04 07:37:18 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms)
SRV - [2008/02/04 08:26:48 | 000,062,768 | R--- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe -- (PavPrSrv)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Boot | Stopped] -- system32\Drivers\pavboot.sys -- (pavboot)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/10/05 11:23:26 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121005.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/09/12 19:04:03 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121025.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/09/12 19:04:02 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121025.001\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/06 04:54:30 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121024.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/08 22:43:15 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/08 22:43:15 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/05 10:24:24 | 000,025,232 | ---- | M] (StrikeForce Technologies, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\gidv2.sys -- (GIDv2)
DRV - [2011/06/19 15:38:20 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 18:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symtdiv.sys -- (SYMTDIv)
DRV - [2011/03/30 20:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 20:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/14 19:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/26 23:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symds.sys -- (SymDS)
DRV - [2010/11/15 18:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON)
DRV - [2009/04/30 19:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009/04/30 13:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/07/21 17:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2008/05/08 04:29:38 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/04/24 02:38:38 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/16 02:37:44 | 000,014,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DLACPI.sys -- (DLXPDisplayName)
DRV - [2008/03/04 06:59:42 | 000,041,144 | R--- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2008/02/07 03:03:08 | 000,179,640 | R--- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PavProc.sys -- (PavProc)
DRV - [2008/01/20 19:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/11/17 02:42:48 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=0080920
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=14196
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{07755523-8198-434B-B904-BA41908E2E8C}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{52718644-671A-4417-9122-21692FD696F1}: "URL" = http://search.yahoo....1146,6901,0,8,0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7DKUS_en
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...22&geo=US&ver=5
IE - HKCU\..\SearchScopes\{CFAE5CDD-9CAB-44FA-A3BB-3DD4ABF2BE39}: "URL" = http://websearch.ask...61-C2C76E6DAE3D
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.15.1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {991A772A-BA13-4c1d-A9EF-F897F31DEC7D}:3.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\user\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\user\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/05/09 17:00:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/17 04:38:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012/10/11 03:25:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/20 17:55:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/17 11:56:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/20 17:55:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/17 11:56:50 | 000,000,000 | ---D | M]

[2009/07/09 10:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2009/06/11 11:45:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/10/22 21:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\krw19351.default\extensions
[2010/05/09 18:30:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\krw19351.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/07 23:08:46 | 000,000,000 | ---D | M] ("Megaupload Toolbar") -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\krw19351.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2012/08/27 15:56:58 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\krw19351.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/08/15 19:25:36 | 000,002,568 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\krw19351.default\searchplugins\askcom.xml
[2011/06/29 13:17:46 | 000,002,468 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\krw19351.default\searchplugins\safesearch.xml
[2012/09/12 22:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/12 11:57:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/10 08:10:03 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/09/20 17:55:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/15 19:30:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/20 17:55:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/20 17:55:01 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No CLSID value found.
O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.12.829.1\NativeBHO.dll (WhiteSky)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DellComms] C:\Program Files\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DellOSD] C:\Windows\System32\MediaButtons.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe (StrikeForce Technologies Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F1F98EE-89F8-4F06-B01A-8CF76CED90A3}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CC8FF96-03AA-4F41-9F63-7CDBD041BB39}: DhcpNameServer = 68.87.69.150 68.87.85.102 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{76d56864-4f19-11e0-950d-0021701d4514}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{76d56864-4f19-11e0-950d-0021701d4514}\Shell\Install\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/25 15:51:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/10/18 23:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/10/18 23:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/10/18 23:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/10/18 23:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/10/18 23:02:23 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012/10/18 22:59:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/10 16:35:09 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/10 16:35:09 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/10/10 16:34:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/08 13:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ILLUSION
[2012/10/08 13:36:07 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2012/10/08 13:36:04 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2012/10/08 13:33:25 | 000,000,000 | ---D | C] -- C:\ILLUSION
[2012/10/08 13:32:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\InstallShield
[2010/11/12 20:52:48 | 001,228,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\user\Photoshop_12_LS1.exe
[2009/11/09 18:48:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\user\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/10/25 15:51:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/10/25 15:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/25 15:48:11 | 000,077,312 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/25 15:39:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/25 00:42:28 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/25 00:42:28 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/24 20:01:13 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/24 20:01:13 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/24 20:00:05 | 000,076,720 | ---- | M] () -- C:\SeagateAdapter
[2012/10/18 23:12:16 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/10/09 15:50:16 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 15:50:16 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/10/18 23:12:15 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/11 10:06:16 | 000,042,228 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2011/06/19 14:08:24 | 000,000,905 | ---- | C] () -- C:\Users\user\Norton Installation Files.lnk
[2011/03/19 23:24:16 | 000,014,976 | ---- | C] () -- C:\Windows\System32\drivers\SBKUPNT.SYS
[2011/03/19 23:24:16 | 000,013,312 | ---- | C] () -- C:\Windows\System32\DEVLOAD.EXE
[2011/03/19 23:24:09 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2011/02/22 23:01:04 | 000,000,984 | ---- | C] () -- C:\Users\user\Poem 1.rtf
[2010/11/28 11:10:34 | 000,010,646 | ---- | C] () -- C:\Users\user\.recently-used.xbel
[2010/11/26 10:35:23 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Automatic Filter
[2010/11/26 10:35:23 | 000,000,268 | RH-- | C] () -- C:\Users\user\AppData\Roaming\Audio
[2010/11/26 10:35:23 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010/11/26 10:35:23 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Flowers
[2010/11/26 10:35:21 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Automator
[2010/11/26 10:35:21 | 000,000,268 | RH-- | C] () -- C:\Users\user\AppData\Roaming\Audio Unit Effect
[2010/11/26 10:35:21 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Folder Actions Handlers
[2010/11/26 10:14:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010/11/26 10:00:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Static Library
[2010/11/26 10:00:42 | 000,000,268 | RH-- | C] () -- C:\Users\user\AppData\Roaming\Sports
[2010/11/26 10:00:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/11/26 09:58:52 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Standard Tool
[2010/11/26 09:58:52 | 000,000,268 | RH-- | C] () -- C:\Users\user\AppData\Roaming\Specifications
[2010/11/26 09:58:52 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/05/06 20:18:56 | 000,001,069 | ---- | C] () -- C:\Users\user\My poem to Caiden.rtf
[2009/11/24 22:59:08 | 000,001,624 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2009/11/18 22:02:02 | 000,008,248 | ---- | C] () -- C:\Users\user\AppData\Local\en.ini
[2009/11/09 18:56:40 | 000,000,671 | ---- | C] () -- C:\Users\user\AppData\Roaming\vso_ts_preview.xml
[2009/11/09 18:48:33 | 000,087,608 | ---- | C] () -- C:\Users\user\AppData\Roaming\inst.exe
[2009/11/09 18:48:33 | 000,007,887 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.cat
[2009/11/09 18:48:33 | 000,001,144 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.inf
[2009/08/06 09:13:22 | 000,000,034 | ---- | C] () -- C:\Users\user\jagex_runescape_preferences.dat
[2009/07/07 09:34:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/21 06:47:22 | 000,005,972 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/06/08 19:01:18 | 000,077,312 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Edited by AFWaggle, 25 October 2012 - 05:35 PM.

  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
AFWaggle

AFWaggle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hey,
Thank you for the help. Here are the Logs.

Results of screen317's Security Check version 0.99.53
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 31
Java™ 6 Update 5
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox 15.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````






# AdwCleaner v2.005 - Logfile created 10/27/2012 at 12:55:12
# Updated 14/10/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : user - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\user\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\uTorrentBar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8373EB9D-849B-45EC-A36C-174603C71BAC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8373EB9D-849B-45EC-A36C-174603C71BAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C0701E3-1F33-4955-9C4C-48FC50459F38}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8373EB9D-849B-45EC-A36C-174603C71BAC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\Software\uTorrentBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/?l=dis&o=14196 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (en-US)

-\\ Google Chrome v [Unable to get version]

*************************

AdwCleaner[S1].txt - [3304 octets] - [27/10/2012 12:55:12]

########## EOF - C:\AdwCleaner[S1].txt - [3364 octets] ##########








RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Remove -- Date : 10/27/2012 13:17:09

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SHELL][BLPATH] [ON_D:]HKLM\Software[...]\Winlogon : Shell (cmd.exe /k start cmd.exe) -> REPLACED (Explorer.exe)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x824B165D -> HOOKED (Unknown @ 0x879014E0)
SSDT[14] : NtAlertThread @ 0x8242A295 -> HOOKED (Unknown @ 0x879015C0)
SSDT[18] : NtAllocateVirtualMemory @ 0x8246654B -> HOOKED (Unknown @ 0x87901F38)
SSDT[21] : NtAlpcConnectPort @ 0x8240888B -> HOOKED (Unknown @ 0x8765F850)
SSDT[42] : NtAssignProcessToJobObject @ 0x823DBB47 -> HOOKED (Unknown @ 0x87902C88)
SSDT[67] : NtCreateMutant @ 0x8243E862 -> HOOKED (Unknown @ 0x87901230)
SSDT[77] : NtCreateSymbolicLinkObject @ 0x823DE35E -> HOOKED (Unknown @ 0x879029A8)
SSDT[78] : NtCreateThread @ 0x824AFC74 -> HOOKED (Unknown @ 0x87900408)
SSDT[116] : NtDebugActiveProcess @ 0x82482D78 -> HOOKED (Unknown @ 0x87902D68)
SSDT[129] : NtDuplicateObject @ 0x82416581 -> HOOKED (Unknown @ 0x87900110)
SSDT[147] : NtFreeVirtualMemory @ 0x822A2F1D -> HOOKED (Unknown @ 0x87901CF0)
SSDT[156] : NtImpersonateAnonymousToken @ 0x823D8F16 -> HOOKED (Unknown @ 0x87901320)
SSDT[158] : NtImpersonateThread @ 0x823EE553 -> HOOKED (Unknown @ 0x87901400)
SSDT[165] : NtLoadDriver @ 0x82389DEE -> HOOKED (Unknown @ 0x8772E9C8)
SSDT[177] : NtMapViewOfSection @ 0x8242E8DA -> HOOKED (Unknown @ 0x87901BF0)
SSDT[184] : NtOpenEvent @ 0x82417DFF -> HOOKED (Unknown @ 0x87901150)
SSDT[194] : NtOpenProcess @ 0x8243EFFE -> HOOKED (Unknown @ 0x879002F0)
SSDT[195] : NtOpenProcessToken @ 0x8241FA60 -> HOOKED (Unknown @ 0x87901008)
SSDT[197] : NtOpenSection @ 0x8242F6AD -> HOOKED (Unknown @ 0x87902F90)
SSDT[201] : NtOpenThread @ 0x8243A54F -> HOOKED (Unknown @ 0x87900200)
SSDT[210] : NtProtectVirtualMemory @ 0x82438332 -> HOOKED (Unknown @ 0x87902B98)
SSDT[282] : NtResumeThread @ 0x82439B9A -> HOOKED (Unknown @ 0x879016A0)
SSDT[289] : NtSetContextThread @ 0x824B110B -> HOOKED (Unknown @ 0x87901940)
SSDT[305] : NtSetInformationProcess @ 0x82432908 -> HOOKED (Unknown @ 0x87901A20)
SSDT[317] : NtSetSystemInformation @ 0x82404EEF -> HOOKED (Unknown @ 0x87902E48)
SSDT[330] : NtSuspendProcess @ 0x824B1597 -> HOOKED (Unknown @ 0x87901070)
SSDT[331] : NtSuspendThread @ 0x823B892D -> HOOKED (Unknown @ 0x87901780)
SSDT[334] : NtTerminateProcess @ 0x8240F173 -> HOOKED (Unknown @ 0x879004E8)
SSDT[335] : NtTerminateThread @ 0x8243A584 -> HOOKED (Unknown @ 0x87901860)
SSDT[348] : NtUnmapViewOfSection @ 0x8242EB9D -> HOOKED (Unknown @ 0x87901B10)
SSDT[358] : NtWriteVirtualMemory @ 0x8242B96D -> HOOKED (Unknown @ 0x87901DE0)
SSDT[382] : NtCreateThreadEx @ 0x8243A039 -> HOOKED (Unknown @ 0x87902A98)
S_SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x86F459E0)
S_SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x865517E8)
S_SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x87976090)
S_SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x87FDB108)
S_SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x86582CE0)
S_SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x87FD7690)
S_SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x8791C138)
S_SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x87FD7760)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x880A3488)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x86581DD0)

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVT-75ZCT2 ATA Device +++++
--- User ---
[MBR] 21b02e2d99b3087a06acb8dd0f0c3c29
[BSP] 1443d842b4cab0996f235e857ef3b6bd : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31555584 | Size: 223066 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello AFWaggle

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#7
AFWaggle

AFWaggle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Sorry, I'm stuck in the hospital for my son, I'lll be home tomorrow to post the log.
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
no problem and thanks for letting me know and if you need more time just ask



gringo
  • 0

#9
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#10
AFWaggle

AFWaggle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
sorry, i thought i posted it. here ya go

ComboFix 12-11-04.01 - user 11/04/2012 14:35:32.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1389 [GMT -8:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-04 to 2012-11-04 )))))))))))))))))))))))))))))))
.
.
2012-11-04 22:45 . 2012-11-04 22:45 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-11-04 22:45 . 2012-11-04 22:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-04 10:02 . 2012-11-04 10:02 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-11-04 10:02 . 2012-11-04 10:02 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-11-04 10:02 . 2012-11-04 10:02 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-11-04 10:02 . 2012-11-04 10:02 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-11-04 10:02 . 2012-11-04 10:02 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-11-04 10:02 . 2012-11-04 10:02 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-11-04 10:02 . 2012-11-04 10:02 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-11-04 10:02 . 2012-11-04 10:02 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-11-04 10:02 . 2012-11-04 10:02 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-11-04 10:01 . 2012-11-04 10:01 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-11-04 10:01 . 2012-11-04 10:01 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-11-04 10:01 . 2012-11-04 10:01 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-11-04 10:01 . 2012-11-04 10:01 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-11-04 10:01 . 2012-11-04 10:01 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-11-04 10:01 . 2012-11-04 10:01 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-11-04 10:01 . 2012-11-04 10:01 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-11-04 10:01 . 2012-11-04 10:01 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-11-02 17:06 . 2012-11-02 17:06 -------- d-----w- c:\windows\LastGood
2012-10-19 06:12 . 2012-08-21 20:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-19 06:10 . 2012-10-19 06:10 -------- d-----w- c:\program files\iPod
2012-10-19 06:10 . 2012-10-19 06:12 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-10-19 06:10 . 2012-10-19 06:12 -------- d-----w- c:\program files\iTunes
2012-10-10 23:35 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 23:35 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 23:35 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 23:35 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 23:35 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 23:35 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 23:34 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-08 20:33 . 2012-10-08 20:33 -------- d-----w- C:\ILLUSION
2012-10-08 20:32 . 2012-10-08 20:32 -------- d-----w- c:\users\user\AppData\Roaming\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 22:50 . 2012-04-24 00:39 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 22:50 . 2011-05-16 01:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 06:59 . 2012-09-22 10:02 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-22 10:02 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-22 10:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 10:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 10:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-22 10:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-21 20:01 . 2010-04-04 06:54 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-09-21 00:55 . 2011-05-06 17:43 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-06-08 880528]
"Akamai NetSession Interface"="c:\users\user\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-16 5296128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-25 141848]
"DellOSD"="c:\windows\System32\MediaButtons.exe" [2008-05-09 2166784]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"DellComms"="c:\program files\Dell\DellComms\bin\sprtcmd.exe" [2008-03-04 202544]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\DELL\DellDock\DellDock.exe [2008-7-15 1226024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-8-30 5965936]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\DELL\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 06:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-06-02 12:59 5451536 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 14:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 06:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2009-09-16 02:47 479232 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 19:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 17:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 22:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\krw19351.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - ExtSQL: !HIDDEN! 2009-09-02 05:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-04 14:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b5e8a4c.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-11-04 14:48:32
ComboFix-quarantined-files.txt 2012-11-04 22:48
ComboFix2.txt 2012-10-27 22:55
.
Pre-Run: 60,081,025,024 bytes free
Post-Run: 59,738,435,584 bytes free
.
- - End Of File - - 168295BE4AA95AD8B79EC4EA43D64E96
  • 0

Advertisements


#11
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#12
AFWaggle

AFWaggle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
22:28:30.0321 0708 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:28:31.0211 0708 ============================================================
22:28:31.0211 0708 Current date / time: 2012/11/06 22:28:31.0211
22:28:31.0211 0708 SystemInfo:
22:28:31.0211 0708
22:28:31.0211 0708 OS Version: 6.0.6002 ServicePack: 2.0
22:28:31.0211 0708 Product type: Workstation
22:28:31.0211 0708 ComputerName: USER-PC
22:28:31.0211 0708 UserName: user
22:28:31.0211 0708 Windows directory: C:\Windows
22:28:31.0211 0708 System windows directory: C:\Windows
22:28:31.0211 0708 Processor architecture: Intel x86
22:28:31.0211 0708 Number of processors: 2
22:28:31.0211 0708 Page size: 0x1000
22:28:31.0211 0708 Boot type: Normal boot
22:28:31.0211 0708 ============================================================
22:28:33.0536 0708 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:28:33.0598 0708 Drive \Device\Harddisk1\DR1 - Size: 0x75400000 (1.83 Gb), SectorSize: 0x200, Cylinders: 0xEF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:28:33.0598 0708 ============================================================
22:28:33.0598 0708 \Device\Harddisk0\DR0:
22:28:33.0598 0708 MBR partitions:
22:28:33.0598 0708 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1E00000
22:28:33.0598 0708 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E18000, BlocksNum 0x1B3AD000
22:28:33.0598 0708 \Device\Harddisk1\DR1:
22:28:33.0598 0708 MBR partitions:
22:28:33.0598 0708 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x89, BlocksNum 0x3A9F77
22:28:33.0598 0708 ============================================================
22:28:33.0676 0708 C: <-> \Device\Harddisk0\DR0\Partition2
22:28:33.0754 0708 D: <-> \Device\Harddisk0\DR0\Partition1
22:28:33.0754 0708 ============================================================
22:28:33.0754 0708 Initialize success
22:28:33.0754 0708 ============================================================
22:28:43.0738 5188 ============================================================
22:28:43.0738 5188 Scan started
22:28:43.0738 5188 Mode: Manual;
22:28:43.0738 5188 ============================================================
22:28:45.0111 5188 ================ Scan system memory ========================
22:28:45.0111 5188 System memory - ok
22:28:45.0111 5188 ================ Scan services =============================
22:28:45.0298 5188 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
22:28:45.0298 5188 ACPI - ok
22:28:45.0376 5188 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:28:45.0392 5188 AdobeFlashPlayerUpdateSvc - ok
22:28:45.0438 5188 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:28:45.0438 5188 adp94xx - ok
22:28:45.0485 5188 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:28:45.0485 5188 adpahci - ok
22:28:45.0501 5188 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
22:28:45.0501 5188 adpu160m - ok
22:28:45.0532 5188 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:28:45.0532 5188 adpu320 - ok
22:28:45.0579 5188 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:28:45.0579 5188 AeLookupSvc - ok
22:28:45.0626 5188 [ B6D7239E7AF6D1B64C790A28067DC6E5 ] AERTFilters C:\Windows\system32\AERTSrv.exe
22:28:45.0626 5188 AERTFilters - ok
22:28:45.0688 5188 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
22:28:45.0704 5188 AFD - ok
22:28:45.0750 5188 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:28:45.0750 5188 agp440 - ok
22:28:46.0016 5188 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:28:46.0016 5188 aic78xx - ok
22:28:46.0328 5188 [ E1B1F152C4E82C85E846D25C9E6E6CC8 ] Akamai c:\program files\common files\akamai/netsession_win_b5e8a4c.dll
22:28:46.0328 5188 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_b5e8a4c.dll. md5: E1B1F152C4E82C85E846D25C9E6E6CC8
22:28:46.0343 5188 Akamai ( HiddenFile.Multi.Generic ) - warning
22:28:46.0343 5188 Akamai - detected HiddenFile.Multi.Generic (1)
22:28:46.0390 5188 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
22:28:46.0390 5188 ALG - ok
22:28:46.0437 5188 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
22:28:46.0437 5188 aliide - ok
22:28:46.0468 5188 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:28:46.0468 5188 amdagp - ok
22:28:46.0499 5188 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
22:28:46.0499 5188 amdide - ok
22:28:46.0530 5188 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
22:28:46.0530 5188 AmdK7 - ok
22:28:46.0562 5188 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:28:46.0562 5188 AmdK8 - ok
22:28:46.0593 5188 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
22:28:46.0608 5188 Appinfo - ok
22:28:46.0671 5188 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:28:46.0671 5188 Apple Mobile Device - ok
22:28:46.0733 5188 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
22:28:46.0733 5188 arc - ok
22:28:46.0764 5188 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:28:46.0764 5188 arcsas - ok
22:28:46.0796 5188 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:28:46.0796 5188 AsyncMac - ok
22:28:46.0827 5188 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
22:28:46.0842 5188 atapi - ok
22:28:46.0889 5188 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:28:46.0905 5188 AudioEndpointBuilder - ok
22:28:46.0936 5188 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:28:46.0936 5188 Audiosrv - ok
22:28:47.0108 5188 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
22:28:47.0108 5188 BBSvc - ok
22:28:47.0170 5188 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
22:28:47.0170 5188 BBUpdate - ok
22:28:47.0217 5188 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
22:28:47.0217 5188 Beep - ok
22:28:47.0279 5188 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
22:28:47.0295 5188 BFE - ok
22:28:47.0498 5188 [ 684B12018A54ADC1F856372EC5762B48 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx86.sys
22:28:47.0544 5188 BHDrvx86 - ok
22:28:47.0638 5188 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
22:28:47.0669 5188 BITS - ok
22:28:47.0732 5188 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:28:47.0732 5188 blbdrive - ok
22:28:47.0825 5188 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:28:47.0825 5188 Bonjour Service - ok
22:28:47.0872 5188 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:28:47.0872 5188 bowser - ok
22:28:47.0903 5188 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
22:28:47.0903 5188 BrFiltLo - ok
22:28:47.0934 5188 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
22:28:47.0950 5188 BrFiltUp - ok
22:28:47.0981 5188 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
22:28:47.0981 5188 Browser - ok
22:28:47.0997 5188 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
22:28:48.0012 5188 Brserid - ok
22:28:48.0028 5188 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
22:28:48.0044 5188 BrSerWdm - ok
22:28:48.0059 5188 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
22:28:48.0059 5188 BrUsbMdm - ok
22:28:48.0090 5188 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
22:28:48.0090 5188 BrUsbSer - ok
22:28:48.0122 5188 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:28:48.0122 5188 BTHMODEM - ok
22:28:48.0480 5188 catchme - ok
22:28:48.0496 5188 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:28:48.0512 5188 cdfs - ok
22:28:48.0543 5188 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:28:48.0543 5188 cdrom - ok
22:28:48.0590 5188 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
22:28:48.0590 5188 CertPropSvc - ok
22:28:48.0621 5188 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
22:28:48.0621 5188 circlass - ok
22:28:48.0668 5188 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
22:28:48.0668 5188 CLFS - ok
22:28:48.0761 5188 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:28:48.0777 5188 clr_optimization_v2.0.50727_32 - ok
22:28:48.0870 5188 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:28:48.0870 5188 clr_optimization_v4.0.30319_32 - ok
22:28:48.0902 5188 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:28:48.0902 5188 cmdide - ok
22:28:48.0933 5188 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:28:48.0933 5188 Compbatt - ok
22:28:48.0948 5188 COMSysApp - ok
22:28:48.0964 5188 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:28:48.0964 5188 crcdisk - ok
22:28:48.0995 5188 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
22:28:48.0995 5188 Crusoe - ok
22:28:49.0058 5188 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:28:49.0073 5188 CryptSvc - ok
22:28:49.0137 5188 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:28:49.0152 5188 DcomLaunch - ok
22:28:49.0168 5188 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:28:49.0183 5188 DfsC - ok
22:28:49.0277 5188 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
22:28:49.0355 5188 DFSR - ok
22:28:49.0417 5188 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
22:28:49.0417 5188 Dhcp - ok
22:28:49.0449 5188 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
22:28:49.0449 5188 disk - ok
22:28:49.0495 5188 [ 251BE1D81CECB8A3AEF509631EA40522 ] DLXPDisplayName C:\Windows\system32\DRIVERS\DLACPI.sys
22:28:49.0495 5188 DLXPDisplayName - ok
22:28:49.0558 5188 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:28:49.0558 5188 Dnscache - ok
22:28:49.0636 5188 [ 13511564CAC5A005255765E322C16967 ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
22:28:49.0636 5188 DockLoginService - ok
22:28:49.0683 5188 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:28:49.0698 5188 dot3svc - ok
22:28:49.0745 5188 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
22:28:49.0761 5188 DPS - ok
22:28:49.0792 5188 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:28:49.0792 5188 drmkaud - ok
22:28:49.0870 5188 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:28:49.0901 5188 DXGKrnl - ok
22:28:49.0932 5188 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
22:28:49.0948 5188 e1express - ok
22:28:49.0995 5188 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
22:28:50.0010 5188 E1G60 - ok
22:28:50.0057 5188 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
22:28:50.0057 5188 EapHost - ok
22:28:50.0119 5188 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
22:28:50.0119 5188 Ecache - ok
22:28:50.0182 5188 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:28:50.0182 5188 eeCtrl - ok
22:28:50.0229 5188 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:28:50.0229 5188 ehRecvr - ok
22:28:50.0260 5188 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
22:28:50.0260 5188 ehSched - ok
22:28:50.0275 5188 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
22:28:50.0275 5188 ehstart - ok
22:28:50.0322 5188 [ 7EC42EC12A4BAC14BCCA99FB06F2D125 ] elagopro C:\Windows\system32\DRIVERS\elagopro.sys
22:28:50.0322 5188 elagopro - ok
22:28:50.0353 5188 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] elaunidr C:\Windows\system32\DRIVERS\elaunidr.sys
22:28:50.0353 5188 elaunidr - ok
22:28:50.0400 5188 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:28:50.0416 5188 elxstor - ok
22:28:50.0743 5188 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
22:28:50.0806 5188 EMDMgmt - ok
22:28:50.0868 5188 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:28:50.0868 5188 EraserUtilRebootDrv - ok
22:28:50.0884 5188 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:28:50.0884 5188 ErrDev - ok
22:28:50.0931 5188 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
22:28:50.0931 5188 EventSystem - ok
22:28:50.0993 5188 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
22:28:50.0993 5188 exfat - ok
22:28:51.0040 5188 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:28:51.0040 5188 fastfat - ok
22:28:51.0055 5188 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:28:51.0055 5188 fdc - ok
22:28:51.0087 5188 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
22:28:51.0087 5188 fdPHost - ok
22:28:51.0102 5188 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
22:28:51.0102 5188 FDResPub - ok
22:28:51.0133 5188 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:28:51.0133 5188 FileInfo - ok
22:28:51.0165 5188 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:28:51.0165 5188 Filetrace - ok
22:28:51.0180 5188 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:28:51.0180 5188 flpydisk - ok
22:28:51.0227 5188 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:28:51.0227 5188 FltMgr - ok
22:28:51.0321 5188 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
22:28:51.0367 5188 FontCache - ok
22:28:51.0430 5188 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:28:51.0430 5188 FontCache3.0.0.0 - ok
22:28:51.0477 5188 [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
22:28:51.0477 5188 fssfltr - ok
22:28:51.0601 5188 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
22:28:51.0617 5188 fsssvc - ok
22:28:51.0664 5188 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:28:51.0664 5188 Fs_Rec - ok
22:28:51.0695 5188 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:28:51.0695 5188 gagp30kx - ok
22:28:51.0726 5188 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:28:51.0726 5188 GEARAspiWDM - ok
22:28:51.0789 5188 [ 20F6C49E2C410FCD32D781F521579BF5 ] GIDv2 C:\Windows\system32\drivers\GIDv2.sys
22:28:51.0789 5188 GIDv2 - ok
22:28:51.0882 5188 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
22:28:51.0898 5188 gpsvc - ok
22:28:51.0960 5188 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:28:51.0976 5188 HDAudBus - ok
22:28:52.0007 5188 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:28:52.0007 5188 HidBth - ok
22:28:52.0038 5188 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
22:28:52.0038 5188 HidIr - ok
22:28:52.0085 5188 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
22:28:52.0085 5188 hidserv - ok
22:28:52.0116 5188 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:28:52.0116 5188 HidUsb - ok
22:28:52.0147 5188 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:28:52.0163 5188 hkmsvc - ok
22:28:52.0179 5188 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
22:28:52.0179 5188 HpCISSs - ok
22:28:52.0225 5188 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:28:52.0225 5188 HTTP - ok
22:28:52.0257 5188 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
22:28:52.0257 5188 i2omp - ok
22:28:52.0303 5188 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:28:52.0319 5188 i8042prt - ok
22:28:52.0350 5188 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
22:28:52.0350 5188 iaStorV - ok
22:28:52.0459 5188 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:28:52.0475 5188 IDriverT - ok
22:28:52.0553 5188 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:28:52.0584 5188 idsvc - ok
22:28:52.0693 5188 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121106.001\IDSvix86.sys
22:28:52.0693 5188 IDSVix86 - ok
22:28:53.0005 5188 [ 7A0E3B3E204816723D4B3FA255F4060F ] IDVaultSvc C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
22:28:53.0005 5188 IDVaultSvc - ok
22:28:53.0115 5188 [ 63C56DAC467EF814B60FF2AA2286C917 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
22:28:53.0177 5188 igfx - ok
22:28:53.0208 5188 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:28:53.0208 5188 iirsp - ok
22:28:53.0286 5188 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
22:28:53.0286 5188 IKEEXT - ok
22:28:53.0411 5188 [ 92BCC487F16892CDA495DBD8160272D9 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:28:53.0473 5188 IntcAzAudAddService - ok
22:28:53.0505 5188 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:28:53.0505 5188 intelide - ok
22:28:53.0551 5188 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:28:53.0551 5188 intelppm - ok
22:28:53.0598 5188 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:28:53.0598 5188 IPBusEnum - ok
22:28:53.0629 5188 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:28:53.0629 5188 IpFilterDriver - ok
22:28:53.0676 5188 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:28:53.0676 5188 iphlpsvc - ok
22:28:53.0692 5188 IpInIp - ok
22:28:53.0723 5188 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
22:28:53.0739 5188 IPMIDRV - ok
22:28:53.0754 5188 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
22:28:53.0754 5188 IPNAT - ok
22:28:53.0832 5188 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:28:53.0848 5188 iPod Service - ok
22:28:53.0879 5188 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:28:53.0879 5188 IRENUM - ok
22:28:53.0910 5188 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:28:53.0910 5188 isapnp - ok
22:28:53.0957 5188 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:28:53.0973 5188 iScsiPrt - ok
22:28:54.0004 5188 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
22:28:54.0004 5188 iteatapi - ok
22:28:54.0035 5188 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
22:28:54.0035 5188 iteraid - ok
22:28:54.0051 5188 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:28:54.0066 5188 kbdclass - ok
22:28:54.0113 5188 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:28:54.0113 5188 kbdhid - ok
22:28:54.0160 5188 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
22:28:54.0160 5188 KeyIso - ok
22:28:54.0222 5188 [ CD6A8FA9395460FFE7FD8881A6C67254 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
22:28:54.0222 5188 kl1 - ok
22:28:54.0300 5188 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:28:54.0316 5188 KSecDD - ok
22:28:54.0363 5188 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
22:28:54.0378 5188 KtmRm - ok
22:28:54.0425 5188 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
22:28:54.0441 5188 LanmanServer - ok
22:28:54.0472 5188 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:28:54.0487 5188 LanmanWorkstation - ok
22:28:54.0550 5188 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:28:54.0550 5188 lltdio - ok
22:28:54.0597 5188 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:28:54.0612 5188 lltdsvc - ok
22:28:54.0643 5188 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:28:54.0643 5188 lmhosts - ok
22:28:54.0690 5188 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:28:54.0690 5188 LSI_FC - ok
22:28:54.0706 5188 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:28:54.0721 5188 LSI_SAS - ok
22:28:54.0768 5188 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:28:54.0784 5188 LSI_SCSI - ok
22:28:54.0799 5188 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
22:28:54.0815 5188 luafv - ok
22:28:54.0877 5188 [ C57C48FB9AE3EFB9848AF594E3123A63 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
22:28:54.0877 5188 LVPr2Mon - ok
22:28:54.0987 5188 [ 5C7B88695CE461D8BDA4FE0C0E57E71D ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
22:28:54.0987 5188 LVPrcSrv - ok
22:28:55.0033 5188 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:28:55.0033 5188 Mcx2Svc - ok
22:28:55.0080 5188 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
22:28:55.0096 5188 megasas - ok
22:28:55.0345 5188 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
22:28:55.0361 5188 MegaSR - ok
22:28:55.0377 5188 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
22:28:55.0377 5188 MMCSS - ok
22:28:55.0392 5188 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
22:28:55.0392 5188 Modem - ok
22:28:55.0423 5188 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:28:55.0423 5188 monitor - ok
22:28:55.0439 5188 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:28:55.0439 5188 mouclass - ok
22:28:55.0455 5188 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:28:55.0455 5188 mouhid - ok
22:28:55.0486 5188 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
22:28:55.0486 5188 MountMgr - ok
22:28:55.0548 5188 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:28:55.0548 5188 MozillaMaintenance - ok
22:28:55.0579 5188 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
22:28:55.0595 5188 mpio - ok
22:28:55.0611 5188 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:28:55.0611 5188 mpsdrv - ok
22:28:55.0673 5188 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
22:28:55.0689 5188 MpsSvc - ok
22:28:55.0704 5188 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
22:28:55.0704 5188 Mraid35x - ok
22:28:55.0751 5188 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:28:55.0751 5188 MRxDAV - ok
22:28:55.0798 5188 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:28:55.0798 5188 mrxsmb - ok
22:28:55.0891 5188 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:28:55.0891 5188 mrxsmb10 - ok
22:28:55.0907 5188 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:28:55.0923 5188 mrxsmb20 - ok
22:28:55.0969 5188 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
22:28:55.0969 5188 msahci - ok
22:28:56.0001 5188 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:28:56.0001 5188 msdsm - ok
22:28:56.0032 5188 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
22:28:56.0032 5188 MSDTC - ok
22:28:56.0063 5188 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:28:56.0063 5188 Msfs - ok
22:28:56.0094 5188 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:28:56.0094 5188 msisadrv - ok
22:28:56.0125 5188 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:28:56.0141 5188 MSiSCSI - ok
22:28:56.0157 5188 msiserver - ok
22:28:56.0172 5188 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:28:56.0172 5188 MSKSSRV - ok
22:28:56.0203 5188 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:28:56.0203 5188 MSPCLOCK - ok
22:28:56.0219 5188 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:28:56.0235 5188 MSPQM - ok
22:28:56.0266 5188 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:28:56.0281 5188 MsRPC - ok
22:28:56.0328 5188 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:28:56.0328 5188 mssmbios - ok
22:28:56.0344 5188 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:28:56.0344 5188 MSTEE - ok
22:28:56.0375 5188 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
22:28:56.0391 5188 Mup - ok
22:28:56.0469 5188 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
22:28:56.0484 5188 N360 - ok
22:28:56.0531 5188 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
22:28:56.0547 5188 napagent - ok
22:28:56.0609 5188 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:28:56.0625 5188 NativeWifiP - ok
22:28:56.0749 5188 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121106.004\NAVENG.SYS
22:28:56.0765 5188 NAVENG - ok
22:28:56.0859 5188 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121106.004\NAVEX15.SYS
22:28:56.0921 5188 NAVEX15 - ok
22:28:56.0999 5188 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:28:57.0015 5188 NDIS - ok
22:28:57.0061 5188 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:28:57.0061 5188 NdisTapi - ok
22:28:57.0077 5188 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:28:57.0077 5188 Ndisuio - ok
22:28:57.0124 5188 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:28:57.0139 5188 NdisWan - ok
22:28:57.0155 5188 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:28:57.0155 5188 NDProxy - ok
22:28:57.0186 5188 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:28:57.0186 5188 NetBIOS - ok
22:28:57.0249 5188 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
22:28:57.0249 5188 netbt - ok
22:28:57.0280 5188 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
22:28:57.0295 5188 Netlogon - ok
22:28:57.0342 5188 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
22:28:57.0358 5188 Netman - ok
22:28:57.0373 5188 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
22:28:57.0389 5188 netprofm - ok
22:28:57.0436 5188 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:28:57.0436 5188 NetTcpPortSharing - ok
22:28:57.0467 5188 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:28:57.0467 5188 nfrd960 - ok
22:28:57.0701 5188 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:28:57.0701 5188 NlaSvc - ok
22:28:57.0732 5188 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:28:57.0732 5188 Npfs - ok
22:28:57.0748 5188 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
22:28:57.0763 5188 nsi - ok
22:28:57.0779 5188 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:28:57.0779 5188 nsiproxy - ok
22:28:57.0857 5188 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:28:57.0888 5188 Ntfs - ok
22:28:57.0904 5188 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
22:28:57.0904 5188 ntrigdigi - ok
22:28:57.0935 5188 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
22:28:57.0935 5188 Null - ok
22:28:57.0966 5188 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:28:57.0966 5188 nvraid - ok
22:28:57.0997 5188 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:28:57.0997 5188 nvstor - ok
22:28:58.0029 5188 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:28:58.0029 5188 nv_agp - ok
22:28:58.0044 5188 NwlnkFlt - ok
22:28:58.0060 5188 NwlnkFwd - ok
22:28:58.0122 5188 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:28:58.0122 5188 ohci1394 - ok
22:28:58.0169 5188 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
22:28:58.0200 5188 p2pimsvc - ok
22:28:58.0216 5188 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
22:28:58.0216 5188 p2psvc - ok
22:28:58.0247 5188 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
22:28:58.0247 5188 Parport - ok
22:28:58.0294 5188 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:28:58.0294 5188 partmgr - ok
22:28:58.0309 5188 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
22:28:58.0309 5188 Parvdm - ok
22:28:58.0341 5188 pavboot - ok
22:28:58.0372 5188 [ 05716F59417C3E058C6E36CF8DEC5676 ] PavProc C:\Windows\system32\DRIVERS\PavProc.sys
22:28:58.0372 5188 PavProc - ok
22:28:58.0419 5188 [ 2AE3F6B23448443BBEF5DE207159213B ] PavPrSrv C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
22:28:58.0419 5188 Suspicious file (Forged): C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe. Real md5: 2AE3F6B23448443BBEF5DE207159213B, Fake md5: A17B218FBB588604A7DF9A91137E3D84
22:28:58.0419 5188 PavPrSrv ( ForgedFile.Multi.Generic ) - warning
22:28:58.0419 5188 PavPrSrv - detected ForgedFile.Multi.Generic (1)
22:28:58.0434 5188 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
22:28:58.0450 5188 PcaSvc - ok
22:28:58.0497 5188 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
22:28:58.0497 5188 pci - ok
22:28:58.0528 5188 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
22:28:58.0528 5188 pciide - ok
22:28:58.0559 5188 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:28:58.0559 5188 pcmcia - ok
22:28:58.0621 5188 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
22:28:58.0621 5188 pcouffin - ok
22:28:58.0668 5188 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:28:58.0746 5188 PEAUTH - ok
22:28:58.0902 5188 [ DD184D9ADFE2A8A21741DBDFE9E22F5C ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V32.SYS
22:28:58.0980 5188 PID_PEPI - ok
22:28:59.0058 5188 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
22:28:59.0105 5188 pla - ok
22:28:59.0152 5188 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:28:59.0152 5188 PlugPlay - ok
22:28:59.0199 5188 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
22:28:59.0199 5188 PNRPAutoReg - ok
22:28:59.0230 5188 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
22:28:59.0230 5188 PNRPsvc - ok
22:28:59.0292 5188 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:28:59.0308 5188 PolicyAgent - ok
22:28:59.0323 5188 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:28:59.0323 5188 PptpMiniport - ok
22:28:59.0370 5188 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
22:28:59.0370 5188 Processor - ok
22:28:59.0417 5188 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
22:28:59.0417 5188 ProfSvc - ok
22:28:59.0433 5188 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:28:59.0433 5188 ProtectedStorage - ok
22:28:59.0464 5188 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
22:28:59.0479 5188 PSched - ok
22:28:59.0495 5188 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
22:28:59.0511 5188 PxHelp20 - ok
22:28:59.0573 5188 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:28:59.0604 5188 ql2300 - ok
22:28:59.0620 5188 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:28:59.0635 5188 ql40xx - ok
22:28:59.0667 5188 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
22:28:59.0682 5188 QWAVE - ok
22:28:59.0698 5188 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:28:59.0698 5188 QWAVEdrv - ok
22:28:59.0807 5188 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
22:28:59.0885 5188 R300 - ok
22:28:59.0916 5188 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:28:59.0916 5188 RasAcd - ok
22:28:59.0932 5188 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
22:28:59.0932 5188 RasAuto - ok
22:28:59.0947 5188 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:29:00.0166 5188 Rasl2tp - ok
22:29:00.0213 5188 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
22:29:00.0213 5188 RasMan - ok
22:29:00.0244 5188 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:29:00.0259 5188 RasPppoe - ok
22:29:00.0291 5188 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:29:00.0306 5188 RasSstp - ok
22:29:00.0353 5188 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:29:00.0353 5188 rdbss - ok
22:29:00.0384 5188 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:29:00.0384 5188 RDPCDD - ok
22:29:00.0431 5188 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
22:29:00.0431 5188 rdpdr - ok
22:29:00.0447 5188 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:29:00.0447 5188 RDPENCDD - ok
22:29:00.0493 5188 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:29:00.0509 5188 RDPWD - ok
22:29:00.0556 5188 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:29:00.0556 5188 RemoteAccess - ok
22:29:00.0603 5188 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:29:00.0603 5188 RemoteRegistry - ok
22:29:00.0634 5188 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
22:29:00.0634 5188 RpcLocator - ok
22:29:00.0681 5188 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\System32\rpcss.dll
22:29:00.0681 5188 RpcSs - ok
22:29:00.0696 5188 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:29:00.0696 5188 rspndr - ok
22:29:00.0743 5188 [ ABBE0F54BA3A378262C9CB86CF7D91F8 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
22:29:00.0743 5188 RTL8169 - ok
22:29:00.0790 5188 [ 7F8D15EE000577BE703537849D4F9397 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
22:29:00.0790 5188 RtNdPt60 - ok
22:29:00.0805 5188 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
22:29:00.0805 5188 SamSs - ok
22:29:00.0883 5188 [ 729248B54AFF21E740054ACEBFDBCB1C ] SBKUPNT C:\Windows\system32\Drivers\SBKUPNT.SYS
22:29:00.0883 5188 SBKUPNT - ok
22:29:00.0899 5188 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:29:00.0899 5188 sbp2port - ok
22:29:00.0946 5188 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:29:00.0961 5188 SCardSvr - ok
22:29:01.0024 5188 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
22:29:01.0039 5188 Schedule - ok
22:29:01.0055 5188 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:29:01.0055 5188 SCPolicySvc - ok
22:29:01.0086 5188 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:29:01.0086 5188 SDRSVC - ok
22:29:01.0149 5188 [ 16B44D246835EAC156F8DAF0AA4F530C ] SeagateDashboardService C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
22:29:01.0149 5188 SeagateDashboardService - ok
22:29:01.0164 5188 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:29:01.0164 5188 secdrv - ok
22:29:01.0180 5188 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
22:29:01.0195 5188 seclogon - ok
22:29:01.0211 5188 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
22:29:01.0211 5188 SENS - ok
22:29:01.0242 5188 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
22:29:01.0242 5188 Serenum - ok
22:29:01.0273 5188 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
22:29:01.0273 5188 Serial - ok
22:29:01.0289 5188 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:29:01.0289 5188 sermouse - ok
22:29:01.0336 5188 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
22:29:01.0336 5188 SessionEnv - ok
22:29:01.0351 5188 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:29:01.0367 5188 sffdisk - ok
22:29:01.0367 5188 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:29:01.0383 5188 sffp_mmc - ok
22:29:01.0398 5188 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:29:01.0398 5188 sffp_sd - ok
22:29:01.0414 5188 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:29:01.0414 5188 sfloppy - ok
22:29:01.0461 5188 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:29:01.0476 5188 SharedAccess - ok
22:29:01.0523 5188 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:29:01.0523 5188 ShellHWDetection - ok
22:29:01.0554 5188 [ 25D7D8FD7E150CFBDA160EBB38171334 ] ShldDrv C:\Windows\system32\DRIVERS\ShlDrv51.sys
22:29:01.0554 5188 ShldDrv - ok
22:29:01.0585 5188 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:29:01.0585 5188 sisagp - ok
22:29:01.0617 5188 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
22:29:01.0617 5188 SiSRaid2 - ok
22:29:01.0648 5188 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:29:01.0648 5188 SiSRaid4 - ok
22:29:01.0788 5188 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
22:29:01.0882 5188 slsvc - ok
22:29:01.0913 5188 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
22:29:01.0913 5188 SLUINotify - ok
22:29:01.0944 5188 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:29:01.0944 5188 Smb - ok
22:29:02.0007 5188 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:29:02.0007 5188 SNMPTRAP - ok
22:29:02.0038 5188 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
22:29:02.0038 5188 spldr - ok
22:29:02.0085 5188 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
22:29:02.0085 5188 Spooler - ok
22:29:02.0131 5188 [ BCDE2AD809248B47B9A3B82B6FD85108 ] sprtsvc_DellComms C:\Program Files\Dell\DellComms\bin\sprtsvc.exe
22:29:02.0131 5188 sprtsvc_DellComms - ok
22:29:02.0178 5188 sprtsvc_dellsupportcenter - ok
22:29:02.0459 5188 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS
22:29:02.0475 5188 SRTSP - ok
22:29:02.0506 5188 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS
22:29:02.0506 5188 SRTSPX - ok
22:29:02.0553 5188 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:29:02.0568 5188 srv - ok
22:29:02.0615 5188 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:29:02.0615 5188 srv2 - ok
22:29:02.0662 5188 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:29:02.0677 5188 srvnet - ok
22:29:02.0709 5188 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:29:02.0709 5188 SSDPSRV - ok
22:29:02.0740 5188 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:29:02.0740 5188 SstpSvc - ok
22:29:02.0802 5188 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
22:29:02.0818 5188 stisvc - ok
22:29:02.0896 5188 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
22:29:02.0911 5188 stllssvr - ok
22:29:02.0958 5188 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:29:02.0958 5188 swenum - ok
22:29:03.0052 5188 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:29:03.0083 5188 SwitchBoard - ok
22:29:03.0130 5188 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
22:29:03.0161 5188 swprv - ok
22:29:03.0177 5188 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
22:29:03.0192 5188 Symc8xx - ok
22:29:03.0239 5188 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS C:\Windows\system32\drivers\N360\0502020.003\SYMDS.SYS
22:29:03.0255 5188 SymDS - ok
22:29:03.0286 5188 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA C:\Windows\system32\drivers\N360\0502020.003\SYMEFA.SYS
22:29:03.0317 5188 SymEFA - ok
22:29:03.0379 5188 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
22:29:03.0379 5188 SymEvent - ok
22:29:03.0426 5188 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS
22:29:03.0426 5188 SymIRON - ok
22:29:03.0457 5188 [ D42A7229E333AF725F1445F785E4658D ] SYMTDIv C:\Windows\System32\Drivers\N360\0502020.003\SYMTDIV.SYS
22:29:03.0457 5188 SYMTDIv - ok
22:29:03.0489 5188 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
22:29:03.0489 5188 Sym_hi - ok
22:29:03.0520 5188 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
22:29:03.0520 5188 Sym_u3 - ok
22:29:03.0582 5188 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
22:29:03.0598 5188 SysMain - ok
22:29:03.0645 5188 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:29:03.0645 5188 TabletInputService - ok
22:29:03.0676 5188 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:29:03.0691 5188 TapiSrv - ok
22:29:03.0707 5188 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
22:29:03.0707 5188 TBS - ok
22:29:03.0769 5188 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:29:03.0801 5188 Tcpip - ok
22:29:03.0847 5188 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
22:29:03.0847 5188 Tcpip6 - ok
22:29:03.0894 5188 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:29:03.0894 5188 tcpipreg - ok
22:29:03.0925 5188 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:29:03.0925 5188 TDPIPE - ok
22:29:03.0941 5188 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:29:03.0957 5188 TDTCP - ok
22:29:03.0988 5188 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:29:03.0988 5188 tdx - ok
22:29:04.0003 5188 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:29:04.0019 5188 TermDD - ok
22:29:04.0050 5188 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
22:29:04.0050 5188 TermService - ok
22:29:04.0081 5188 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
22:29:04.0081 5188 Themes - ok
22:29:04.0113 5188 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
22:29:04.0113 5188 THREADORDER - ok
22:29:04.0144 5188 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
22:29:04.0144 5188 TrkWks - ok
22:29:04.0206 5188 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:29:04.0206 5188 TrustedInstaller - ok
22:29:04.0237 5188 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:29:04.0237 5188 tssecsrv - ok
22:29:04.0284 5188 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
22:29:04.0284 5188 tunmp - ok
22:29:04.0331 5188 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:29:04.0331 5188 tunnel - ok
22:29:04.0362 5188 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:29:04.0362 5188 uagp35 - ok
22:29:04.0393 5188 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:29:04.0393 5188 udfs - ok
22:29:04.0440 5188 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:29:04.0440 5188 UI0Detect - ok
22:29:04.0456 5188 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:29:04.0471 5188 uliagpkx - ok
22:29:04.0503 5188 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
22:29:04.0503 5188 uliahci - ok
22:29:04.0534 5188 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
22:29:04.0534 5188 UlSata - ok
22:29:04.0768 5188 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
22:29:04.0768 5188 ulsata2 - ok
22:29:04.0783 5188 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:29:04.0799 5188 umbus - ok
22:29:04.0815 5188 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
22:29:04.0815 5188 upnphost - ok
22:29:04.0877 5188 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
22:29:04.0877 5188 USBAAPL - ok
22:29:04.0924 5188 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:29:04.0924 5188 usbaudio - ok
22:29:04.0971 5188 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:29:04.0971 5188 usbccgp - ok
22:29:05.0002 5188 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:29:05.0002 5188 usbcir - ok
22:29:05.0049 5188 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:29:05.0049 5188 usbehci - ok
22:29:05.0095 5188 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:29:05.0095 5188 usbhub - ok
22:29:05.0127 5188 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:29:05.0127 5188 usbohci - ok
22:29:05.0158 5188 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
22:29:05.0158 5188 usbprint - ok
22:29:05.0189 5188 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:29:05.0189 5188 USBSTOR - ok
22:29:05.0236 5188 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:29:05.0236 5188 usbuhci - ok
22:29:05.0267 5188 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
22:29:05.0267 5188 UxSms - ok
22:29:05.0314 5188 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
22:29:05.0329 5188 vds - ok
22:29:05.0361 5188 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:29:05.0361 5188 vga - ok
22:29:05.0392 5188 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
22:29:05.0392 5188 VgaSave - ok
22:29:05.0423 5188 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:29:05.0423 5188 viaagp - ok
22:29:05.0439 5188 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
22:29:05.0454 5188 ViaC7 - ok
22:29:05.0501 5188 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
22:29:05.0501 5188 viaide - ok
22:29:05.0532 5188 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:29:05.0548 5188 volmgr - ok
22:29:05.0579 5188 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:29:05.0595 5188 volmgrx - ok
22:29:05.0626 5188 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:29:05.0626 5188 volsnap - ok
22:29:05.0673 5188 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:29:05.0673 5188 vsmraid - ok
22:29:05.0735 5188 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
22:29:05.0782 5188 VSS - ok
22:29:05.0829 5188 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
22:29:05.0844 5188 W32Time - ok
22:29:05.0875 5188 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:29:05.0875 5188 WacomPen - ok
22:29:05.0891 5188 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
22:29:05.0891 5188 Wanarp - ok
22:29:05.0907 5188 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:29:05.0907 5188 Wanarpv6 - ok
22:29:05.0953 5188 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:29:05.0969 5188 wcncsvc - ok
22:29:06.0000 5188 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:29:06.0016 5188 WcsPlugInService - ok
22:29:06.0047 5188 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
22:29:06.0047 5188 Wd - ok
22:29:06.0094 5188 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:29:06.0109 5188 Wdf01000 - ok
22:29:06.0141 5188 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:29:06.0141 5188 WdiServiceHost - ok
22:29:06.0156 5188 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:29:06.0156 5188 WdiSystemHost - ok
22:29:06.0203 5188 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
22:29:06.0203 5188 WebClient - ok
22:29:06.0250 5188 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:29:06.0265 5188 Wecsvc - ok
22:29:06.0297 5188 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:29:06.0297 5188 wercplsupport - ok
22:29:06.0359 5188 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
22:29:06.0359 5188 WerSvc - ok
22:29:06.0421 5188 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:29:06.0437 5188 WinDefend - ok
22:29:06.0437 5188 WinHttpAutoProxySvc - ok
22:29:06.0484 5188 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:29:06.0484 5188 Winmgmt - ok
22:29:06.0562 5188 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
22:29:06.0609 5188 WinRM - ok
22:29:06.0655 5188 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:29:06.0687 5188 Wlansvc - ok
22:29:06.0796 5188 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:29:06.0811 5188 wlidsvc - ok
22:29:07.0061 5188 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:29:07.0061 5188 WmiAcpi - ok
22:29:07.0108 5188 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:29:07.0108 5188 wmiApSrv - ok
22:29:07.0186 5188 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:29:07.0217 5188 WMPNetworkSvc - ok
22:29:07.0248 5188 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:29:07.0264 5188 WPCSvc - ok
22:29:07.0295 5188 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:29:07.0295 5188 WPDBusEnum - ok
22:29:07.0357 5188 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
22:29:07.0357 5188 WpdUsb - ok
22:29:07.0498 5188 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:29:07.0529 5188 WPFFontCache_v0400 - ok
22:29:07.0560 5188 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:29:07.0560 5188 ws2ifsl - ok
22:29:07.0607 5188 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
22:29:07.0607 5188 wscsvc - ok
22:29:07.0638 5188 WSearch - ok
22:29:07.0747 5188 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:29:07.0825 5188 wuauserv - ok
22:29:07.0857 5188 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:29:07.0857 5188 WUDFRd - ok
22:29:07.0903 5188 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:29:07.0903 5188 wudfsvc - ok
22:29:07.0981 5188 [ 70AEEC67E87A2002E6B2CC353D56E222 ] WUSB54GPV4SRV C:\Windows\system32\DRIVERS\rt2500usb.sys
22:29:07.0981 5188 WUSB54GPV4SRV - ok
22:29:08.0059 5188 ================ Scan global ===============================
22:29:08.0091 5188 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:29:08.0137 5188 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:29:08.0184 5188 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:29:08.0231 5188 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
22:29:08.0247 5188 [Global] - ok
22:29:08.0247 5188 ================ Scan MBR ==================================
22:29:08.0262 5188 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:29:08.0605 5188 \Device\Harddisk0\DR0 - ok
22:29:08.0621 5188 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
22:29:08.0652 5188 \Device\Harddisk1\DR1 - ok
22:29:08.0668 5188 ================ Scan VBR ==================================
22:29:08.0683 5188 [ 608A127C0A5D4E62CE596405B0CDC452 ] \Device\Harddisk0\DR0\Partition1
22:29:08.0683 5188 \Device\Harddisk0\DR0\Partition1 - ok
22:29:08.0683 5188 [ 9516941D4620A36930A299E7EB82509D ] \Device\Harddisk0\DR0\Partition2
22:29:08.0699 5188 \Device\Harddisk0\DR0\Partition2 - ok
22:29:08.0715 5188 [ 2749E307CB9FA7F5A6C3CC25942280C7 ] \Device\Harddisk1\DR1\Partition1
22:29:08.0715 5188 \Device\Harddisk1\DR1\Partition1 - ok
22:29:08.0715 5188 ============================================================
22:29:08.0715 5188 Scan finished
22:29:08.0715 5188 ============================================================
22:29:08.0730 4588 Detected object count: 2
22:29:08.0730 4588 Actual detected object count: 2
22:30:16.0105 4588 c:\program files\common files\akamai/netsession_win_b5e8a4c.dll - copied to quarantine
22:30:16.0105 4588 HKLM\SYSTEM\ControlSet001\services\Akamai - will be deleted on reboot
22:30:16.0199 4588 HKLM\SYSTEM\ControlSet002\services\Akamai - will be deleted on reboot
22:30:16.0230 4588 c:\program files\common files\akamai/netsession_win_b5e8a4c.dll - will be deleted on reboot
22:30:16.0230 4588 Akamai ( HiddenFile.Multi.Generic ) - User select action: Delete
22:30:16.0261 4588 C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe - copied to quarantine
22:30:16.0261 4588 HKLM\SYSTEM\ControlSet001\services\PavPrSrv - will be deleted on reboot
22:30:16.0277 4588 HKLM\SYSTEM\ControlSet002\services\PavPrSrv - will be deleted on reboot
22:30:16.0277 4588 C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe - will be deleted on reboot
22:30:16.0277 4588 PavPrSrv ( ForgedFile.Multi.Generic ) - User select action: Delete
22:31:40.0030 4780 Deinitialize success






still having problems with the mouse though, when i select something or try to drag and move it deselects and moves it a little bit, same when im trying to highlight the whole log to post it. it just selects a small portion then selects a different portion.
  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
did you run the aswMBR program also?

gringo
  • 0

#14
AFWaggle

AFWaggle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-07 18:02:10
-----------------------------
18:02:10.310 OS Version: Windows 6.0.6002 Service Pack 2
18:02:10.310 Number of processors: 2 586 0xF0D
18:02:10.326 ComputerName: USER-PC UserName: user
18:02:14.163 Initialize success
18:02:31.024 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
18:02:31.024 Disk 0 Vendor: WDC_WD2500BEVT-75ZCT2 11.01A11 Size: 238475MB BusType: 3
18:02:31.258 Disk 0 MBR read successfully
18:02:31.258 Disk 0 MBR scan
18:02:31.258 Disk 0 Windows VISTA default MBR code
18:02:31.274 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
18:02:31.305 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 98304
18:02:31.321 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 223066 MB offset 31555584
18:02:31.336 Disk 0 scanning sectors +488394752
18:02:31.555 Disk 0 scanning C:\Windows\system32\drivers
18:02:49.105 Service scanning
18:03:12.140 Modules scanning
18:03:34.213 Disk 0 trace - called modules:
18:03:34.276 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
18:03:34.790 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8584aac8]
18:03:34.806 3 CLASSPNP.SYS[8aba58b3] -> nt!IofCallDriver -> [0x8572bf08]
18:03:34.822 5 acpi.sys[8069d6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x857281b0]
18:03:34.822 Scan finished successfully
18:03:51.716 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
18:03:51.732 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"




sorry didnt see that one.
  • 0

#15
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP