Jump to content

glennski51

Honorary Members
  • Posts

    22
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks a lot for your help Maurice. Everything is uninstalled or removed as requested. Going to get to implementing these safeguards.
  2. Everything seems to be good. I set all the exclusions for malwarebytes within avg so that shouldn't be an issue anymore. Here is the mbam text. Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.09.08.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 glenn :: *******-PC [administrator] Protection: Enabled 9/8/2012 2:24:49 PM mbam-log-2012-09-08 (14-24-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 238665 Time elapsed: 2 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  3. Uninstalled adobe and then reinstalled latest version. eset came back clean # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=9cf56f0755d40b42b30b808401f2a127 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-09-08 05:03:40 # local_time=2012-09-08 01:03:40 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1024 16777215 100 0 17708260 17708260 0 0 # compatibility_mode=5893 16776574 100 94 1716448 98662499 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=173455 # found=0 # cleaned=0 # scan_time=4771
  4. thanks for all the help. security check text is below. I ran a clean mbam whole scan today. Weird thing is avg detected the same trojan name on same objects, but process is the mbam.exe now instead of the seagate backup exe process that it was before. If I try and fix with avg it says object is inacessible. Trojan horse Crypt_s.JR;"c:\Users\kristi\Documents\FromLaptop\Grad Summer 06\shuffle.exe";"Object is inaccessible.";"9/7/2012, 2:25:28 PM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" Trojan horse Crypt_s.JR;"c:\Users\kristi\Documents\FromLaptop\Grad Summer 06\avg.exe";"Object is inaccessible.";"9/7/2012, 2:25:27 PM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" Trojan horse Crypt_s.JR;"c:\Users\kristi\Documents\FromLaptop\Grad Summer 06\shuffle.exe";"Object is inaccessible.";"9/4/2012, 10:15:11 PM";"file";"C:\Program Files (x86)\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe" Trojan horse Crypt_s.JR;"c:\Users\kristi\Documents\FromLaptop\Grad Summer 06\avg.exe";"Object is inaccessible.";"9/4/2012, 10:15:11 PM";"file";"C:\Program Files (x86)\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe" Results of screen317's Security Check version 0.99.50 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! AVG Internet Security 2012 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 Java 7 Update 7 Adobe Flash Player 11.3.300.271 Flash Player out of Date! Adobe Reader X (10.1.4) Mozilla Firefox (14.0.1) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe AVG avgtray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 9% ````````````````````End of Log``````````````````````
  5. Here is the combofix log. Everything seems to be running okay. I'll run some scans with antivirus and also see if anything pops up on auto detect. Keeping backup drive disconnected for now. ComboFix 12-09-07.03 - glenn 09/07/2012 11:40:45.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2341 [GMT -4:00] Running from: c:\users\glenn\Desktop\ComboFix.exe AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk . . ((((((((((((((((((((((((( Files Created from 2012-08-07 to 2012-09-07 ))))))))))))))))))))))))))))))) . . 2012-09-07 15:48 . 2012-09-07 15:48 -------- d-----w- c:\users\*******\AppData\Local\temp 2012-09-07 15:48 . 2012-09-07 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-07 15:48 . 2012-09-07 15:48 -------- d-----w- c:\users\kristi\AppData\Local\temp 2012-09-07 12:46 . 2012-09-07 12:46 16200 ----a-w- c:\windows\stinger.sys 2012-09-07 12:44 . 2012-09-07 15:31 -------- d-----w- c:\program files (x86)\stinger 2012-09-07 01:09 . 2012-09-07 01:09 -------- d-----w- c:\program files (x86)\ESET 2012-09-07 00:56 . 2012-09-07 00:57 -------- d-----w- c:\program files (x86)\ERUNT 2012-09-05 21:15 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-03 01:29 . 2012-09-03 01:29 -------- d-----w- c:\users\glenn\AppData\Roaming\The Creative Assembly 2012-09-02 16:54 . 2012-09-02 16:54 -------- d-----w- c:\users\glenn\AppData\Roaming\Malwarebytes 2012-09-02 16:54 . 2012-09-02 16:54 -------- d-----w- c:\programdata\Malwarebytes 2012-09-02 16:54 . 2012-09-05 21:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-08-28 01:06 . 2012-08-28 01:05 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-08-28 01:03 . 2012-08-28 01:03 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-08-28 01:03 . 2012-08-28 01:05 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-08-28 00:56 . 2012-08-28 00:56 -------- d-----w- c:\users\*******\AppData\Local\Mozilla 2012-08-28 00:54 . 2012-08-28 00:54 -------- d-----w- c:\users\*******\AppData\Local\AVG Secure Search 2012-08-28 00:48 . 2012-09-05 21:14 -------- d-----w- c:\program files (x86)\Steam 2012-08-28 00:30 . 2012-09-05 21:14 -------- d-----w- c:\program files (x86)\Common Files\Steam 2012-08-27 21:58 . 2012-08-27 21:59 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-08-27 21:58 . 2012-08-27 21:58 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-08-27 21:58 . 2012-08-27 21:58 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-08-27 21:58 . 2012-08-27 21:58 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-08-27 21:58 . 2012-08-27 21:58 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-08-15 10:06 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll 2012-08-15 10:06 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-08-15 10:06 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll 2012-08-15 10:06 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-15 10:06 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe 2012-08-15 10:06 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2012-08-15 10:06 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll 2012-08-15 10:05 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-08-15 10:05 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 10:05 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-08-15 10:05 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-08-15 10:05 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll 2012-08-15 02:47 . 2012-08-15 02:47 -------- d-----w- c:\program files\iPod 2012-08-15 02:47 . 2012-08-15 02:48 -------- d-----w- c:\program files\iTunes 2012-08-15 02:47 . 2012-08-15 02:48 -------- d-----w- c:\program files (x86)\iTunes 2012-08-15 02:46 . 2012-08-15 02:46 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-08-15 02:46 . 2012-08-15 02:46 -------- d-----w- c:\program files\Common Files\Apple 2012-08-15 02:46 . 2012-08-15 02:46 -------- d-----w- c:\program files\Bonjour 2012-08-15 02:46 . 2012-08-15 02:46 -------- d-----w- c:\program files (x86)\Bonjour 2012-08-15 02:45 . 2012-08-15 02:47 -------- d-----w- c:\program files (x86)\Common Files\Apple 2012-08-09 02:52 . 2012-08-16 07:00 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-08-09 02:36 . 2012-08-09 02:36 -------- d-----w- c:\windows\system32\SPReview 2012-08-09 02:33 . 2012-08-09 02:33 -------- d-----w- c:\windows\system32\EventProviders . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-04 00:24 . 2012-07-11 13:25 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2012-08-28 01:05 . 2012-07-06 14:11 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-14 18:54 . 2012-03-31 04:57 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-14 18:54 . 2012-03-31 04:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-09 02:50 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-08-09 02:50 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-06-20 16:54 . 2012-01-30 04:25 71104 ----a-w- c:\windows\CouponPrinter.ocx . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-09-04 00:24 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-09-04 1734240] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-28 1353080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-04 947808] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "CarboniteSetupLite"="c:\program files (x86)\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096] "MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032] "ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-07-11 1020512] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-27 113120] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-30 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176] S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 416768] S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 18:54] . 2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240784298-388009509-860317759-1000Core.job - c:\users\*******\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 01:47] . 2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240784298-388009509-860317759-1000UA.job - c:\users\*******\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 01:47] . 2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240784298-388009509-860317759-1003Core.job - c:\users\kristi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-27 20:59] . 2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240784298-388009509-860317759-1003UA.job - c:\users\kristi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-27 20:59] . 2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240784298-388009509-860317759-1004Core.job - c:\users\glenn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-27 21:32] . 2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240784298-388009509-860317759-1004UA.job - c:\users\glenn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-27 21:32] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll FF - ProfilePath - c:\users\glenn\AppData\Roaming\Mozilla\Firefox\Profiles\vzvktb1k.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) Toolbar-10 - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe . ************************************************************************** . Completion time: 2012-09-07 12:17:50 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-07 16:17 . Pre-Run: 444,171,124,736 bytes free Post-Run: 444,062,146,560 bytes free . - - End Of File - - D2B519AAC76282C89A7814F7353791C8
  6. Here are logs of the 2 scans McAfee® Labs Stinger Version 10.2.0.780 built on Sep 7 2012 Copyright © 2012 McAfee, Inc. All Rights Reserved. Virus data file v1000.0000 created on Sep 7 2012. Ready to scan for 4939 viruses, trojans and variants. Scan initiated on Fri Sep 07 08:45:54 2012 Rootkit scan result : Not Scanned Master Boot Record(s):....2 Possibly Infected:.............0 Boot Sector(s):.................2 Possibly Infected: ............0 Number of clean files: 16629 09:12:07.0541 4344 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48 09:12:09.0553 4344 ============================================================ 09:12:09.0553 4344 Current date / time: 2012/09/07 09:12:09.0553 09:12:09.0553 4344 SystemInfo: 09:12:09.0553 4344 09:12:09.0553 4344 OS Version: 6.1.7601 ServicePack: 1.0 09:12:09.0553 4344 Product type: Workstation 09:12:09.0553 4344 ComputerName: *******I-PC 09:12:09.0553 4344 UserName: ***** 09:12:09.0553 4344 Windows directory: C:\Windows 09:12:09.0553 4344 System windows directory: C:\Windows 09:12:09.0553 4344 Running under WOW64 09:12:09.0553 4344 Processor architecture: Intel x64 09:12:09.0553 4344 Number of processors: 4 09:12:09.0553 4344 Page size: 0x1000 09:12:09.0553 4344 Boot type: Normal boot 09:12:09.0553 4344 ============================================================ 09:12:10.0551 4344 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x47B84, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040 09:12:10.0567 4344 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 09:12:16.0507 4344 ============================================================ 09:12:16.0507 4344 \Device\Harddisk0\DR0: 09:12:16.0524 4344 MBR partitions: 09:12:16.0524 4344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 09:12:16.0524 4344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000 09:12:16.0524 4344 \Device\Harddisk1\DR1: 09:12:16.0525 4344 MBR partitions: 09:12:16.0525 4344 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982 09:12:16.0525 4344 ============================================================ 09:12:16.0558 4344 C: <-> \Device\Harddisk0\DR0\Partition2 09:12:16.0576 4344 I: <-> \Device\Harddisk1\DR1\Partition1 09:12:16.0576 4344 ============================================================ 09:12:16.0577 4344 Initialize success 09:12:16.0577 4344 ============================================================ 09:12:26.0699 4448 ============================================================ 09:12:26.0699 4448 Scan started 09:12:26.0699 4448 Mode: Manual; 09:12:26.0699 4448 ============================================================ 09:12:27.0291 4448 ================ Scan system memory ======================== 09:12:27.0291 4448 System memory - ok 09:12:27.0291 4448 ================ Scan services ============================= 09:12:27.0463 4448 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 09:12:27.0479 4448 1394ohci - ok 09:12:27.0510 4448 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 09:12:27.0541 4448 ACPI - ok 09:12:27.0557 4448 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 09:12:27.0572 4448 AcpiPmi - ok 09:12:27.0713 4448 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 09:12:27.0713 4448 AdobeARMservice - ok 09:12:28.0056 4448 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 09:12:28.0071 4448 AdobeFlashPlayerUpdateSvc - ok 09:12:28.0118 4448 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 09:12:28.0134 4448 adp94xx - ok 09:12:28.0165 4448 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 09:12:28.0165 4448 adpahci - ok 09:12:28.0196 4448 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 09:12:28.0196 4448 adpu320 - ok 09:12:28.0227 4448 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 09:12:28.0227 4448 AeLookupSvc - ok 09:12:28.0259 4448 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 09:12:28.0274 4448 AFD - ok 09:12:28.0305 4448 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 09:12:28.0305 4448 agp440 - ok 09:12:28.0337 4448 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 09:12:28.0337 4448 ALG - ok 09:12:28.0352 4448 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 09:12:28.0352 4448 aliide - ok 09:12:28.0383 4448 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 09:12:28.0383 4448 amdide - ok 09:12:28.0415 4448 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 09:12:28.0415 4448 AmdK8 - ok 09:12:28.0446 4448 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 09:12:28.0446 4448 AmdPPM - ok 09:12:28.0477 4448 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 09:12:28.0477 4448 amdsata - ok 09:12:28.0493 4448 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 09:12:28.0508 4448 amdsbs - ok 09:12:28.0508 4448 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 09:12:28.0524 4448 amdxata - ok 09:12:28.0555 4448 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 09:12:28.0555 4448 AppID - ok 09:12:28.0571 4448 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 09:12:28.0586 4448 AppIDSvc - ok 09:12:28.0602 4448 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 09:12:28.0602 4448 Appinfo - ok 09:12:28.0742 4448 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 09:12:28.0742 4448 Apple Mobile Device - ok 09:12:28.0758 4448 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 09:12:28.0773 4448 arc - ok 09:12:28.0773 4448 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 09:12:28.0789 4448 arcsas - ok 09:12:28.0805 4448 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 09:12:28.0805 4448 AsyncMac - ok 09:12:28.0836 4448 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 09:12:28.0836 4448 atapi - ok 09:12:28.0961 4448 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\drivers\atikmdag.sys 09:12:29.0085 4448 atikmdag - ok 09:12:29.0132 4448 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 09:12:29.0163 4448 AudioEndpointBuilder - ok 09:12:29.0179 4448 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 09:12:29.0195 4448 AudioSrv - ok 09:12:29.0241 4448 [ 96B4456F1DCA4EDA506ED31C7D2D6B05 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys 09:12:29.0241 4448 Avgfwfd - ok 09:12:29.0429 4448 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files (x86)\AVG\AVG2012\avgfws.exe 09:12:29.0475 4448 avgfws - ok 09:12:29.0616 4448 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe 09:12:29.0694 4448 AVGIDSAgent - ok 09:12:29.0756 4448 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys 09:12:29.0756 4448 AVGIDSDriver - ok 09:12:29.0803 4448 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys 09:12:29.0803 4448 AVGIDSFilter - ok 09:12:29.0865 4448 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys 09:12:29.0865 4448 AVGIDSHA - ok 09:12:29.0897 4448 [ 59955B4C288DD2A8B9FD2CD5158355C5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys 09:12:29.0912 4448 Avgldx64 - ok 09:12:29.0943 4448 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys 09:12:29.0959 4448 Avgmfx64 - ok 09:12:29.0990 4448 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys 09:12:29.0990 4448 Avgrkx64 - ok 09:12:30.0021 4448 [ 1BEE674AD792B1C63BB0DAC5FA724B23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys 09:12:30.0037 4448 Avgtdia - ok 09:12:30.0084 4448 [ A313C4AE276E3C975A1BC27170AA23C6 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys 09:12:30.0084 4448 avgtp - ok 09:12:30.0099 4448 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe 09:12:30.0099 4448 avgwd - ok 09:12:30.0146 4448 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 09:12:30.0162 4448 AxInstSV - ok 09:12:30.0193 4448 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 09:12:30.0209 4448 b06bdrv - ok 09:12:30.0240 4448 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 09:12:30.0255 4448 b57nd60a - ok 09:12:30.0302 4448 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 09:12:30.0302 4448 BDESVC - ok 09:12:30.0318 4448 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 09:12:30.0318 4448 Beep - ok 09:12:30.0380 4448 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 09:12:30.0411 4448 BFE - ok 09:12:30.0443 4448 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 09:12:30.0489 4448 BITS - ok 09:12:30.0505 4448 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 09:12:30.0521 4448 blbdrive - ok 09:12:30.0614 4448 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 09:12:30.0614 4448 Bonjour Service - ok 09:12:30.0661 4448 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 09:12:30.0661 4448 bowser - ok 09:12:30.0677 4448 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 09:12:30.0677 4448 BrFiltLo - ok 09:12:30.0677 4448 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 09:12:30.0692 4448 BrFiltUp - ok 09:12:30.0708 4448 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 09:12:30.0723 4448 Browser - ok 09:12:30.0755 4448 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 09:12:30.0755 4448 Brserid - ok 09:12:30.0770 4448 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 09:12:30.0770 4448 BrSerWdm - ok 09:12:30.0786 4448 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 09:12:30.0786 4448 BrUsbMdm - ok 09:12:30.0786 4448 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 09:12:30.0786 4448 BrUsbSer - ok 09:12:30.0801 4448 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 09:12:30.0801 4448 BTHMODEM - ok 09:12:30.0833 4448 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 09:12:30.0833 4448 bthserv - ok 09:12:30.0848 4448 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 09:12:30.0864 4448 cdfs - ok 09:12:30.0895 4448 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 09:12:30.0895 4448 cdrom - ok 09:12:30.0926 4448 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 09:12:30.0926 4448 CertPropSvc - ok 09:12:30.0942 4448 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 09:12:30.0942 4448 circlass - ok 09:12:30.0973 4448 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 09:12:30.0989 4448 CLFS - ok 09:12:31.0067 4448 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:12:31.0067 4448 clr_optimization_v2.0.50727_32 - ok 09:12:31.0082 4448 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 09:12:31.0098 4448 clr_optimization_v2.0.50727_64 - ok 09:12:31.0238 4448 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 09:12:31.0254 4448 clr_optimization_v4.0.30319_32 - ok 09:12:31.0316 4448 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 09:12:31.0332 4448 clr_optimization_v4.0.30319_64 - ok 09:12:31.0363 4448 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 09:12:31.0379 4448 CmBatt - ok 09:12:31.0410 4448 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 09:12:31.0410 4448 cmdide - ok 09:12:31.0457 4448 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 09:12:31.0472 4448 CNG - ok 09:12:31.0503 4448 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 09:12:31.0503 4448 Compbatt - ok 09:12:31.0535 4448 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 09:12:31.0550 4448 CompositeBus - ok 09:12:31.0566 4448 COMSysApp - ok 09:12:31.0597 4448 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 09:12:31.0597 4448 crcdisk - ok 09:12:31.0644 4448 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll 09:12:31.0644 4448 CryptSvc - ok 09:12:31.0691 4448 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys 09:12:31.0753 4448 CVirtA - ok 09:12:31.0847 4448 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe 09:12:31.0862 4448 CVPND - ok 09:12:31.0909 4448 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys 09:12:31.0940 4448 CVPNDRVA - ok 09:12:31.0987 4448 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 09:12:32.0018 4448 DcomLaunch - ok 09:12:32.0049 4448 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 09:12:32.0065 4448 defragsvc - ok 09:12:32.0096 4448 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 09:12:32.0112 4448 DfsC - ok 09:12:32.0159 4448 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 09:12:32.0174 4448 Dhcp - ok 09:12:32.0205 4448 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 09:12:32.0205 4448 discache - ok 09:12:32.0237 4448 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 09:12:32.0237 4448 Disk - ok 09:12:32.0268 4448 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys 09:12:32.0283 4448 DNE - ok 09:12:32.0315 4448 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 09:12:32.0315 4448 Dnscache - ok 09:12:32.0346 4448 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 09:12:32.0361 4448 dot3svc - ok 09:12:32.0393 4448 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 09:12:32.0408 4448 DPS - ok 09:12:32.0424 4448 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 09:12:32.0455 4448 drmkaud - ok 09:12:32.0502 4448 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 09:12:32.0549 4448 DXGKrnl - ok 09:12:32.0580 4448 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 09:12:32.0580 4448 EapHost - ok 09:12:32.0673 4448 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 09:12:32.0767 4448 ebdrv - ok 09:12:32.0798 4448 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 09:12:32.0798 4448 EFS - ok 09:12:32.0861 4448 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 09:12:32.0892 4448 ehRecvr - ok 09:12:32.0923 4448 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 09:12:32.0923 4448 ehSched - ok 09:12:32.0954 4448 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 09:12:33.0001 4448 elxstor - ok 09:12:33.0017 4448 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 09:12:33.0032 4448 ErrDev - ok 09:12:33.0063 4448 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 09:12:33.0079 4448 EventSystem - ok 09:12:33.0095 4448 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 09:12:33.0110 4448 exfat - ok 09:12:33.0126 4448 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 09:12:33.0126 4448 fastfat - ok 09:12:33.0173 4448 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 09:12:33.0204 4448 Fax - ok 09:12:33.0219 4448 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 09:12:33.0219 4448 fdc - ok 09:12:33.0235 4448 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 09:12:33.0235 4448 fdPHost - ok 09:12:33.0251 4448 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 09:12:33.0251 4448 FDResPub - ok 09:12:33.0266 4448 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 09:12:33.0266 4448 FileInfo - ok 09:12:33.0282 4448 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 09:12:33.0282 4448 Filetrace - ok 09:12:33.0282 4448 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 09:12:33.0297 4448 flpydisk - ok 09:12:33.0329 4448 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 09:12:33.0344 4448 FltMgr - ok 09:12:33.0438 4448 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 09:12:33.0453 4448 FontCache - ok 09:12:33.0500 4448 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 09:12:33.0500 4448 FontCache3.0.0.0 - ok 09:12:33.0578 4448 [ 9513B437B7ADB1E6065B7F0D83D11ECF ] FreeAgentGoNext Service C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe 09:12:33.0578 4448 FreeAgentGoNext Service - ok 09:12:33.0594 4448 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 09:12:33.0609 4448 FsDepends - ok 09:12:33.0625 4448 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 09:12:33.0625 4448 Fs_Rec - ok 09:12:33.0672 4448 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 09:12:33.0672 4448 fvevol - ok 09:12:33.0687 4448 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 09:12:33.0703 4448 gagp30kx - ok 09:12:33.0750 4448 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 09:12:33.0765 4448 GEARAspiWDM - ok 09:12:33.0812 4448 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 09:12:33.0843 4448 gpsvc - ok 09:12:33.0859 4448 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 09:12:33.0875 4448 hcw85cir - ok 09:12:33.0937 4448 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 09:12:33.0953 4448 HdAudAddService - ok 09:12:33.0984 4448 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 09:12:33.0999 4448 HDAudBus - ok 09:12:33.0999 4448 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 09:12:34.0015 4448 HidBatt - ok 09:12:34.0031 4448 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 09:12:34.0031 4448 HidBth - ok 09:12:34.0062 4448 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 09:12:34.0062 4448 HidIr - ok 09:12:34.0077 4448 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 09:12:34.0093 4448 hidserv - ok 09:12:34.0109 4448 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 09:12:34.0109 4448 HidUsb - ok 09:12:34.0155 4448 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 09:12:34.0155 4448 hkmsvc - ok 09:12:34.0202 4448 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 09:12:34.0218 4448 HomeGroupListener - ok 09:12:34.0249 4448 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 09:12:34.0265 4448 HomeGroupProvider - ok 09:12:34.0296 4448 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 09:12:34.0296 4448 HpSAMD - ok 09:12:34.0343 4448 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 09:12:34.0374 4448 HTTP - ok 09:12:34.0405 4448 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 09:12:34.0405 4448 hwpolicy - ok 09:12:34.0436 4448 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 09:12:34.0436 4448 i8042prt - ok 09:12:34.0467 4448 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 09:12:34.0483 4448 iaStorV - ok 09:12:34.0530 4448 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 09:12:34.0545 4448 idsvc - ok 09:12:34.0577 4448 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 09:12:34.0577 4448 iirsp - ok 09:12:34.0623 4448 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 09:12:34.0655 4448 IKEEXT - ok 09:12:34.0686 4448 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 09:12:34.0686 4448 intelide - ok 09:12:34.0717 4448 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 09:12:34.0717 4448 intelppm - ok 09:12:34.0748 4448 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 09:12:34.0764 4448 IPBusEnum - ok 09:12:34.0779 4448 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 09:12:34.0795 4448 IpFilterDriver - ok 09:12:34.0826 4448 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 09:12:34.0857 4448 iphlpsvc - ok 09:12:34.0889 4448 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 09:12:34.0889 4448 IPMIDRV - ok 09:12:34.0904 4448 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 09:12:34.0904 4448 IPNAT - ok 09:12:34.0982 4448 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 09:12:34.0998 4448 iPod Service - ok 09:12:35.0029 4448 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 09:12:35.0029 4448 IRENUM - ok 09:12:35.0060 4448 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 09:12:35.0060 4448 isapnp - ok 09:12:35.0107 4448 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 09:12:35.0123 4448 iScsiPrt - ok 09:12:35.0138 4448 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 09:12:35.0138 4448 kbdclass - ok 09:12:35.0169 4448 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 09:12:35.0185 4448 kbdhid - ok 09:12:35.0201 4448 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 09:12:35.0201 4448 KeyIso - ok 09:12:35.0232 4448 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 09:12:35.0247 4448 KSecDD - ok 09:12:35.0279 4448 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 09:12:35.0279 4448 KSecPkg - ok 09:12:35.0310 4448 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 09:12:35.0310 4448 ksthunk - ok 09:12:35.0341 4448 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 09:12:35.0357 4448 KtmRm - ok 09:12:35.0403 4448 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 09:12:35.0419 4448 LanmanServer - ok 09:12:35.0450 4448 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 09:12:35.0450 4448 LanmanWorkstation - ok 09:12:35.0481 4448 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 09:12:35.0481 4448 lltdio - ok 09:12:35.0528 4448 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 09:12:35.0544 4448 lltdsvc - ok 09:12:35.0559 4448 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 09:12:35.0559 4448 lmhosts - ok 09:12:35.0591 4448 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 09:12:35.0591 4448 LSI_FC - ok 09:12:35.0606 4448 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 09:12:35.0606 4448 LSI_SAS - ok 09:12:35.0622 4448 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 09:12:35.0622 4448 LSI_SAS2 - ok 09:12:35.0637 4448 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 09:12:35.0637 4448 LSI_SCSI - ok 09:12:35.0669 4448 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 09:12:35.0669 4448 luafv - ok 09:12:35.0778 4448 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe 09:12:35.0778 4448 McComponentHostService - ok 09:12:35.0809 4448 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 09:12:35.0825 4448 Mcx2Svc - ok 09:12:35.0825 4448 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 09:12:35.0840 4448 megasas - ok 09:12:35.0856 4448 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 09:12:35.0856 4448 MegaSR - ok 09:12:35.0887 4448 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 09:12:35.0887 4448 MMCSS - ok 09:12:35.0903 4448 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 09:12:35.0903 4448 Modem - ok 09:12:35.0918 4448 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 09:12:35.0934 4448 monitor - ok 09:12:35.0949 4448 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 09:12:35.0949 4448 mouclass - ok 09:12:35.0965 4448 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 09:12:35.0981 4448 mouhid - ok 09:12:35.0996 4448 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 09:12:35.0996 4448 mountmgr - ok 09:12:36.0012 4448 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 09:12:36.0027 4448 MozillaMaintenance - ok 09:12:36.0043 4448 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 09:12:36.0043 4448 mpio - ok 09:12:36.0059 4448 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 09:12:36.0059 4448 mpsdrv - ok 09:12:36.0105 4448 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 09:12:36.0121 4448 MpsSvc - ok 09:12:36.0152 4448 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 09:12:36.0152 4448 MRxDAV - ok 09:12:36.0183 4448 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 09:12:36.0183 4448 mrxsmb - ok 09:12:36.0215 4448 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 09:12:36.0215 4448 mrxsmb10 - ok 09:12:36.0230 4448 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 09:12:36.0230 4448 mrxsmb20 - ok 09:12:36.0261 4448 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 09:12:36.0261 4448 msahci - ok 09:12:36.0308 4448 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 09:12:36.0308 4448 msdsm - ok 09:12:36.0324 4448 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 09:12:36.0324 4448 MSDTC - ok 09:12:36.0355 4448 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 09:12:36.0355 4448 Msfs - ok 09:12:36.0371 4448 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 09:12:36.0371 4448 mshidkmdf - ok 09:12:36.0386 4448 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 09:12:36.0386 4448 msisadrv - ok 09:12:36.0417 4448 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 09:12:36.0417 4448 MSiSCSI - ok 09:12:36.0433 4448 msiserver - ok 09:12:36.0449 4448 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 09:12:36.0449 4448 MSKSSRV - ok 09:12:36.0464 4448 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 09:12:36.0464 4448 MSPCLOCK - ok 09:12:36.0464 4448 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 09:12:36.0480 4448 MSPQM - ok 09:12:36.0511 4448 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 09:12:36.0511 4448 MsRPC - ok 09:12:36.0542 4448 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 09:12:36.0542 4448 mssmbios - ok 09:12:36.0573 4448 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 09:12:36.0573 4448 MSTEE - ok 09:12:36.0589 4448 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 09:12:36.0589 4448 MTConfig - ok 09:12:36.0589 4448 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 09:12:36.0605 4448 Mup - ok 09:12:36.0636 4448 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 09:12:36.0651 4448 napagent - ok 09:12:36.0698 4448 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 09:12:36.0714 4448 NativeWifiP - ok 09:12:36.0761 4448 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys 09:12:36.0792 4448 NDIS - ok 09:12:36.0807 4448 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 09:12:36.0823 4448 NdisCap - ok 09:12:36.0839 4448 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 09:12:36.0839 4448 NdisTapi - ok 09:12:36.0870 4448 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 09:12:36.0870 4448 Ndisuio - ok 09:12:36.0901 4448 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 09:12:36.0901 4448 NdisWan - ok 09:12:36.0932 4448 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 09:12:36.0932 4448 NDProxy - ok 09:12:36.0948 4448 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 09:12:36.0963 4448 NetBIOS - ok 09:12:36.0979 4448 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 09:12:36.0979 4448 NetBT - ok 09:12:37.0010 4448 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 09:12:37.0010 4448 Netlogon - ok 09:12:37.0057 4448 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 09:12:37.0073 4448 Netman - ok 09:12:37.0104 4448 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 09:12:37.0119 4448 netprofm - ok 09:12:37.0135 4448 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 09:12:37.0151 4448 NetTcpPortSharing - ok 09:12:37.0166 4448 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 09:12:37.0166 4448 nfrd960 - ok 09:12:37.0197 4448 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 09:12:37.0229 4448 NlaSvc - ok 09:12:37.0229 4448 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 09:12:37.0244 4448 Npfs - ok 09:12:37.0260 4448 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 09:12:37.0260 4448 nsi - ok 09:12:37.0275 4448 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 09:12:37.0275 4448 nsiproxy - ok 09:12:37.0353 4448 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 09:12:37.0400 4448 Ntfs - ok 09:12:37.0447 4448 [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys 09:12:37.0463 4448 NuidFltr - ok 09:12:37.0478 4448 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 09:12:37.0478 4448 Null - ok 09:12:37.0509 4448 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 09:12:37.0509 4448 nvraid - ok 09:12:37.0541 4448 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 09:12:37.0541 4448 nvstor - ok 09:12:37.0572 4448 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 09:12:37.0572 4448 nv_agp - ok 09:12:37.0681 4448 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 09:12:37.0697 4448 odserv - ok 09:12:37.0728 4448 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 09:12:37.0728 4448 ohci1394 - ok 09:12:37.0790 4448 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 09:12:37.0790 4448 ose - ok 09:12:37.0853 4448 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 09:12:37.0868 4448 p2pimsvc - ok 09:12:37.0899 4448 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 09:12:37.0915 4448 p2psvc - ok 09:12:37.0946 4448 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 09:12:37.0946 4448 Parport - ok 09:12:37.0977 4448 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 09:12:37.0977 4448 partmgr - ok 09:12:38.0009 4448 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 09:12:38.0024 4448 PcaSvc - ok 09:12:38.0055 4448 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 09:12:38.0071 4448 pci - ok 09:12:38.0102 4448 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 09:12:38.0102 4448 pciide - ok 09:12:38.0133 4448 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 09:12:38.0133 4448 pcmcia - ok 09:12:38.0149 4448 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 09:12:38.0149 4448 pcw - ok 09:12:38.0180 4448 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 09:12:38.0196 4448 PEAUTH - ok 09:12:38.0243 4448 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 09:12:38.0258 4448 PerfHost - ok 09:12:38.0336 4448 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 09:12:38.0367 4448 pla - ok 09:12:38.0399 4448 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 09:12:38.0414 4448 PlugPlay - ok 09:12:38.0742 4448 [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe 09:12:38.0742 4448 PMBDeviceInfoProvider - ok 09:12:38.0773 4448 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 09:12:38.0789 4448 PNRPAutoReg - ok 09:12:38.0804 4448 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 09:12:38.0820 4448 PNRPsvc - ok 09:12:38.0851 4448 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 09:12:38.0867 4448 PolicyAgent - ok 09:12:38.0898 4448 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 09:12:38.0913 4448 Power - ok 09:12:38.0945 4448 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 09:12:38.0945 4448 PptpMiniport - ok 09:12:38.0960 4448 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 09:12:38.0976 4448 Processor - ok 09:12:39.0023 4448 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 09:12:39.0038 4448 ProfSvc - ok 09:12:39.0054 4448 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 09:12:39.0054 4448 ProtectedStorage - ok 09:12:39.0101 4448 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 09:12:39.0116 4448 Psched - ok 09:12:39.0194 4448 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 09:12:39.0225 4448 ql2300 - ok 09:12:39.0241 4448 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 09:12:39.0241 4448 ql40xx - ok 09:12:39.0272 4448 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 09:12:39.0288 4448 QWAVE - ok 09:12:39.0303 4448 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 09:12:39.0303 4448 QWAVEdrv - ok 09:12:39.0303 4448 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 09:12:39.0303 4448 RasAcd - ok 09:12:39.0335 4448 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 09:12:39.0335 4448 RasAgileVpn - ok 09:12:39.0366 4448 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 09:12:39.0366 4448 RasAuto - ok 09:12:39.0381 4448 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 09:12:39.0397 4448 Rasl2tp - ok 09:12:39.0428 4448 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 09:12:39.0444 4448 RasMan - ok 09:12:39.0444 4448 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 09:12:39.0459 4448 RasPppoe - ok 09:12:39.0459 4448 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 09:12:39.0475 4448 RasSstp - ok 09:12:39.0491 4448 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 09:12:39.0506 4448 rdbss - ok 09:12:39.0522 4448 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 09:12:39.0522 4448 rdpbus - ok 09:12:39.0537 4448 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 09:12:39.0537 4448 RDPCDD - ok 09:12:39.0553 4448 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 09:12:39.0553 4448 RDPENCDD - ok 09:12:39.0584 4448 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 09:12:39.0584 4448 RDPREFMP - ok 09:12:39.0615 4448 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 09:12:39.0615 4448 RDPWD - ok 09:12:39.0662 4448 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 09:12:39.0662 4448 rdyboost - ok 09:12:39.0693 4448 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 09:12:39.0693 4448 RemoteAccess - ok 09:12:39.0709 4448 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 09:12:39.0725 4448 RemoteRegistry - ok 09:12:39.0740 4448 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 09:12:39.0740 4448 RpcEptMapper - ok 09:12:39.0756 4448 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 09:12:39.0771 4448 RpcLocator - ok 09:12:39.0803 4448 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 09:12:39.0818 4448 RpcSs - ok 09:12:39.0834 4448 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 09:12:39.0834 4448 rspndr - ok 09:12:39.0865 4448 [ F70A9384917659A4C5EF30F0F4EC484D ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys 09:12:39.0881 4448 RTL8187B - ok 09:12:39.0912 4448 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 09:12:39.0912 4448 SamSs - ok 09:12:39.0943 4448 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 09:12:39.0959 4448 sbp2port - ok 09:12:39.0974 4448 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 09:12:39.0990 4448 SCardSvr - ok 09:12:40.0021 4448 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 09:12:40.0021 4448 scfilter - ok 09:12:40.0083 4448 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 09:12:40.0115 4448 Schedule - ok 09:12:40.0146 4448 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 09:12:40.0146 4448 SCPolicySvc - ok 09:12:40.0177 4448 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 09:12:40.0193 4448 SDRSVC - ok 09:12:40.0224 4448 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 09:12:40.0224 4448 secdrv - ok 09:12:40.0255 4448 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 09:12:40.0255 4448 seclogon - ok 09:12:40.0271 4448 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 09:12:40.0286 4448 SENS - ok 09:12:40.0302 4448 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 09:12:40.0302 4448 SensrSvc - ok 09:12:40.0317 4448 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 09:12:40.0317 4448 Serenum - ok 09:12:40.0333 4448 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 09:12:40.0333 4448 Serial - ok 09:12:40.0364 4448 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 09:12:40.0364 4448 sermouse - ok 09:12:40.0395 4448 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 09:12:40.0411 4448 SessionEnv - ok 09:12:40.0442 4448 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 09:12:40.0442 4448 sffdisk - ok 09:12:40.0458 4448 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 09:12:40.0473 4448 sffp_mmc - ok 09:12:40.0489 4448 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 09:12:40.0489 4448 sffp_sd - ok 09:12:40.0505 4448 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 09:12:40.0505 4448 sfloppy - ok 09:12:40.0536 4448 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 09:12:40.0551 4448 SharedAccess - ok 09:12:40.0583 4448 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 09:12:40.0598 4448 ShellHWDetection - ok 09:12:40.0614 4448 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 09:12:40.0629 4448 SiSRaid2 - ok 09:12:40.0645 4448 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 09:12:40.0645 4448 SiSRaid4 - ok 09:12:40.0676 4448 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 09:12:40.0676 4448 Smb - ok 09:12:40.0692 4448 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 09:12:40.0707 4448 SNMPTRAP - ok 09:12:40.0707 4448 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 09:12:40.0723 4448 spldr - ok 09:12:40.0770 4448 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 09:12:40.0785 4448 Spooler - ok 09:12:40.0895 4448 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 09:12:40.0973 4448 sppsvc - ok 09:12:41.0004 4448 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 09:12:41.0004 4448 sppuinotify - ok 09:12:41.0035 4448 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 09:12:41.0051 4448 srv - ok 09:12:41.0082 4448 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 09:12:41.0097 4448 srv2 - ok 09:12:41.0129 4448 [ 93132C69394A99D992095D8CFE464801 ] SrvHsfPCI C:\Windows\system32\DRIVERS\VSTBS26.SYS 09:12:41.0160 4448 SrvHsfPCI - ok 09:12:41.0207 4448 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS 09:12:41.0253 4448 SrvHsfV92 - ok 09:12:41.0300 4448 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 09:12:41.0316 4448 SrvHsfWinac - ok 09:12:41.0347 4448 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 09:12:41.0347 4448 srvnet - ok 09:12:41.0378 4448 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 09:12:41.0394 4448 SSDPSRV - ok 09:12:41.0409 4448 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 09:12:41.0425 4448 SstpSvc - ok 09:12:41.0441 4448 Steam Client Service - ok 09:12:41.0456 4448 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 09:12:41.0456 4448 stexstor - ok 09:12:41.0503 4448 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 09:12:41.0534 4448 stisvc - ok 09:12:41.0565 4448 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 09:12:41.0565 4448 swenum - ok 09:12:41.0675 4448 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 09:12:41.0690 4448 SwitchBoard - ok 09:12:41.0706 4448 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 09:12:41.0737 4448 swprv - ok 09:12:41.0784 4448 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 09:12:41.0831 4448 SysMain - ok 09:12:41.0862 4448 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 09:12:41.0862 4448 TabletInputService - ok 09:12:41.0893 4448 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 09:12:41.0909 4448 TapiSrv - ok 09:12:41.0924 4448 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 09:12:41.0924 4448 TBS - ok 09:12:42.0002 4448 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 09:12:42.0049 4448 Tcpip - ok 09:12:42.0111 4448 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 09:12:42.0127 4448 TCPIP6 - ok 09:12:42.0189 4448 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 09:12:42.0189 4448 tcpipreg - ok 09:12:42.0236 4448 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 09:12:42.0236 4448 TDPIPE - ok 09:12:42.0252 4448 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 09:12:42.0267 4448 TDTCP - ok 09:12:42.0299 4448 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 09:12:42.0299 4448 tdx - ok 09:12:42.0330 4448 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 09:12:42.0345 4448 TermDD - ok 09:12:42.0377 4448 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 09:12:42.0408 4448 TermService - ok 09:12:42.0423 4448 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 09:12:42.0439 4448 Themes - ok 09:12:42.0455 4448 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 09:12:42.0455 4448 THREADORDER - ok 09:12:42.0470 4448 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 09:12:42.0470 4448 TrkWks - ok 09:12:42.0501 4448 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 09:12:42.0501 4448 TrustedInstaller - ok 09:12:42.0533 4448 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 09:12:42.0533 4448 tssecsrv - ok 09:12:42.0611 4448 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 09:12:42.0611 4448 TsUsbFlt - ok 09:12:42.0657 4448 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 09:12:42.0673 4448 tunnel - ok 09:12:42.0720 4448 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 09:12:42.0720 4448 uagp35 - ok 09:12:42.0751 4448 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 09:12:42.0767 4448 udfs - ok 09:12:42.0798 4448 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 09:12:42.0813 4448 UI0Detect - ok 09:12:42.0845 4448 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 09:12:42.0845 4448 uliagpkx - ok 09:12:42.0891 4448 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 09:12:42.0891 4448 umbus - ok 09:12:42.0907 4448 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 09:12:42.0923 4448 UmPass - ok 09:12:42.0938 4448 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 09:12:42.0954 4448 upnphost - ok 09:12:42.0985 4448 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 09:12:42.0985 4448 USBAAPL64 - ok 09:12:43.0016 4448 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 09:12:43.0016 4448 usbccgp - ok 09:12:43.0047 4448 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 09:12:43.0047 4448 usbcir - ok 09:12:43.0063 4448 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 09:12:43.0063 4448 usbehci - ok 09:12:43.0079 4448 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 09:12:43.0094 4448 usbhub - ok 09:12:43.0094 4448 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 09:12:43.0110 4448 usbohci - ok 09:12:43.0141 4448 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 09:12:43.0141 4448 usbprint - ok 09:12:43.0172 4448 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 09:12:43.0172 4448 usbscan - ok 09:12:43.0188 4448 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS 09:12:43.0188 4448 USBSTOR - ok 09:12:43.0203 4448 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 09:12:43.0203 4448 usbuhci - ok 09:12:43.0219 4448 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 09:12:43.0235 4448 UxSms - ok 09:12:43.0250 4448 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 09:12:43.0250 4448 VaultSvc - ok 09:12:43.0266 4448 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 09:12:43.0266 4448 vdrvroot - ok 09:12:43.0313 4448 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 09:12:43.0328 4448 vds - ok 09:12:43.0344 4448 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 09:12:43.0344 4448 vga - ok 09:12:43.0359 4448 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 09:12:43.0359 4448 VgaSave - ok 09:12:43.0391 4448 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 09:12:43.0391 4448 vhdmp - ok 09:12:43.0422 4448 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 09:12:43.0422 4448 viaide - ok 09:12:43.0437 4448 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 09:12:43.0437 4448 volmgr - ok 09:12:43.0469 4448 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 09:12:43.0500 4448 volmgrx - ok 09:12:43.0531 4448 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 09:12:43.0547 4448 volsnap - ok 09:12:43.0562 4448 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 09:12:43.0578 4448 vsmraid - ok 09:12:43.0625 4448 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 09:12:43.0671 4448 VSS - ok 09:12:43.0999 4448 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe 09:12:44.0015 4448 vToolbarUpdater12.2.6 - ok 09:12:44.0030 4448 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 09:12:44.0030 4448 vwifibus - ok 09:12:44.0061 4448 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 09:12:44.0077 4448 W32Time - ok 09:12:44.0093 4448 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 09:12:44.0093 4448 WacomPen - ok 09:12:44.0124 4448 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 09:12:44.0124 4448 WANARP - ok 09:12:44.0139 4448 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 09:12:44.0139 4448 Wanarpv6 - ok 09:12:44.0217 4448 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 09:12:44.0249 4448 WatAdminSvc - ok 09:12:44.0311 4448 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 09:12:44.0342 4448 wbengine - ok 09:12:44.0373 4448 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 09:12:44.0373 4448 WbioSrvc - ok 09:12:44.0405 4448 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 09:12:44.0420 4448 wcncsvc - ok 09:12:44.0451 4448 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 09:12:44.0451 4448 WcsPlugInService - ok 09:12:44.0467 4448 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 09:12:44.0467 4448 Wd - ok 09:12:44.0498 4448 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 09:12:44.0514 4448 Wdf01000 - ok 09:12:44.0529 4448 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 09:12:44.0545 4448 WdiServiceHost - ok 09:12:44.0545 4448 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 09:12:44.0545 4448 WdiSystemHost - ok 09:12:44.0576 4448 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 09:12:44.0576 4448 WebClient - ok 09:12:44.0607 4448 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 09:12:44.0607 4448 Wecsvc - ok 09:12:44.0639 4448 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 09:12:44.0639 4448 wercplsupport - ok 09:12:44.0654 4448 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 09:12:44.0654 4448 WerSvc - ok 09:12:44.0670 4448 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 09:12:44.0670 4448 WfpLwf - ok 09:12:44.0685 4448 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 09:12:44.0701 4448 WIMMount - ok 09:12:44.0717 4448 WinDefend - ok 09:12:44.0717 4448 WinHttpAutoProxySvc - ok 09:12:44.0763 4448 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 09:12:44.0779 4448 Winmgmt - ok 09:12:44.0841 4448 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 09:12:44.0888 4448 WinRM - ok 09:12:44.0951 4448 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 09:12:44.0951 4448 WinUsb - ok 09:12:44.0982 4448 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 09:12:45.0013 4448 Wlansvc - ok 09:12:45.0029 4448 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 09:12:45.0029 4448 WmiAcpi - ok 09:12:45.0060 4448 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 09:12:45.0060 4448 wmiApSrv - ok 09:12:45.0075 4448 WMPNetworkSvc - ok 09:12:45.0091 4448 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 09:12:45.0107 4448 WPCSvc - ok 09:12:45.0122 4448 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 09:12:45.0122 4448 WPDBusEnum - ok 09:12:45.0138 4448 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 09:12:45.0153 4448 ws2ifsl - ok 09:12:45.0169 4448 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 09:12:45.0169 4448 wscsvc - ok 09:12:45.0185 4448 WSearch - ok 09:12:45.0278 4448 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 09:12:45.0341 4448 wuauserv - ok 09:12:45.0372 4448 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 09:12:45.0372 4448 WudfPf - ok 09:12:45.0419 4448 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 09:12:45.0419 4448 WUDFRd - ok 09:12:45.0465 4448 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 09:12:45.0465 4448 wudfsvc - ok 09:12:45.0497 4448 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 09:12:45.0512 4448 WwanSvc - ok 09:12:45.0543 4448 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys 09:12:45.0559 4448 yukonw7 - ok 09:12:45.0590 4448 ================ Scan global =============================== 09:12:45.0606 4448 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 09:12:45.0621 4448 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 09:12:45.0637 4448 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 09:12:45.0668 4448 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 09:12:45.0699 4448 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 09:12:45.0699 4448 [Global] - ok 09:12:45.0699 4448 ================ Scan MBR ================================== 09:12:45.0715 4448 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 09:12:45.0933 4448 \Device\Harddisk0\DR0 - ok 09:12:45.0949 4448 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1 09:12:45.0949 4448 \Device\Harddisk1\DR1 - ok 09:12:45.0949 4448 ================ Scan VBR ================================== 09:12:45.0965 4448 [ EDEC65156692363DBB832D62F76197FF ] \Device\Harddisk0\DR0\Partition1 09:12:45.0965 4448 \Device\Harddisk0\DR0\Partition1 - ok 09:12:45.0980 4448 [ 9C100CCFB35D0180B10FFF12FFB12825 ] \Device\Harddisk0\DR0\Partition2 09:12:45.0980 4448 \Device\Harddisk0\DR0\Partition2 - ok 09:12:45.0980 4448 [ 6E8CB53BE654C00C6C3DBD901D83F832 ] \Device\Harddisk1\DR1\Partition1 09:12:45.0980 4448 \Device\Harddisk1\DR1\Partition1 - ok 09:12:45.0996 4448 ============================================================ 09:12:45.0996 4448 Scan finished 09:12:45.0996 4448 ============================================================ 09:12:46.0011 4692 Detected object count: 0 09:12:46.0011 4692 Actual detected object count: 0
  7. Thanks for the help Maurice. Well that really was a good long scan. Here's what eset came up with. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=9cf56f0755d40b42b30b808401f2a127 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-09-07 04:52:42 # local_time=2012-09-07 12:52:42 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1024 16777215 100 0 17569620 17569620 0 0 # compatibility_mode=5893 16776574 100 94 1577808 98523859 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=618386 # found=4 # cleaned=4 # scan_time=13154 I:\Seagate Backup\*******\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C I:\Seagate Backup\*******\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent23.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C I:\Seagate Backup\*******\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent33.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C I:\Seagate Backup\*******\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent63.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  8. Trojans are continually found in external hard drive backup process. Wondering if they are false positive as AVG detected trojans involved with Mbam process when I ran it. DDS logs below, thanks for the help! . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2 Run by glenn at 9:34:34 on 2012-09-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2017 [GMT -4:00] . AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2012\avgfws.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Users\glenn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\glenn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\glenn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\glenn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\glenn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\glenn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\glenn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\glenn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe C:\Users\glenn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\glenn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll uRun: [Google Update] "C:\Users\glenn\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900 mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A5D620A6-3A3C-4BFE-98D2-D0B08116F398} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A5D620A6-3A3C-4BFE-98D2-D0B08116F398}\7457E63702F66602478656020716472796F64737 : DhcpNameServer = 192.168.2.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll BHO-X64: Searchqu Toolbar - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900 mRun-x64: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\glenn\AppData\Roaming\Mozilla\Firefox\Profiles\vzvktb1k.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Users\glenn\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-9-25 189736] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-2 655944] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176] R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-3 722528] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys --> C:\Windows\system32\DRIVERS\RTL8187B.sys [?] R3 SrvHsfPCI;SrvHsfPCI;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?] R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 250056] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-27 113120] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-09-03 01:29:42 -------- d-----w- C:\Users\glenn\AppData\Roaming\The Creative Assembly 2012-09-02 16:54:36 -------- d-----w- C:\Users\glenn\AppData\Roaming\Malwarebytes 2012-09-02 16:54:14 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-02 16:54:14 -------- d-----w- C:\ProgramData\Malwarebytes 2012-09-02 16:54:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-28 01:06:06 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-08-28 01:03:22 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-08-28 00:48:22 -------- d-----w- C:\Program Files (x86)\Steam 2012-08-28 00:30:17 -------- d-----w- C:\Program Files (x86)\Common Files\Steam 2012-08-27 21:58:59 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-08-27 21:58:50 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-08-27 21:58:50 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-08-27 21:58:49 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll 2012-08-27 21:58:49 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll 2012-08-15 10:06:03 503808 ----a-w- C:\Windows\System32\srcore.dll 2012-08-15 10:06:03 43008 ----a-w- C:\Windows\SysWow64\srclient.dll 2012-08-15 10:06:01 751104 ----a-w- C:\Windows\System32\win32spl.dll 2012-08-15 10:06:01 67072 ----a-w- C:\Windows\splwow64.exe 2012-08-15 10:06:01 559104 ----a-w- C:\Windows\System32\spoolsv.exe 2012-08-15 10:06:01 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2012-08-15 10:06:00 136704 ----a-w- C:\Windows\System32\browser.dll 2012-08-15 10:05:59 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-08-15 10:05:59 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-08-15 10:05:58 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-08-15 10:05:57 956928 ----a-w- C:\Windows\System32\localspl.dll 2012-08-15 02:47:44 -------- d-----w- C:\Program Files\iPod 2012-08-15 02:47:43 -------- d-----w- C:\Program Files\iTunes 2012-08-15 02:47:43 -------- d-----w- C:\Program Files (x86)\iTunes 2012-08-15 02:46:00 -------- d-----w- C:\Program Files\Bonjour 2012-08-15 02:46:00 -------- d-----w- C:\Program Files (x86)\Bonjour 2012-08-09 02:36:19 -------- d-----w- C:\Windows\System32\SPReview 2012-08-09 02:33:33 -------- d-----w- C:\Windows\System32\EventProviders . ==================== Find3M ==================== . 2012-09-04 00:24:42 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2012-08-28 01:05:56 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-14 18:54:26 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-14 18:54:26 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-09 02:50:53 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-08-09 02:50:53 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-25 20:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll 2012-06-20 16:54:52 71104 ----a-w- C:\Windows\CouponPrinter.ocx . ============= FINISH: 9:35:25.77 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 1/29/2012 3:14:49 AM System Uptime: 9/3/2012 11:22:59 AM (46 hours ago) . Motherboard: Gateway | | RS780 Processor: AMD Phenom 9100e Quad-Core Processor | AM2 | 900/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 596 GiB total, 390.074 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable I: is FIXED (NTFS) - 932 GiB total, 390.65 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco Systems VPN Adapter for 64-bit Windows Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter for 64-bit Windows PNP Device ID: ROOT\NET\0000 Service: CVirtA . Class GUID: Description: 802.11 n WLAN Device ID: USB\VID_050D&PID_825B\1.0 Manufacturer: Name: 802.11 n WLAN PNP Device ID: USB\VID_050D&PID_825B\1.0 Service: . ==== System Restore Points =================== . RP57: 8/16/2012 3:00:16 AM - Windows Update RP58: 8/27/2012 6:54:29 PM - Installed Steam RP59: 8/27/2012 8:29:33 PM - Installed Steam RP60: 8/27/2012 8:32:29 PM - Removed Steam RP61: 8/27/2012 8:48:00 PM - Installed Steam RP62: 8/27/2012 9:02:35 PM - Installed Java 7 Update 6 RP63: 8/27/2012 9:05:07 PM - Removed Java 7 Update 6 RP64: 8/27/2012 9:05:37 PM - Installed Java 7 Update 6 RP65: 9/2/2012 9:27:31 PM - Installed DirectX RP66: 9/2/2012 9:29:09 PM - Installed Microsoft Visual C++ 2005 Redistributable . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 2007 Microsoft Office system Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop CS5.1 Adobe Reader X (10.1.4) Amnesia - The Dark Descent Apple Application Support Apple Software Update Bastion Braid (Version 1.015) Carbonite Online Backup Setup Coupon Printer for Windows Empire: Total War Google Chrome Java 7 Update 6 Java Auto Updater Java 6 Update 31 jZip LIMBO Malwarebytes Anti-Malware version 1.62.0.1300 McAfee Security Scan Plus Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Hybrid 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft XNA Framework Redistributable 3.1 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB973685) PDF Settings CS5 PMB Seagate Manager Installer Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Shutterfly Express Uploader Steam Super Meat Boy v1.5 Team Fortress 2 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Visual Studio 2008 x64 Redistributables . ==== End Of File ===========================
  9. One note, just checked my norton history, and when it re-enabled upon startup while combofix was finishing it removed something called vfind.exe which I believe may have been part of combofix and it's detection the result of overzealous norton. Hopefully since this was in the create log part of process it didn't do anything to make combofix ineffective, guess the logs will show that though.
  10. Computer seems to be functioning normally. Scans below. Sunday, March 1, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, March 01, 2009 16:45:15 Records in database: 1859647 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer C:\ D:\ E:\ F:\ Scan statistics Files scanned 145305 Threat name 0 Infected objects 0 Suspicious objects 0 Duration of the scan 02:00:59 No malware has been detected. The scan area is clean. The selected area was scanned. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:58:11 PM, on 3/1/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Lotus\Notes\ntmulti.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\iTunes\iTunes.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Java\jre6\bin\java.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [userFaultCheck] C:\WINDOWS\system32\dumprep 0 -u O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - Startup: Adobe Media Player.lnk = C:\Config.Msi\e7fe31f.rbf O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/29.22/uploader2.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 9614 bytes
  11. Ok, computer restarted successfully now, combofix finished completing it's report, during startup my Norton internet security came on automatically and it looks like it blocked some access of combofix to norton, but it seems it was only during the report making process. Anyways here's the combofix report, will post Kapersky and Hijack this when they're done. ComboFix 09-02-28.01 - Glenn 2009-03-01 9:42:28.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.601 [GMT -5:00] Running from: c:\documents and settings\Glenn\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Glenn\Desktop\CFscript.txt AV: Norton Internet Security *On-access scanning disabled* (Updated) FW: Norton Internet Security *disabled* * Created a new restore point FILE :: c:\program files\Mozilla Firefox\plugins\npmnqmp07030901.dll c:\windows\inf\SET6B.tmp c:\windows\inf\SETDE.tmp . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Mozilla Firefox\plugins\npmnqmp07030901.dll c:\windows\inf\SET6B.tmp c:\windows\inf\SETDE.tmp . ((((((((((((((((((((((((( Files Created from 2009-02-01 to 2009-03-01 ))))))))))))))))))))))))))))))) . 2009-03-01 09:24 . 2009-03-01 09:24 <DIR> d-------- c:\program files\Java 2009-03-01 09:24 . 2009-03-01 09:24 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-28 21:50 . 2009-02-28 21:50 <DIR> d-------- c:\documents and settings\Kristi\Application Data\Malwarebytes 2009-02-27 19:26 . 2009-02-27 19:26 <DIR> d-------- c:\program files\SUPERAntiSpyware 2009-02-27 19:26 . 2009-02-27 19:26 <DIR> d-------- c:\documents and settings\Glenn\Application Data\SUPERAntiSpyware.com 2009-02-27 19:26 . 2009-02-27 19:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-02-27 19:23 . 2009-02-27 19:23 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-02-27 17:57 . 2009-02-27 17:57 <DIR> d-------- c:\program files\BillP Studios 2009-02-27 17:57 . 2009-02-27 17:57 <DIR> d-------- c:\documents and settings\Glenn\Application Data\WinPatrol 2009-02-27 17:51 . 2009-02-28 23:29 <DIR> d-------- c:\program files\SpywareBlaster 2009-02-27 17:30 . 2009-02-27 17:30 <DIR> d-------- c:\program files\FireTrust 2009-02-27 17:30 . 2009-02-27 17:33 <DIR> d-------- c:\documents and settings\Glenn\Application Data\SiteHound 2009-02-25 18:33 . 2009-02-27 02:06 <DIR> d-------- c:\documents and settings\Glenn\DoctorWeb 2009-02-25 18:24 . 2009-02-25 18:24 <DIR> d-------- c:\program files\CCleaner 2009-02-25 18:15 . 2009-02-25 18:15 <DIR> d-------- c:\program files\Common Files\Adobe 2009-02-25 18:12 . 2009-02-25 18:12 <DIR> d-------- c:\program files\NOS 2009-02-25 18:12 . 2009-02-25 18:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS 2009-02-24 21:11 . 2009-02-24 21:11 <DIR> d-------- c:\documents and settings\Glenn\Application Data\MSNInstaller 2009-02-24 19:17 . 2009-02-24 19:17 <DIR> d-------- c:\program files\Symantec 2009-02-24 19:17 . 2009-02-24 19:17 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS 2009-02-24 19:17 . 2009-02-24 19:17 60,808 --a------ c:\windows\system32\S32EVNT1.DLL 2009-02-24 19:17 . 2009-02-24 19:17 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys 2009-02-24 19:16 . 2009-02-24 19:16 <DIR> d-------- c:\windows\system32\drivers\NIS 2009-02-24 19:16 . 2009-02-24 19:16 <DIR> d-------- c:\program files\Windows Sidebar 2009-02-24 19:16 . 2009-02-24 19:16 <DIR> d-------- c:\program files\Norton Internet Security 2009-02-24 19:07 . 2009-02-24 19:07 <DIR> d-------- c:\program files\NortonInstaller 2009-02-24 19:07 . 2009-02-24 19:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCSettings 2009-02-24 19:07 . 2009-02-24 19:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-02-24 19:07 . 2009-02-24 19:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton 2009-02-24 19:05 . 2009-02-24 19:05 <DIR> d-------- c:\documents and settings\All Users\Symantec Temporary Files 2009-02-24 18:14 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-24 18:14 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-22 11:29 . 2009-02-22 11:29 <DIR> d-------- c:\program files\Trend Micro 2009-02-21 18:51 . 2009-03-01 09:24 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-21 18:24 . 2009-02-21 18:24 <DIR> d-------- c:\documents and settings\Kristi\DoctorWeb 2009-02-21 17:31 . 2009-02-21 17:31 23,518 --a------ c:\windows\system32\AAWService_2009_02_21_17_31_19.dmp 2009-02-21 11:16 . 2009-02-21 11:16 <DIR> d-------- c:\program files\Windows Installer Clean Up 2009-02-21 10:46 . 2009-02-21 10:46 <DIR> d-------- C:\Binaries 2009-02-21 10:41 . 2009-02-22 11:28 <DIR> d-------- c:\program files\Webroot 2009-02-21 07:48 . 2009-02-24 18:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-02 16:03 . 2009-02-02 16:04 <DIR> d-------- c:\program files\TaxCut08 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-01 04:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-25 22:57 --------- d-----w c:\documents and settings\Glenn\Application Data\AdobeUM 2009-02-25 12:34 --------- d-----w c:\program files\Lavasoft 2009-02-25 12:34 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-02-25 00:22 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-25 00:18 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-02-25 00:17 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-02-25 00:17 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-02-21 20:51 164 ----a-w C:\install.dat 2009-02-21 20:25 --------- d-----w c:\program files\Bonjour 2009-02-21 16:16 --------- d-----w c:\program files\MSECache 2009-02-21 15:53 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-21 15:53 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-11 08:02 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-04 06:09 --------- d-----w c:\documents and settings\Glenn\Application Data\DivX 2009-02-04 06:09 --------- d-----w c:\documents and settings\Glenn\Application Data\Corel 2009-02-04 06:09 --------- d-----w c:\documents and settings\Glenn\Application Data\Apple Computer 2009-02-04 06:09 --------- d-----w c:\documents and settings\Glenn\Application Data\Amazon 2009-02-02 21:01 --------- d-----w c:\documents and settings\All Users\Application Data\TaxCut 2009-01-12 00:55 --------- d-----w c:\program files\Amazon 2009-01-03 17:29 --------- d-----w c:\program files\Google 2009-01-03 16:00 --------- d-----w c:\program files\Yahoo! 2009-01-03 15:56 --------- d-----w c:\program files\Snocap 2009-01-03 15:56 --------- d-----w c:\program files\Roxio 2009-01-03 15:56 --------- d-----w c:\program files\Common Files\Sonic Shared 2009-01-03 15:34 --------- d-----w c:\program files\Common Files\AOL 2009-01-03 15:34 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2008-04-25 03:29 0 ----a-w c:\documents and settings\Kristi\cscript.exe 2007-01-07 15:37 5,971,432 ----a-w c:\program files\Firefox Setup 2.0.0.1.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-04-29 185784] "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 148888] "SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 c:\windows\stsystra.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2007-01-09 28672] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-01-03 24576] VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-08-14 6144] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\system32\\drivers\\svchost.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-08-09 29808] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1002000.007\SymEFA.sys [2009-02-24 309296] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-02-24 255536] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2009-02-24 362544] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090225.002\IDSxpx86.sys [2009-02-27 276344] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-02-24 115560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-25 33752] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-02-24 38496] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\install.exe . Contents of the 'Scheduled Tasks' folder 2009-02-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] 2009-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1787078446-2979493017-2922686131-1006.job - c:\documents and settings\Kristi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 19:36] 2009-02-28 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Kristi.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [] . . ------- Supplementary Scan ------- . uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll FF - ProfilePath - c:\documents and settings\Glenn\Application Data\Mozilla\Firefox\Profiles\2ebpp659.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-01 11:15:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(952) c:\program files\SUPERAntiSpyware\SASWINLO.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\scardsvr.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Juniper Networks\Common Files\dsNcService.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\msiexec.exe c:\lotus\Notes\ntmulti.exe c:\windows\system32\nvsvc32.exe c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe c:\program files\iPod\bin\iPodService.exe c:\program files\iTunes\iTunes.exe . ************************************************************************** . Completion time: 2009-03-01 11:21:06 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-01 16:21:02 ComboFix2.txt 2009-03-01 05:04:14 Pre-Run: 96,816,463,872 bytes free Post-Run: 96,811,155,456 bytes free 221 --- E O F --- 2009-02-24 22:54:07
  12. Combofix made some changes that didn't agree that time, was around step 50 I think when it closed without making report and rebooted windows automatically. Received a blue screen, and then one upon restart. Driver_IRQL_NOT_LESS_OR_EQUAL Stop: 0x000000D1 (0x00000030, 0x00000005, 0x00000000, 0xF3054613) HSFHWB52.sys - Address F306F613 base at f3049000, Datestamp 3fb8d436 other bluescreen had Address f3054613 base at f302E000, Datestamp 3fb8d436 Will wait until you let me know how to proceed. Thanks.
  13. ComboFix 09-02-28.01 - Glenn 2009-02-28 23:59:00.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.423 [GMT -5:00] Running from: c:\documents and settings\Glenn\Desktop\ComboFix.exe AV: Norton Internet Security *On-access scanning disabled* (Updated) FW: Norton Internet Security *disabled* * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-02-01 to 2009-03-01 ))))))))))))))))))))))))))))))) . 2009-02-28 21:50 . 2009-02-28 21:50 <DIR> d-------- c:\documents and settings\Kristi\Application Data\Malwarebytes 2009-02-27 19:26 . 2009-02-27 19:26 <DIR> d-------- c:\program files\SUPERAntiSpyware 2009-02-27 19:26 . 2009-02-27 19:26 <DIR> d-------- c:\documents and settings\Glenn\Application Data\SUPERAntiSpyware.com 2009-02-27 19:26 . 2009-02-27 19:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-02-27 19:23 . 2009-02-27 19:23 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-02-27 17:57 . 2009-02-27 17:57 <DIR> d-------- c:\program files\BillP Studios 2009-02-27 17:57 . 2009-02-27 17:57 <DIR> d-------- c:\documents and settings\Glenn\Application Data\WinPatrol 2009-02-27 17:51 . 2009-02-28 23:29 <DIR> d-------- c:\program files\SpywareBlaster 2009-02-27 17:30 . 2009-02-27 17:30 <DIR> d-------- c:\program files\FireTrust 2009-02-27 17:30 . 2009-02-27 17:33 <DIR> d-------- c:\documents and settings\Glenn\Application Data\SiteHound 2009-02-25 18:33 . 2009-02-27 02:06 <DIR> d-------- c:\documents and settings\Glenn\DoctorWeb 2009-02-25 18:24 . 2009-02-25 18:24 <DIR> d-------- c:\program files\CCleaner 2009-02-25 18:15 . 2009-02-25 18:15 <DIR> d-------- c:\program files\Common Files\Adobe 2009-02-25 18:12 . 2009-02-25 18:12 <DIR> d-------- c:\program files\NOS 2009-02-25 18:12 . 2009-02-25 18:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS 2009-02-24 21:11 . 2009-02-24 21:11 <DIR> d-------- c:\documents and settings\Glenn\Application Data\MSNInstaller 2009-02-24 19:17 . 2009-02-24 19:17 <DIR> d-------- c:\program files\Symantec 2009-02-24 19:17 . 2009-02-24 19:17 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS 2009-02-24 19:17 . 2009-02-24 19:17 60,808 --a------ c:\windows\system32\S32EVNT1.DLL 2009-02-24 19:17 . 2009-02-24 19:17 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys 2009-02-24 19:16 . 2009-02-24 19:16 <DIR> d-------- c:\windows\system32\drivers\NIS 2009-02-24 19:16 . 2009-02-24 19:16 <DIR> d-------- c:\program files\Windows Sidebar 2009-02-24 19:16 . 2009-02-24 19:16 <DIR> d-------- c:\program files\Norton Internet Security 2009-02-24 19:07 . 2009-02-24 19:07 <DIR> d-------- c:\program files\NortonInstaller 2009-02-24 19:07 . 2009-02-24 19:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCSettings 2009-02-24 19:07 . 2009-02-24 19:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-02-24 19:07 . 2009-02-24 19:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton 2009-02-24 19:05 . 2009-02-24 19:05 <DIR> d-------- c:\documents and settings\All Users\Symantec Temporary Files 2009-02-24 18:14 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-24 18:14 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-22 11:29 . 2009-02-22 11:29 <DIR> d-------- c:\program files\Trend Micro 2009-02-21 18:51 . 2009-02-21 18:51 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-21 18:24 . 2009-02-21 18:24 <DIR> d-------- c:\documents and settings\Kristi\DoctorWeb 2009-02-21 17:31 . 2009-02-21 17:31 23,518 --a------ c:\windows\system32\AAWService_2009_02_21_17_31_19.dmp 2009-02-21 11:16 . 2009-02-21 11:16 <DIR> d-------- c:\program files\Windows Installer Clean Up 2009-02-21 10:46 . 2009-02-21 10:46 <DIR> d-------- C:\Binaries 2009-02-21 10:41 . 2009-02-22 11:28 <DIR> d-------- c:\program files\Webroot 2009-02-21 07:48 . 2009-02-24 18:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-02 16:03 . 2009-02-02 16:04 <DIR> d-------- c:\program files\TaxCut08 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-01 04:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-25 22:57 --------- d-----w c:\documents and settings\Glenn\Application Data\AdobeUM 2009-02-25 12:34 --------- d-----w c:\program files\Lavasoft 2009-02-25 12:34 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-02-25 00:22 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-25 00:18 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-02-25 00:17 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-02-25 00:17 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-02-21 20:51 164 ----a-w C:\install.dat 2009-02-21 20:25 --------- d-----w c:\program files\Bonjour 2009-02-21 16:16 --------- d-----w c:\program files\MSECache 2009-02-21 15:53 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-21 15:53 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-11 08:02 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-04 06:09 --------- d-----w c:\documents and settings\Glenn\Application Data\DivX 2009-02-04 06:09 --------- d-----w c:\documents and settings\Glenn\Application Data\Corel 2009-02-04 06:09 --------- d-----w c:\documents and settings\Glenn\Application Data\Apple Computer 2009-02-04 06:09 --------- d-----w c:\documents and settings\Glenn\Application Data\Amazon 2009-02-02 21:01 --------- d-----w c:\documents and settings\All Users\Application Data\TaxCut 2009-01-17 02:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll 2009-01-12 00:55 --------- d-----w c:\program files\Amazon 2009-01-03 17:29 --------- d-----w c:\program files\Google 2009-01-03 16:00 --------- d-----w c:\program files\Yahoo! 2009-01-03 15:56 --------- d-----w c:\program files\Snocap 2009-01-03 15:56 --------- d-----w c:\program files\Roxio 2009-01-03 15:56 --------- d-----w c:\program files\Common Files\Sonic Shared 2009-01-03 15:34 --------- d-----w c:\program files\Common Files\AOL 2009-01-03 15:34 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2008-12-31 04:33 3,140 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-12-27 21:05 201,728 ----a-w c:\windows\system32\Nike+ Mini.scr 2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe 2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys 2008-04-25 03:29 0 ----a-w c:\documents and settings\Kristi\cscript.exe 2007-01-07 15:37 5,971,432 ----a-w c:\program files\Firefox Setup 2.0.0.1.exe 2006-10-03 06:43 2,402,550 ----a-w c:\windows\inf\SET6B.tmp 2004-08-04 10:00 1,431,144 ----a-w c:\windows\inf\SETDE.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-04-29 185784] "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120] "SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 c:\windows\stsystra.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2007-01-09 28672] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-01-03 24576] VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-08-14 6144] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\system32\\drivers\\svchost.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-08-09 29808] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1002000.007\SymEFA.sys [2009-02-24 309296] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-02-24 255536] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2009-02-24 362544] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090225.002\IDSxpx86.sys [2009-02-27 276344] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-02-24 115560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-25 33752] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-02-24 38496] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408] --- Other Services/Drivers In Memory --- *NewlyCreated* - GTNDIS5 *Deregistered* - DwShield000048A4 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\install.exe . Contents of the 'Scheduled Tasks' folder 2009-02-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] 2009-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1787078446-2979493017-2922686131-1006.job - c:\documents and settings\Kristi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 19:36] 2009-02-28 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Kristi.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [] . - - - - ORPHANS REMOVED - - - - HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe . ------- Supplementary Scan ------- . uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll FF - ProfilePath - c:\documents and settings\Glenn\Application Data\Mozilla\Firefox\Profiles\2ebpp659.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmnqmp07030901.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-01 00:02:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1128) c:\program files\SUPERAntiSpyware\SASWINLO.dll . Completion time: 2009-03-01 0:04:12 ComboFix-quarantined-files.txt 2009-03-01 05:04:10 ComboFix2.txt 2009-02-25 22:26:43 Pre-Run: 95,964,008,448 bytes free Post-Run: 96,754,552,832 bytes free 203 --- E O F --- 2009-02-24 22:54:07 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:07:03 AM, on 3/1/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Lotus\Notes\ntmulti.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [userFaultCheck] C:\WINDOWS\system32\dumprep 0 -u O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - Startup: Adobe Media Player.lnk = C:\Config.Msi\e7fe31f.rbf O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/29.22/uploader2.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 8781 bytes
  14. Not sure if I should've had my old thread reopened, but here's my Mbam and hijack this logs. System is running better than ever after Advancedsetups help, feel like I actually know what's happening on my PC thanks to things like Winpatrol and some other recommendations. Anyways, all scans are clean, Mbam, Superantispyware, NAV. But Norton around once or twice a day will detect and resolve by removing packed.generic.200. If this happens twice in one day it's seems to pop up and hour apart from each other. Malwarebytes' Anti-Malware 1.34 Database version: 1812 Windows 5.1.2600 Service Pack 3 2/28/2009 10:54:34 AM mbam-log-2009-02-28 (10-54-34).txt Scan type: Quick Scan Objects scanned: 85214 Time elapsed: 4 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:55:07 AM, on 2/28/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\msiexec.exe C:\Lotus\Notes\ntmulti.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing) O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [userFaultCheck] C:\WINDOWS\system32\dumprep 0 -u O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Startup: Adobe Media Player.lnk = C:\Config.Msi\e7fe31f.rbf O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/29.22/uploader2.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 9348 bytes
  15. Thanks, will look into those, thanks for all the help, hope I don't have to come back here, though I became somewhat addicted to reading everyones virus issues, weird.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.