Azzz090
Members-
Posts
9 -
Joined
-
Last visited
Reputation
0 Neutral-
Viruses being detected but not removed
Azzz090 replied to Azzz090's topic in Resolved Malware Removal Logs
I'm sorry about all the bumps. I really do appriciate the time you've put into helping me and I was taking the rather misguided position that any and all information would be usefull. Sorry again. I think everything has been sorted because the programmes showed nothing. I'll post the logs just incase though because i'm far from an expert. ComboFix 12-08-20.02 - Pan 20/08/2012 20:48:57.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1790.872 [GMT 1:00] Running from: c:\users\Pan\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 ))))))))))))))))))))))))))))))) . . 2012-08-20 20:01 . 2012-08-20 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-19 15:14 . 2012-08-19 15:14 -------- d-----w- c:\users\Pan\AppData\Local\ElevatedDiagnostics 2012-08-19 14:31 . 2012-08-19 14:33 -------- d-----w- c:\users\Pan\AppData\Local\Google 2012-08-18 20:02 . 2012-08-20 20:01 -------- d-----w- c:\users\Pan\AppData\Local\temp 2012-08-18 14:45 . 2012-08-18 14:45 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-08-17 16:39 . 2012-08-17 16:39 -------- d-----w- c:\program files\Oracle 2012-08-13 19:08 . 2012-08-13 19:08 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-08-10 19:50 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6414D645-C3EB-47C7-AAD8-73514EDD0F0B}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-14 23:30 . 2012-06-21 19:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-14 23:30 . 2011-07-30 18:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-05 21:06 . 2011-02-20 14:00 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-03 12:46 . 2010-05-02 06:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-21 18:34 . 2012-06-21 18:34 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-13 13:40 . 2012-07-14 17:56 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 16:47 . 2012-07-13 23:35 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 16:47 . 2012-07-13 23:35 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:26 . 2012-07-13 23:35 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 22:19 . 2012-06-21 17:18 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 17:18 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 17:17 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 17:17 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-21 17:18 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-21 17:18 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-21 17:17 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 14:19 . 2012-06-21 17:17 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 14:12 . 2012-06-21 17:17 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 08:33 . 2012-07-14 17:44 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 08:25 . 2012-07-14 17:44 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 08:25 . 2012-07-14 17:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 08:20 . 2012-07-14 17:44 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 08:16 . 2012-07-14 17:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 00:04 . 2012-07-13 23:35 278528 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 00:03 . 2012-07-13 23:35 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-05-31 11:25 . 2010-02-15 22:26 237072 ------w- c:\windows\system32\MpSigStub.exe 2011-04-25 00:58 . 2011-04-25 00:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll 2011-04-25 01:48 . 2011-04-25 01:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2011-04-25 01:00 . 2011-04-25 01:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2011-04-25 00:59 . 2011-04-25 00:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2011-04-25 00:58 . 2011-04-25 00:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2011-04-25 00:57 . 2011-04-25 00:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2011-04-25 00:58 . 2011-04-25 00:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2011-04-25 00:58 . 2011-04-25 00:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2010-03-31 10:09 . 2010-03-31 10:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll 2010-04-08 12:36 . 2010-04-08 12:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll 2011-04-25 00:51 . 2011-04-25 00:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2011-04-25 01:00 . 2011-04-25 01:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2012-07-18 18:40 . 2011-05-06 18:12 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 16:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-07-03 973488] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 2 (0x2) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 23:30] . 2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3347287116-2082654252-2714282664-1000Core.job - c:\users\Pan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-19 14:31] . 2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3347287116-2082654252-2714282664-1000UA.job - c:\users\Pan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-19 14:31] . 2012-08-19 c:\windows\Tasks\HPCeeScheduleForPan.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-28 18:34] . . ------- Supplementary Scan ------- . mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb uInternet Settings,ProxyOverride = <local>;*.local IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Pan\AppData\Roaming\Mozilla\Firefox\Profiles\ptp5irss.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.co.uk FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15435&locale=en_UK&apn_uid=82C573F3-9864-4582-88E4-89E11D130D1C&apn_ptnrs=GG&apn_sauid=&apn_dtid=YYYYYYB3GB&&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: yahoo.homepage.dontask - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-20 21:01 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2012-08-20 21:05:06 ComboFix-quarantined-files.txt 2012-08-20 20:05 ComboFix2.txt 2012-08-18 20:02 . Pre-Run: 87,380,357,120 bytes free Post-Run: 86,977,011,712 bytes free . - - End Of File - - CA1993286857C7D5036E7ABED722460A 21:15:37.0380 5984 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03 21:15:37.0692 5984 ============================================================ 21:15:37.0692 5984 Current date / time: 2012/08/20 21:15:37.0692 21:15:37.0692 5984 SystemInfo: 21:15:37.0692 5984 21:15:37.0692 5984 OS Version: 6.0.6002 ServicePack: 2.0 21:15:37.0692 5984 Product type: Workstation 21:15:37.0692 5984 ComputerName: PAN-PC 21:15:37.0692 5984 UserName: Pan 21:15:37.0692 5984 Windows directory: C:\Windows 21:15:37.0692 5984 System windows directory: C:\Windows 21:15:37.0692 5984 Processor architecture: Intel x86 21:15:37.0692 5984 Number of processors: 2 21:15:37.0692 5984 Page size: 0x1000 21:15:37.0692 5984 Boot type: Normal boot 21:15:37.0692 5984 ============================================================ 21:15:39.0393 5984 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 21:15:39.0408 5984 ============================================================ 21:15:39.0408 5984 \Device\Harddisk0\DR0: 21:15:39.0408 5984 MBR partitions: 21:15:39.0408 5984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BC8AFC1 21:15:39.0408 5984 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BC8B000, BlocksNum 0x1539000 21:15:39.0408 5984 ============================================================ 21:15:39.0440 5984 C: <-> \Device\Harddisk0\DR0\Partition1 21:15:39.0627 5984 D: <-> \Device\Harddisk0\DR0\Partition2 21:15:39.0627 5984 ============================================================ 21:15:39.0627 5984 Initialize success 21:15:39.0627 5984 ============================================================ 21:15:41.0686 5908 ============================================================ 21:15:41.0686 5908 Scan started 21:15:41.0686 5908 Mode: Manual; 21:15:41.0686 5908 ============================================================ 21:15:42.0794 5908 ================ Scan system memory ======================== 21:15:42.0794 5908 System memory - ok 21:15:42.0794 5908 ================ Scan services ============================= 21:15:43.0262 5908 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 21:15:43.0293 5908 ACPI - ok 21:15:43.0418 5908 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 21:15:43.0418 5908 AdobeFlashPlayerUpdateSvc - ok 21:15:43.0496 5908 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 21:15:43.0511 5908 adp94xx - ok 21:15:43.0558 5908 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 21:15:43.0558 5908 adpahci - ok 21:15:43.0605 5908 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 21:15:43.0605 5908 adpu160m - ok 21:15:43.0652 5908 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 21:15:43.0652 5908 adpu320 - ok 21:15:43.0698 5908 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 21:15:43.0698 5908 AeLookupSvc - ok 21:15:43.0761 5908 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 21:15:43.0776 5908 AFD - ok 21:15:43.0808 5908 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 21:15:43.0823 5908 agp440 - ok 21:15:43.0854 5908 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 21:15:43.0854 5908 aic78xx - ok 21:15:43.0901 5908 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 21:15:43.0932 5908 ALG - ok 21:15:43.0964 5908 [ 3D76FDA1A10ACC3DC84728F55C29B6D4 ] aliide C:\Windows\system32\drivers\aliide.sys 21:15:43.0964 5908 aliide - ok 21:15:43.0979 5908 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 21:15:43.0979 5908 amdagp - ok 21:15:43.0995 5908 [ 5B92E7839F5A1FBC1B39DE67758AD6F8 ] amdide C:\Windows\system32\drivers\amdide.sys 21:15:43.0995 5908 amdide - ok 21:15:44.0026 5908 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 21:15:44.0026 5908 AmdK7 - ok 21:15:44.0073 5908 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 21:15:44.0073 5908 AmdK8 - ok 21:15:44.0104 5908 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 21:15:44.0104 5908 Appinfo - ok 21:15:44.0276 5908 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 21:15:44.0276 5908 Apple Mobile Device - ok 21:15:44.0354 5908 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 21:15:44.0354 5908 arc - ok 21:15:44.0400 5908 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 21:15:44.0400 5908 arcsas - ok 21:15:44.0541 5908 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 21:15:44.0541 5908 aspnet_state - ok 21:15:44.0588 5908 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 21:15:44.0588 5908 AsyncMac - ok 21:15:44.0650 5908 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 21:15:44.0666 5908 atapi - ok 21:15:44.0744 5908 [ 600EFE56F37ADBD65A0FB076B50D1B8D ] athr C:\Windows\system32\DRIVERS\athr.sys 21:15:44.0775 5908 athr - ok 21:15:44.0853 5908 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 21:15:44.0884 5908 AudioEndpointBuilder - ok 21:15:44.0900 5908 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 21:15:44.0915 5908 Audiosrv - ok 21:15:44.0993 5908 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 21:15:44.0993 5908 Beep - ok 21:15:45.0056 5908 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 21:15:45.0165 5908 BFE - ok 21:15:45.0368 5908 [ 76154FA6A742C613B44BB636B1A7C057 ] BHDrvx86 C:\Windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys 21:15:45.0430 5908 BHDrvx86 - ok 21:15:45.0524 5908 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 21:15:45.0524 5908 blbdrive - ok 21:15:45.0586 5908 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 21:15:45.0617 5908 Bonjour Service - ok 21:15:45.0680 5908 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 21:15:45.0695 5908 bowser - ok 21:15:45.0726 5908 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 21:15:45.0726 5908 BrFiltLo - ok 21:15:45.0773 5908 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 21:15:45.0773 5908 BrFiltUp - ok 21:15:45.0804 5908 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 21:15:45.0820 5908 Browser - ok 21:15:45.0851 5908 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 21:15:45.0851 5908 Brserid - ok 21:15:45.0898 5908 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 21:15:45.0898 5908 BrSerWdm - ok 21:15:45.0960 5908 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 21:15:45.0960 5908 BrUsbMdm - ok 21:15:46.0023 5908 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 21:15:46.0023 5908 BrUsbSer - ok 21:15:46.0054 5908 [ CCE53AFC28347CC18EA139972E5B5E5A ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 21:15:46.0054 5908 BthEnum - ok 21:15:46.0101 5908 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 21:15:46.0101 5908 BTHMODEM - ok 21:15:46.0179 5908 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 21:15:46.0179 5908 BthPan - ok 21:15:46.0241 5908 [ AC8A1689D5EFC4D214201155A78D8F4B ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 21:15:46.0272 5908 BTHPORT - ok 21:15:46.0304 5908 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll 21:15:46.0304 5908 BthServ - ok 21:15:46.0335 5908 [ 288C1F74E3E2EED6C7B54EB3AAC70856 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 21:15:46.0350 5908 BTHUSB - ok 21:15:46.0725 5908 catchme - ok 21:15:46.0803 5908 [ 3182B846490DC4D71FABD4A8CB6B73EA ] ccHP C:\Windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys 21:15:46.0850 5908 ccHP - ok 21:15:46.0881 5908 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 21:15:46.0896 5908 cdfs - ok 21:15:46.0959 5908 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 21:15:46.0959 5908 cdrom - ok 21:15:46.0990 5908 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 21:15:47.0006 5908 CertPropSvc - ok 21:15:47.0037 5908 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 21:15:47.0037 5908 circlass - ok 21:15:47.0084 5908 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 21:15:47.0099 5908 CLFS - ok 21:15:47.0146 5908 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:15:47.0146 5908 clr_optimization_v2.0.50727_32 - ok 21:15:47.0240 5908 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:15:47.0240 5908 clr_optimization_v4.0.30319_32 - ok 21:15:47.0286 5908 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 21:15:47.0286 5908 CmBatt - ok 21:15:47.0302 5908 [ D36372A6EA6805EFBE8884D10772313F ] cmdide C:\Windows\system32\drivers\cmdide.sys 21:15:47.0302 5908 cmdide - ok 21:15:47.0364 5908 [ 1ADF6F4852E7D7E2E8AC481BDB970586 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys 21:15:47.0364 5908 CnxtHdAudService - ok 21:15:47.0458 5908 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 21:15:47.0474 5908 Com4QLBEx - ok 21:15:47.0520 5908 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 21:15:47.0520 5908 Compbatt - ok 21:15:47.0536 5908 COMSysApp - ok 21:15:47.0552 5908 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 21:15:47.0567 5908 crcdisk - ok 21:15:47.0630 5908 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 21:15:47.0630 5908 Crusoe - ok 21:15:47.0723 5908 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll 21:15:47.0739 5908 CryptSvc - ok 21:15:47.0801 5908 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys 21:15:47.0801 5908 ctxusbm - ok 21:15:48.0004 5908 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 21:15:48.0082 5908 cvhsvc - ok 21:15:48.0176 5908 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 21:15:48.0191 5908 DcomLaunch - ok 21:15:48.0254 5908 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 21:15:48.0254 5908 DfsC - ok 21:15:48.0363 5908 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 21:15:48.0456 5908 DFSR - ok 21:15:48.0519 5908 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 21:15:48.0534 5908 Dhcp - ok 21:15:48.0581 5908 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 21:15:48.0581 5908 disk - ok 21:15:48.0628 5908 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 21:15:48.0659 5908 Dnscache - ok 21:15:48.0690 5908 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 21:15:48.0706 5908 dot3svc - ok 21:15:48.0753 5908 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 21:15:48.0753 5908 DPS - ok 21:15:48.0784 5908 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 21:15:48.0800 5908 drmkaud - ok 21:15:48.0909 5908 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 21:15:48.0956 5908 DXGKrnl - ok 21:15:49.0002 5908 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 21:15:49.0002 5908 E1G60 - ok 21:15:49.0034 5908 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 21:15:49.0034 5908 EapHost - ok 21:15:49.0080 5908 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 21:15:49.0096 5908 Ecache - ok 21:15:49.0252 5908 [ 96BCD90ED9235A21629EFFDE5E941FB1 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 21:15:49.0268 5908 eeCtrl - ok 21:15:49.0424 5908 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 21:15:49.0439 5908 ehRecvr - ok 21:15:49.0470 5908 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 21:15:49.0486 5908 ehSched - ok 21:15:49.0502 5908 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 21:15:49.0517 5908 ehstart - ok 21:15:49.0580 5908 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 21:15:49.0611 5908 elxstor - ok 21:15:49.0767 5908 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 21:15:49.0782 5908 EMDMgmt - ok 21:15:49.0845 5908 [ 392C86F6B45C0BC696C32C27F51E749F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 21:15:49.0845 5908 EraserUtilRebootDrv - ok 21:15:49.0876 5908 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 21:15:49.0876 5908 ErrDev - ok 21:15:50.0016 5908 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 21:15:50.0032 5908 EventSystem - ok 21:15:50.0110 5908 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 21:15:50.0126 5908 exfat - ok 21:15:50.0204 5908 [ 42F721C52EEF2D6DF9372A53813A83EF ] ezSharedSvc C:\Windows\System32\ezsvc7.dll 21:15:50.0219 5908 ezSharedSvc - ok 21:15:50.0313 5908 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 21:15:50.0328 5908 fastfat - ok 21:15:50.0391 5908 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 21:15:50.0391 5908 fdc - ok 21:15:50.0438 5908 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 21:15:50.0453 5908 fdPHost - ok 21:15:50.0516 5908 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 21:15:50.0531 5908 FDResPub - ok 21:15:50.0609 5908 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 21:15:50.0625 5908 FileInfo - ok 21:15:50.0672 5908 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 21:15:50.0672 5908 Filetrace - ok 21:15:50.0703 5908 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 21:15:50.0703 5908 flpydisk - ok 21:15:50.0765 5908 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 21:15:50.0796 5908 FltMgr - ok 21:15:50.0937 5908 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 21:15:50.0999 5908 FontCache - ok 21:15:51.0062 5908 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 21:15:51.0062 5908 FontCache3.0.0.0 - ok 21:15:51.0155 5908 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 21:15:51.0155 5908 fssfltr - ok 21:15:51.0342 5908 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe 21:15:51.0436 5908 fsssvc - ok 21:15:51.0467 5908 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 21:15:51.0498 5908 Fs_Rec - ok 21:15:51.0545 5908 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 21:15:51.0545 5908 gagp30kx - ok 21:15:51.0654 5908 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe 21:15:51.0654 5908 GameConsoleService - ok 21:15:51.0764 5908 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 21:15:51.0764 5908 GEARAspiWDM - ok 21:15:51.0826 5908 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 21:15:51.0857 5908 gpsvc - ok 21:15:51.0920 5908 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 21:15:51.0920 5908 HdAudAddService - ok 21:15:52.0029 5908 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 21:15:52.0060 5908 HDAudBus - ok 21:15:52.0076 5908 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 21:15:52.0076 5908 HidBth - ok 21:15:52.0107 5908 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 21:15:52.0107 5908 HidIr - ok 21:15:52.0169 5908 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll 21:15:52.0169 5908 hidserv - ok 21:15:52.0232 5908 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 21:15:52.0232 5908 HidUsb - ok 21:15:52.0278 5908 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 21:15:52.0278 5908 hkmsvc - ok 21:15:52.0388 5908 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe 21:15:52.0403 5908 HP Health Check Service - ok 21:15:52.0512 5908 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 21:15:52.0512 5908 HpCISSs - ok 21:15:52.0590 5908 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 21:15:52.0590 5908 HpqKbFiltr - ok 21:15:52.0731 5908 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 21:15:52.0731 5908 hpqwmiex - ok 21:15:52.0824 5908 [ CC267848CB3508E72762BE65734E764D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys 21:15:52.0856 5908 HSF_DPV - ok 21:15:52.0902 5908 [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys 21:15:52.0902 5908 HSXHWAZL - ok 21:15:52.0996 5908 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 21:15:53.0012 5908 HTTP - ok 21:15:53.0074 5908 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 21:15:53.0074 5908 i2omp - ok 21:15:53.0121 5908 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 21:15:53.0121 5908 i8042prt - ok 21:15:53.0168 5908 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 21:15:53.0168 5908 iaStorV - ok 21:15:53.0277 5908 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 21:15:53.0277 5908 IDriverT - ok 21:15:53.0339 5908 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 21:15:53.0386 5908 idsvc - ok 21:15:53.0589 5908 [ 785B0AB77D977445D58B02EA63C11FB2 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100415.001\IDSvix86.sys 21:15:53.0620 5908 IDSVix86 - ok 21:15:53.0651 5908 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 21:15:53.0667 5908 iirsp - ok 21:15:53.0745 5908 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 21:15:53.0760 5908 IKEEXT - ok 21:15:53.0823 5908 [ DD512A049BD7B4BCE8A83554C5EFF2C1 ] intelide C:\Windows\system32\drivers\intelide.sys 21:15:53.0823 5908 intelide - ok 21:15:53.0870 5908 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 21:15:53.0870 5908 intelppm - ok 21:15:53.0916 5908 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 21:15:53.0916 5908 IPBusEnum - ok 21:15:53.0963 5908 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:15:53.0963 5908 IpFilterDriver - ok 21:15:54.0057 5908 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 21:15:54.0057 5908 iphlpsvc - ok 21:15:54.0072 5908 IpInIp - ok 21:15:54.0104 5908 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 21:15:54.0104 5908 IPMIDRV - ok 21:15:54.0135 5908 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 21:15:54.0135 5908 IPNAT - ok 21:15:54.0213 5908 [ CA1972397B845B2F53F5DC63C22FD98A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 21:15:54.0244 5908 iPod Service - ok 21:15:54.0260 5908 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 21:15:54.0260 5908 IRENUM - ok 21:15:54.0291 5908 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 21:15:54.0291 5908 isapnp - ok 21:15:54.0322 5908 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 21:15:54.0322 5908 iScsiPrt - ok 21:15:54.0338 5908 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 21:15:54.0338 5908 iteatapi - ok 21:15:54.0369 5908 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 21:15:54.0369 5908 iteraid - ok 21:15:54.0384 5908 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 21:15:54.0384 5908 kbdclass - ok 21:15:54.0447 5908 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 21:15:54.0462 5908 kbdhid - ok 21:15:54.0494 5908 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 21:15:54.0494 5908 KeyIso - ok 21:15:54.0618 5908 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 21:15:54.0650 5908 KSecDD - ok 21:15:54.0728 5908 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 21:15:54.0743 5908 KtmRm - ok 21:15:54.0790 5908 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll 21:15:54.0821 5908 LanmanServer - ok 21:15:54.0868 5908 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 21:15:54.0930 5908 LanmanWorkstation - ok 21:15:55.0024 5908 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 21:15:55.0024 5908 LightScribeService - ok 21:15:55.0071 5908 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 21:15:55.0086 5908 lltdio - ok 21:15:55.0149 5908 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 21:15:55.0164 5908 lltdsvc - ok 21:15:55.0211 5908 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 21:15:55.0211 5908 lmhosts - ok 21:15:55.0242 5908 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 21:15:55.0242 5908 LSI_FC - ok 21:15:55.0258 5908 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 21:15:55.0258 5908 LSI_SAS - ok 21:15:55.0305 5908 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 21:15:55.0305 5908 LSI_SCSI - ok 21:15:55.0336 5908 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 21:15:55.0367 5908 luafv - ok 21:15:55.0367 5908 lxbc_device - ok 21:15:55.0430 5908 [ CA0A6FF40EBB10B19F108EB2404F40A7 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys 21:15:55.0430 5908 mbamchameleon - ok 21:15:55.0648 5908 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe 21:15:55.0664 5908 McComponentHostService - ok 21:15:55.0695 5908 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 21:15:55.0742 5908 Mcx2Svc - ok 21:15:55.0851 5908 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 21:15:55.0882 5908 mdmxsdk - ok 21:15:55.0929 5908 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 21:15:55.0929 5908 megasas - ok 21:15:56.0022 5908 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 21:15:56.0038 5908 MegaSR - ok 21:15:56.0132 5908 Microsoft SharePoint Workspace Audit Service - ok 21:15:56.0210 5908 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 21:15:56.0225 5908 MMCSS - ok 21:15:56.0256 5908 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 21:15:56.0272 5908 Modem - ok 21:15:56.0350 5908 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 21:15:56.0350 5908 monitor - ok 21:15:56.0381 5908 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 21:15:56.0381 5908 mouclass - ok 21:15:56.0412 5908 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 21:15:56.0412 5908 mouhid - ok 21:15:56.0444 5908 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 21:15:56.0459 5908 MountMgr - ok 21:15:56.0506 5908 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 21:15:56.0522 5908 MozillaMaintenance - ok 21:15:56.0553 5908 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 21:15:56.0553 5908 mpio - ok 21:15:56.0584 5908 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 21:15:56.0600 5908 mpsdrv - ok 21:15:56.0662 5908 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 21:15:56.0678 5908 MpsSvc - ok 21:15:56.0709 5908 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 21:15:56.0724 5908 Mraid35x - ok 21:15:56.0771 5908 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 21:15:56.0802 5908 MRxDAV - ok 21:15:56.0834 5908 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 21:15:56.0849 5908 mrxsmb - ok 21:15:56.0896 5908 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:15:56.0927 5908 mrxsmb10 - ok 21:15:56.0958 5908 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:15:56.0958 5908 mrxsmb20 - ok 21:15:56.0990 5908 [ AA305CFF241DA187BD5077DE4A2A043D ] msahci C:\Windows\system32\drivers\msahci.sys 21:15:57.0005 5908 msahci - ok 21:15:57.0052 5908 [ D98350792A7CE82E7459A7C36481BEDA ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe 21:15:57.0068 5908 MSCamSvc - ok 21:15:57.0099 5908 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 21:15:57.0099 5908 msdsm - ok 21:15:57.0146 5908 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 21:15:57.0161 5908 MSDTC - ok 21:15:57.0224 5908 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 21:15:57.0224 5908 Msfs - ok 21:15:57.0255 5908 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 21:15:57.0255 5908 msisadrv - ok 21:15:57.0302 5908 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 21:15:57.0302 5908 MSiSCSI - ok 21:15:57.0333 5908 msiserver - ok 21:15:57.0364 5908 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 21:15:57.0364 5908 MSKSSRV - ok 21:15:57.0395 5908 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 21:15:57.0395 5908 MSPCLOCK - ok 21:15:57.0411 5908 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 21:15:57.0411 5908 MSPQM - ok 21:15:57.0489 5908 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 21:15:57.0520 5908 MsRPC - ok 21:15:57.0551 5908 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 21:15:57.0551 5908 mssmbios - ok 21:15:57.0582 5908 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 21:15:57.0582 5908 MSTEE - ok 21:15:57.0598 5908 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 21:15:57.0614 5908 Mup - ok 21:15:57.0660 5908 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 21:15:57.0676 5908 napagent - ok 21:15:57.0738 5908 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 21:15:57.0738 5908 NativeWifiP - ok 21:15:57.0816 5908 NAVENG - ok 21:15:57.0832 5908 NAVEX15 - ok 21:15:57.0910 5908 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 21:15:57.0910 5908 NDIS - ok 21:15:57.0972 5908 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 21:15:57.0988 5908 NdisTapi - ok 21:15:58.0004 5908 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 21:15:58.0019 5908 Ndisuio - ok 21:15:58.0082 5908 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 21:15:58.0113 5908 NdisWan - ok 21:15:58.0144 5908 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 21:15:58.0144 5908 NDProxy - ok 21:15:58.0175 5908 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 21:15:58.0175 5908 NetBIOS - ok 21:15:58.0253 5908 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 21:15:58.0269 5908 netbt - ok 21:15:58.0300 5908 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 21:15:58.0316 5908 Netlogon - ok 21:15:58.0378 5908 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 21:15:58.0394 5908 Netman - ok 21:15:58.0487 5908 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 21:15:58.0534 5908 netprofm - ok 21:15:58.0565 5908 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:15:58.0581 5908 NetTcpPortSharing - ok 21:15:58.0799 5908 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys 21:15:58.0862 5908 NETw3v32 - ok 21:15:58.0877 5908 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 21:15:58.0877 5908 nfrd960 - ok 21:15:58.0955 5908 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 21:15:58.0971 5908 NlaSvc - ok 21:15:59.0049 5908 [ 64C89DB40949FD0E7C8FF303676A91F1 ] Norton Internet Security C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe 21:15:59.0049 5908 Norton Internet Security - ok 21:15:59.0111 5908 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 21:15:59.0111 5908 Npfs - ok 21:15:59.0158 5908 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 21:15:59.0158 5908 nsi - ok 21:15:59.0220 5908 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 21:15:59.0236 5908 nsiproxy - ok 21:15:59.0298 5908 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 21:15:59.0314 5908 Ntfs - ok 21:15:59.0361 5908 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 21:15:59.0361 5908 ntrigdigi - ok 21:15:59.0408 5908 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 21:15:59.0408 5908 Null - ok 21:15:59.0532 5908 [ AE78A7285DF03A277415FC62F8CE8F24 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys 21:15:59.0548 5908 NVENETFD - ok 21:15:59.0595 5908 [ B0DD52428BF564F5FC5EE331060BE2A6 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys 21:15:59.0595 5908 NVHDA - ok 21:16:00.0000 5908 [ 9DAC05D828E56801FD6CE5FDFCED64AF ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 21:16:00.0110 5908 nvlddmkm - ok 21:16:00.0141 5908 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 21:16:00.0156 5908 nvraid - ok 21:16:00.0188 5908 [ 0FB6BF3AB170FC5BD403D25E134EAFDE ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys 21:16:00.0188 5908 nvsmu - ok 21:16:00.0250 5908 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 21:16:00.0250 5908 nvstor - ok 21:16:00.0312 5908 [ 51E7F2C26B6ECE61C5241F1F731EAB2B ] nvsvc C:\Windows\system32\nvvsvc.exe 21:16:00.0359 5908 nvsvc - ok 21:16:00.0390 5908 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 21:16:00.0390 5908 nv_agp - ok 21:16:00.0406 5908 NwlnkFlt - ok 21:16:00.0406 5908 NwlnkFwd - ok 21:16:00.0468 5908 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 21:16:00.0484 5908 ohci1394 - ok 21:16:00.0578 5908 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:16:00.0593 5908 ose - ok 21:16:00.0983 5908 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 21:16:01.0202 5908 osppsvc - ok 21:16:01.0326 5908 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 21:16:01.0373 5908 p2pimsvc - ok 21:16:01.0404 5908 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 21:16:01.0404 5908 p2psvc - ok 21:16:01.0451 5908 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 21:16:01.0451 5908 Parport - ok 21:16:01.0576 5908 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 21:16:01.0576 5908 partmgr - ok 21:16:01.0623 5908 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 21:16:01.0623 5908 Parvdm - ok 21:16:01.0670 5908 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 21:16:01.0685 5908 PcaSvc - ok 21:16:01.0732 5908 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 21:16:01.0779 5908 pci - ok 21:16:01.0826 5908 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys 21:16:01.0826 5908 pciide - ok 21:16:01.0872 5908 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 21:16:01.0872 5908 pcmcia - ok 21:16:01.0935 5908 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 21:16:01.0966 5908 PEAUTH - ok 21:16:02.0106 5908 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 21:16:02.0200 5908 pla - ok 21:16:02.0309 5908 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 21:16:02.0309 5908 PlugPlay - ok 21:16:02.0418 5908 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 21:16:02.0450 5908 PNRPAutoReg - ok 21:16:02.0496 5908 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 21:16:02.0512 5908 PNRPsvc - ok 21:16:02.0559 5908 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 21:16:02.0684 5908 PolicyAgent - ok 21:16:02.0824 5908 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 21:16:02.0824 5908 PptpMiniport - ok 21:16:02.0871 5908 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys 21:16:02.0871 5908 Processor - ok 21:16:02.0933 5908 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 21:16:02.0949 5908 ProfSvc - ok 21:16:02.0964 5908 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 21:16:02.0964 5908 ProtectedStorage - ok 21:16:03.0027 5908 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 21:16:03.0027 5908 PSched - ok 21:16:03.0089 5908 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 21:16:03.0089 5908 ql2300 - ok 21:16:03.0152 5908 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 21:16:03.0167 5908 ql40xx - ok 21:16:03.0261 5908 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 21:16:03.0261 5908 QWAVE - ok 21:16:03.0308 5908 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 21:16:03.0308 5908 QWAVEdrv - ok 21:16:03.0339 5908 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 21:16:03.0339 5908 RasAcd - ok 21:16:03.0370 5908 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 21:16:03.0370 5908 RasAuto - ok 21:16:03.0401 5908 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 21:16:03.0417 5908 Rasl2tp - ok 21:16:03.0479 5908 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 21:16:03.0510 5908 RasMan - ok 21:16:03.0557 5908 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 21:16:03.0557 5908 RasPppoe - ok 21:16:03.0604 5908 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 21:16:03.0635 5908 RasSstp - ok 21:16:03.0682 5908 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 21:16:03.0682 5908 rdbss - ok 21:16:03.0713 5908 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 21:16:03.0713 5908 RDPCDD - ok 21:16:03.0791 5908 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 21:16:03.0791 5908 rdpdr - ok 21:16:03.0807 5908 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 21:16:03.0807 5908 RDPENCDD - ok 21:16:03.0932 5908 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 21:16:03.0947 5908 RDPWD - ok 21:16:04.0072 5908 [ 0D362785BEF9BDF5A6E1F4628D06716D ] Recovery Service for Windows C:\Program Files\SMINST\BLService.exe 21:16:04.0103 5908 Recovery Service for Windows - ok 21:16:04.0197 5908 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 21:16:04.0212 5908 RemoteAccess - ok 21:16:04.0259 5908 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 21:16:04.0275 5908 RemoteRegistry - ok 21:16:04.0353 5908 [ 23F486726DA7A9B2F3EC7326421A9C36 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 21:16:04.0353 5908 RFCOMM - ok 21:16:04.0478 5908 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe 21:16:04.0493 5908 RichVideo - ok 21:16:04.0540 5908 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 21:16:04.0587 5908 RpcLocator - ok 21:16:04.0618 5908 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 21:16:04.0634 5908 RpcSs - ok 21:16:04.0712 5908 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 21:16:04.0712 5908 rspndr - ok 21:16:04.0774 5908 [ 8DAB5975B5C7923D61506A48E251DBAD ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS 21:16:04.0774 5908 RTSTOR - ok 21:16:04.0805 5908 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 21:16:04.0821 5908 SamSs - ok 21:16:04.0868 5908 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 21:16:04.0868 5908 sbp2port - ok 21:16:05.0070 5908 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 21:16:05.0133 5908 SBSDWSCService - ok 21:16:05.0226 5908 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 21:16:05.0242 5908 SCardSvr - ok 21:16:05.0367 5908 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 21:16:05.0382 5908 Schedule - ok 21:16:05.0460 5908 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 21:16:05.0460 5908 SCPolicySvc - ok 21:16:05.0538 5908 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 21:16:05.0538 5908 sdbus - ok 21:16:05.0632 5908 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 21:16:05.0648 5908 SDRSVC - ok 21:16:05.0679 5908 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 21:16:05.0710 5908 secdrv - ok 21:16:05.0757 5908 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 21:16:05.0757 5908 seclogon - ok 21:16:05.0788 5908 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll 21:16:05.0804 5908 SENS - ok 21:16:05.0850 5908 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 21:16:05.0850 5908 Serenum - ok 21:16:05.0897 5908 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 21:16:05.0897 5908 Serial - ok 21:16:05.0960 5908 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 21:16:05.0960 5908 sermouse - ok 21:16:06.0022 5908 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 21:16:06.0053 5908 SessionEnv - ok 21:16:06.0084 5908 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 21:16:06.0084 5908 sffdisk - ok 21:16:06.0116 5908 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 21:16:06.0116 5908 sffp_mmc - ok 21:16:06.0131 5908 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 21:16:06.0131 5908 sffp_sd - ok 21:16:06.0194 5908 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 21:16:06.0194 5908 sfloppy - ok 21:16:06.0240 5908 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 21:16:06.0256 5908 Sftfs - ok 21:16:06.0303 5908 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe 21:16:06.0334 5908 sftlist - ok 21:16:06.0381 5908 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 21:16:06.0381 5908 Sftplay - ok 21:16:06.0443 5908 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 21:16:06.0443 5908 Sftredir - ok 21:16:06.0490 5908 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 21:16:06.0490 5908 Sftvol - ok 21:16:06.0506 5908 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe 21:16:06.0521 5908 sftvsa - ok 21:16:06.0584 5908 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 21:16:06.0599 5908 SharedAccess - ok 21:16:06.0693 5908 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 21:16:06.0693 5908 ShellHWDetection - ok 21:16:06.0755 5908 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 21:16:06.0755 5908 sisagp - ok 21:16:06.0802 5908 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 21:16:06.0802 5908 SiSRaid2 - ok 21:16:06.0864 5908 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 21:16:06.0864 5908 SiSRaid4 - ok 21:16:07.0098 5908 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 21:16:07.0270 5908 slsvc - ok 21:16:07.0332 5908 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 21:16:07.0364 5908 SLUINotify - ok 21:16:07.0442 5908 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 21:16:07.0473 5908 Smb - ok 21:16:07.0535 5908 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 21:16:07.0551 5908 SNMPTRAP - ok 21:16:07.0598 5908 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 21:16:07.0613 5908 spldr - ok 21:16:07.0644 5908 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 21:16:07.0644 5908 Spooler - ok 21:16:07.0878 5908 [ E81F6CAEAB9AD5732E94C07C97866AA2 ] SRTSP C:\Windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS 21:16:07.0894 5908 SRTSP - ok 21:16:07.0925 5908 [ E28DE499D942B08058BFFAC69D4122B6 ] SRTSPX C:\Windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS 21:16:07.0956 5908 SRTSPX - ok 21:16:08.0019 5908 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 21:16:08.0066 5908 srv - ok 21:16:08.0112 5908 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 21:16:08.0159 5908 srv2 - ok 21:16:08.0206 5908 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 21:16:08.0237 5908 srvnet - ok 21:16:08.0284 5908 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 21:16:08.0300 5908 SSDPSRV - ok 21:16:08.0378 5908 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 21:16:08.0378 5908 SstpSvc - ok 21:16:08.0456 5908 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 21:16:08.0487 5908 StillCam - ok 21:16:08.0534 5908 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 21:16:08.0565 5908 stisvc - ok 21:16:08.0596 5908 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 21:16:08.0596 5908 swenum - ok 21:16:08.0658 5908 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 21:16:08.0690 5908 swprv - ok 21:16:08.0721 5908 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 21:16:08.0721 5908 Symc8xx - ok 21:16:08.0736 5908 SYMDNS - ok 21:16:08.0799 5908 [ D0885F6E24259A6C65E68D6AD749910A ] SymEFA C:\Windows\system32\drivers\NIS\1008030.006\SYMEFA.SYS 21:16:08.0861 5908 SymEFA - ok 21:16:08.0908 5908 [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS 21:16:08.0908 5908 SymEvent - ok 21:16:08.0924 5908 SYMFW - ok 21:16:08.0986 5908 [ 34F1C9D5DCC19DF1E824D6B73767B8AF ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys 21:16:08.0986 5908 SymIM - ok 21:16:09.0002 5908 SYMNDISV - ok 21:16:09.0017 5908 SYMREDRV - ok 21:16:09.0064 5908 [ 26BC80EC79D7BA478249C266CBDF17B4 ] SYMTDI C:\Windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS 21:16:09.0064 5908 SYMTDI - ok 21:16:09.0080 5908 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 21:16:09.0080 5908 Sym_hi - ok 21:16:09.0126 5908 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 21:16:09.0126 5908 Sym_u3 - ok 21:16:09.0189 5908 [ 00B19F27858F56181EDB58B71A7C67A0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 21:16:09.0189 5908 SynTP - ok 21:16:09.0251 5908 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 21:16:09.0282 5908 SysMain - ok 21:16:09.0345 5908 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 21:16:09.0360 5908 TabletInputService - ok 21:16:09.0407 5908 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 21:16:09.0423 5908 TapiSrv - ok 21:16:09.0470 5908 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 21:16:09.0470 5908 TBS - ok 21:16:09.0532 5908 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 21:16:09.0548 5908 Tcpip - ok 21:16:09.0626 5908 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 21:16:09.0657 5908 Tcpip6 - ok 21:16:09.0719 5908 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 21:16:09.0750 5908 tcpipreg - ok 21:16:09.0782 5908 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 21:16:09.0797 5908 TDPIPE - ok 21:16:09.0828 5908 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 21:16:09.0828 5908 TDTCP - ok 21:16:09.0875 5908 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 21:16:09.0875 5908 tdx - ok 21:16:09.0969 5908 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 21:16:09.0969 5908 TermDD - ok 21:16:10.0047 5908 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 21:16:10.0047 5908 TermService - ok 21:16:10.0094 5908 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 21:16:10.0109 5908 Themes - ok 21:16:10.0140 5908 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 21:16:10.0156 5908 THREADORDER - ok 21:16:10.0218 5908 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 21:16:10.0250 5908 TrkWks - ok 21:16:10.0312 5908 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 21:16:10.0343 5908 TrustedInstaller - ok 21:16:10.0390 5908 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 21:16:10.0390 5908 tssecsrv - ok 21:16:10.0421 5908 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 21:16:10.0437 5908 tunmp - ok 21:16:10.0468 5908 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 21:16:10.0468 5908 tunnel - ok 21:16:10.0499 5908 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 21:16:10.0499 5908 uagp35 - ok 21:16:10.0562 5908 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 21:16:10.0562 5908 udfs - ok 21:16:10.0608 5908 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 21:16:10.0640 5908 UI0Detect - ok 21:16:10.0671 5908 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 21:16:10.0671 5908 uliagpkx - ok 21:16:10.0702 5908 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 21:16:10.0702 5908 uliahci - ok 21:16:10.0733 5908 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 21:16:10.0733 5908 UlSata - ok 21:16:10.0780 5908 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 21:16:10.0780 5908 ulsata2 - ok 21:16:10.0811 5908 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 21:16:10.0827 5908 umbus - ok 21:16:10.0920 5908 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 21:16:10.0936 5908 upnphost - ok 21:16:10.0998 5908 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 21:16:11.0014 5908 USBAAPL - ok 21:16:11.0076 5908 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 21:16:11.0108 5908 usbaudio - ok 21:16:11.0154 5908 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 21:16:11.0186 5908 usbccgp - ok 21:16:11.0232 5908 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 21:16:11.0248 5908 usbcir - ok 21:16:11.0295 5908 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 21:16:11.0295 5908 usbehci - ok 21:16:11.0342 5908 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 21:16:11.0357 5908 usbhub - ok 21:16:11.0388 5908 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 21:16:11.0420 5908 usbohci - ok 21:16:11.0466 5908 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 21:16:11.0482 5908 usbprint - ok 21:16:11.0545 5908 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:16:11.0545 5908 USBSTOR - ok 21:16:11.0592 5908 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 21:16:11.0592 5908 usbuhci - ok 21:16:11.0686 5908 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 21:16:11.0701 5908 usbvideo - ok 21:16:11.0733 5908 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 21:16:11.0748 5908 UxSms - ok 21:16:11.0811 5908 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 21:16:11.0873 5908 vds - ok 21:16:11.0904 5908 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 21:16:11.0904 5908 vga - ok 21:16:11.0935 5908 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 21:16:11.0967 5908 VgaSave - ok 21:16:11.0998 5908 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 21:16:11.0998 5908 viaagp - ok 21:16:12.0029 5908 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 21:16:12.0029 5908 ViaC7 - ok 21:16:12.0060 5908 [ EA1AA6E3ABB3C194FEBA12A46DE8CF2C ] viaide C:\Windows\system32\drivers\viaide.sys 21:16:12.0076 5908 viaide - ok 21:16:12.0107 5908 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 21:16:12.0107 5908 volmgr - ok 21:16:12.0169 5908 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 21:16:12.0185 5908 volmgrx - ok 21:16:12.0247 5908 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys 21:16:12.0263 5908 volsnap - ok 21:16:12.0279 5908 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 21:16:12.0294 5908 vsmraid - ok 21:16:12.0419 5908 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 21:16:12.0497 5908 VSS - ok 21:16:12.0653 5908 [ E26744E5DD71A16E80D4DD5A286B8423 ] VX3000 C:\Windows\system32\DRIVERS\VX3000.sys 21:16:12.0700 5908 VX3000 - ok 21:16:12.0778 5908 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 21:16:12.0793 5908 W32Time - ok 21:16:12.0856 5908 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 21:16:12.0856 5908 WacomPen - ok 21:16:12.0934 5908 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 21:16:12.0965 5908 Wanarp - ok 21:16:12.0965 5908 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 21:16:12.0981 5908 Wanarpv6 - ok 21:16:13.0059 5908 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 21:16:13.0090 5908 wcncsvc - ok 21:16:13.0137 5908 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 21:16:13.0168 5908 WcsPlugInService - ok 21:16:13.0215 5908 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 21:16:13.0215 5908 Wd - ok 21:16:13.0293 5908 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 21:16:13.0308 5908 Wdf01000 - ok 21:16:13.0355 5908 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 21:16:13.0371 5908 WdiServiceHost - ok 21:16:13.0386 5908 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 21:16:13.0402 5908 WdiSystemHost - ok 21:16:13.0480 5908 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 21:16:13.0480 5908 WebClient - ok 21:16:13.0605 5908 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 21:16:13.0620 5908 Wecsvc - ok 21:16:13.0667 5908 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 21:16:13.0683 5908 wercplsupport - ok 21:16:13.0729 5908 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 21:16:13.0761 5908 WerSvc - ok 21:16:13.0854 5908 [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys 21:16:13.0870 5908 winachsf - ok 21:16:13.0948 5908 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 21:16:13.0963 5908 WinDefend - ok 21:16:13.0995 5908 WinHttpAutoProxySvc - ok 21:16:14.0104 5908 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 21:16:14.0119 5908 Winmgmt - ok 21:16:14.0197 5908 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 21:16:14.0291 5908 WinRM - ok 21:16:14.0353 5908 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 21:16:14.0385 5908 Wlansvc - ok 21:16:14.0759 5908 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 21:16:14.0868 5908 wlidsvc - ok 21:16:14.0931 5908 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 21:16:14.0931 5908 WmiAcpi - ok 21:16:14.0993 5908 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 21:16:15.0009 5908 wmiApSrv - ok 21:16:15.0165 5908 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 21:16:15.0211 5908 WMPNetworkSvc - ok 21:16:15.0274 5908 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 21:16:15.0289 5908 WPCSvc - ok 21:16:15.0336 5908 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 21:16:15.0352 5908 WPDBusEnum - ok 21:16:15.0399 5908 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 21:16:15.0399 5908 WpdUsb - ok 21:16:15.0555 5908 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 21:16:15.0601 5908 WPFFontCache_v0400 - ok 21:16:15.0648 5908 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 21:16:15.0664 5908 ws2ifsl - ok 21:16:15.0711 5908 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll 21:16:15.0726 5908 wscsvc - ok 21:16:15.0773 5908 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 21:16:15.0789 5908 WSDPrintDevice - ok 21:16:15.0804 5908 WSearch - ok 21:16:15.0976 5908 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 21:16:16.0085 5908 wuauserv - ok 21:16:16.0101 5908 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 21:16:16.0116 5908 WUDFRd - ok 21:16:16.0179 5908 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 21:16:16.0194 5908 wudfsvc - ok 21:16:16.0257 5908 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys 21:16:16.0257 5908 XAudio - ok 21:16:16.0319 5908 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe 21:16:16.0335 5908 XAudioService - ok 21:16:16.0428 5908 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys 21:16:16.0444 5908 yukonwlh - ok 21:16:16.0459 5908 ================ Scan global =============================== 21:16:16.0537 5908 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 21:16:16.0600 5908 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 21:16:16.0631 5908 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 21:16:16.0709 5908 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 21:16:16.0709 5908 [Global] - ok 21:16:16.0709 5908 ================ Scan MBR ================================== 21:16:16.0771 5908 [ 588AE8F0C685C02BA11F30D9CD7E61A0 ] \Device\Harddisk0\DR0 21:16:17.0255 5908 \Device\Harddisk0\DR0 - ok 21:16:17.0255 5908 ================ Scan VBR ================================== 21:16:17.0271 5908 [ 645998E75AE47ED1E51475A0C5603374 ] \Device\Harddisk0\DR0\Partition1 21:16:17.0286 5908 \Device\Harddisk0\DR0\Partition1 - ok 21:16:17.0286 5908 [ 513BE8C10A76F353B60ED78287C5DDE6 ] \Device\Harddisk0\DR0\Partition2 21:16:17.0302 5908 \Device\Harddisk0\DR0\Partition2 - ok 21:16:17.0302 5908 ============================================================ 21:16:17.0302 5908 Scan finished 21:16:17.0302 5908 ============================================================ 21:16:17.0349 6276 Detected object count: 0 21:16:17.0349 6276 Actual detected object count: 0 21:21:59.0733 5008 Deinitialize success Results of screen317's Security Check version 0.99.46 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.62.0.1300 JavaFX 2.1.1 Java 6 Update 24 Java 7 Update 5 Java 6 Update 7 Java version out of Date! Adobe Flash Player 11.3.300.271 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (Firefox,. Firefox out of Date! Google Chrome 21.0.1180.79 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Spybot Teatimer.exe is disabled! `````````````````System Health check````````````````` Total Fragmentation on Drive C: 7 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` -
Viruses being detected but not removed
Azzz090 replied to Azzz090's topic in Resolved Malware Removal Logs
Sorry to keep posting but I'm really spooked about all this. I don't think my problem has been completed, as I can't upload any windows updates and their automatic solutions page cannot resolve it either. Could someone possibly tell me a way of making sure my laptop is currently clean or not? I'm afraid that the virus has just managed to make itself undetectable by malewarebytes. -
Viruses being detected but not removed
Azzz090 replied to Azzz090's topic in Resolved Malware Removal Logs
I've run a couple more Malwarebytes scans since doing the above and it's no longer detecting any problems. If that's the end of the story then thank you so, so much. I'm a total novice at things like this and i really appriciate the time you took to help me. =) -
Viruses being detected but not removed
Azzz090 replied to Azzz090's topic in Resolved Malware Removal Logs
. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Pan at 21:06:25 on 2012-08-18 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1790.701 [GMT 1:00] . AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxbccoms.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\SMINST\BLService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\System32\alg.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\System32\mobsync.exe C:\Windows\Explorer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb uInternet Settings,ProxyOverride = <local>;*.local BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.3.6\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5" mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter" mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0" mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0" mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe" mRun: [VX3000] c:\windows\vVX3000.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{ADC6FCD1-4C03-4A32-BC03-B13D92DD62DE} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{BEC2AB5C-2F1E-4BA4-B5AA-888E30B510B1} : DhcpNameServer = 192.168.137.1 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.3.6\CoIEPlg.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\users\pan\appdata\roaming\mozilla\firefox\profiles\ptp5irss.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.co.uk FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15435&locale=en_UK&apn_uid=82C573F3-9864-4582-88E4-89E11D130D1C&apn_ptnrs=GG&apn_sauid=&apn_dtid=YYYYYYB3GB&&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: yahoo.homepage.dontask - true . ============= SERVICES / DRIVERS =============== . R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008030.006\SymEFA.sys [2011-10-11 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008030.006\BHDrvx86.sys [2011-10-11 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys [2011-10-11 467592] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-4-25 65584] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100415.001\IDSvix86.sys [2010-4-17 343088] R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe -service --> c:\windows\system32\lxbccoms.exe -service [?] R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.3.6\ccSvcHst.exe [2011-10-11 117648] R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-28 365952] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-29 1153368] R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040] R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944] R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864] R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304] R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-21 250056] S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-28 193840] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-24 102448] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-21 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-8-18 31560] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896] . =============== Created Last 30 ================ . 2012-08-18 20:02:06 -------- d-----w- c:\users\pan\appdata\local\temp 2012-08-18 19:54:44 -------- d-----w- C:\$RECYCLE.BIN 2012-08-18 19:32:54 256000 ----a-w- c:\windows\PEV.exe 2012-08-18 19:32:54 208896 ----a-w- c:\windows\MBR.exe 2012-08-18 19:32:53 98816 ----a-w- c:\windows\sed.exe 2012-08-18 19:32:53 518144 ----a-w- c:\windows\SWREG.exe 2012-08-18 19:32:34 -------- d-----w- C:\ComboFix 2012-08-18 15:42:07 -------- d-----w- c:\users\pan\appdata\local\{7EF2CA78-90D9-4ECB-8746-C007020E1095} 2012-08-18 14:45:13 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-08-18 14:18:41 -------- d-----w- c:\users\pan\appdata\local\{B5B9D7F7-19D8-42DC-B258-7C998E990F90} 2012-08-17 16:39:36 -------- d-----w- c:\program files\Oracle 2012-08-17 16:17:35 -------- d-----w- c:\users\pan\appdata\local\{053928AA-88E7-429D-8CA3-5739830A6A52} 2012-08-17 16:17:10 -------- d-----w- c:\users\pan\appdata\local\{6AD4C5B9-EE33-4405-8E98-101EDA6C1A0D} 2012-08-16 16:01:19 -------- d-----w- c:\users\pan\appdata\local\{17FAA6B0-9946-407A-A3F0-E6BC6F07F6E0} 2012-08-16 16:00:40 -------- d-----w- c:\users\pan\appdata\local\{807056E7-8E71-4BF3-9923-629900A1D74A} 2012-08-15 16:48:22 -------- d-----w- c:\users\pan\appdata\local\{1E40E3CD-7FF7-44FF-B09A-5F042925ECDB} 2012-08-15 16:47:54 -------- d-----w- c:\users\pan\appdata\local\{A18921C6-3EAF-4E04-8F94-AE3536F21F68} 2012-08-14 12:55:52 -------- d-----w- c:\users\pan\appdata\local\{799399B8-CE06-47F2-A5AA-5A62EB0076FB} 2012-08-14 12:55:29 -------- d-----w- c:\users\pan\appdata\local\{F2309C55-5273-44A8-AC8A-95C64E41F1CC} 2012-08-13 19:08:35 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-08-13 15:50:53 -------- d-----w- c:\users\pan\appdata\local\{F4FB7E55-525D-462F-8BF4-E199C647CB79} 2012-08-13 15:50:34 -------- d-----w- c:\users\pan\appdata\local\{FD3F9E0B-F9F1-47A8-A146-795FF06E7DA4} 2012-08-13 09:16:34 -------- d-----w- c:\users\pan\appdata\local\{83F832F8-8950-4476-9AA1-12208B5F05F2} 2012-08-12 11:33:46 -------- d-----w- c:\users\pan\appdata\local\{ACA6F10F-B641-447E-9522-DFB9555DE6D7} 2012-08-12 11:33:30 -------- d-----w- c:\users\pan\appdata\local\{51DE061C-27AF-445F-889B-2BBE4F154D2C} 2012-08-11 18:54:56 -------- d-----w- c:\users\pan\appdata\local\{C15A903E-A267-49B7-A48B-E6B7AD9E8DC7} 2012-08-11 18:54:13 -------- d-----w- c:\users\pan\appdata\local\{34E89B81-8292-4190-BE96-0BF43D5B1A40} 2012-08-10 19:50:01 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6414d645-c3eb-47c7-aad8-73514edd0f0b}\mpengine.dll 2012-08-10 19:41:39 -------- d-----w- c:\users\pan\appdata\local\{E0B3327F-D375-4440-88D6-8092FE43A169} 2012-08-10 19:41:20 -------- d-----w- c:\users\pan\appdata\local\{A492ACC9-D571-4D72-A8A1-71BEC9A17266} 2012-08-10 00:47:43 -------- d-----w- c:\users\pan\appdata\local\{B7D49221-C8EE-4225-A731-B39B61B73850} 2012-08-10 00:47:18 -------- d-----w- c:\users\pan\appdata\local\{EBC8F122-FACF-4DF8-88F5-8DA6494F463E} 2012-08-09 11:08:26 -------- d-----w- c:\users\pan\appdata\local\{AB8D7EFD-9D91-4DDE-B94E-9E3260AE408B} 2012-08-09 11:08:13 -------- d-----w- c:\users\pan\appdata\local\{695209BD-6E25-4C83-BC08-DFDA3CCA3DFA} 2012-08-08 03:32:03 -------- d-----w- c:\users\pan\appdata\local\{2654DED9-667A-461D-ABF9-D289B73BD883} 2012-08-08 03:31:08 -------- d-----w- c:\users\pan\appdata\local\{E659948B-2406-4DAA-B8AE-41F3CDFDAF6F} 2012-08-07 12:20:51 -------- d-----w- c:\users\pan\appdata\local\{162B9FFA-AD5E-48AF-904F-C3BF46E9CDBE} 2012-08-07 12:20:06 -------- d-----w- c:\users\pan\appdata\local\{B262EB23-8731-493C-B5C5-2901ACA0E333} 2012-08-06 08:58:54 -------- d-----w- c:\users\pan\appdata\local\{A5C712D2-E95F-4516-A221-28C3496253BA} 2012-08-06 08:58:39 -------- d-----w- c:\users\pan\appdata\local\{6F50665D-66C8-4FE3-BF83-70B917D090A0} 2012-08-01 10:29:43 -------- d-----w- c:\users\pan\appdata\local\{CCC167EF-907F-480D-BB1B-2FC7B22891C7} 2012-08-01 10:29:12 -------- d-----w- c:\users\pan\appdata\local\{4BFD3D89-09F7-4D89-8FAC-519873CB162B} 2012-07-28 19:36:08 -------- d-----w- c:\users\pan\appdata\local\{71E94E74-13D8-4BC6-BD6C-81D45F9BB412} 2012-07-28 19:35:33 -------- d-----w- c:\users\pan\appdata\local\{672C54BA-6449-4242-8A91-25AA0B666313} 2012-07-27 22:49:51 -------- d-----w- c:\users\pan\appdata\local\{B759CAAE-DF7A-4E17-AB59-89AB4733234D} 2012-07-27 22:49:28 -------- d-----w- c:\users\pan\appdata\local\{BA7430A2-2A39-4745-BE95-B546AB5992C9} 2012-07-26 08:26:54 -------- d-----w- c:\users\pan\appdata\local\{7ADCBCC8-A007-448E-9047-F66AF8A32D77} 2012-07-26 08:26:40 -------- d-----w- c:\users\pan\appdata\local\{8644702F-9408-4DD1-9D3B-78344F6876C8} 2012-07-25 12:43:37 -------- d-----w- c:\users\pan\appdata\local\{DE88CED2-E51C-4A3D-ABD3-18DAD4FF37E2} 2012-07-25 12:43:05 -------- d-----w- c:\users\pan\appdata\local\{AFA1ED6E-EA76-4B9F-BDE1-06FF5573C4DA} 2012-07-24 12:37:35 -------- d-----w- c:\users\pan\appdata\local\{42ED71AA-459E-4332-86B9-F688464A8F36} 2012-07-24 12:37:19 -------- d-----w- c:\users\pan\appdata\local\{71055A3E-E12C-4802-9315-19D1F33483BB} 2012-07-23 17:55:12 -------- d-----w- c:\users\pan\appdata\local\{2981DD60-0DAB-4319-BC87-16F3609E5827} 2012-07-23 17:54:56 -------- d-----w- c:\users\pan\appdata\local\{C46358A0-EAEE-4EC9-9E15-A318C7730180} 2012-07-22 13:14:34 -------- d-----w- c:\users\pan\appdata\local\{2903F81C-B5C7-42E7-A372-4297B94EF638} 2012-07-22 13:14:19 -------- d-----w- c:\users\pan\appdata\local\{DB2D6CBE-5EEC-44F2-A5B8-F5BB9ECE6E77} 2012-07-21 17:20:15 -------- d-----w- c:\users\pan\appdata\local\{CAECAD3C-825F-40EE-9CC9-42BF317E485A} 2012-07-21 17:19:58 -------- d-----w- c:\users\pan\appdata\local\{28FF73EB-FBB8-4C18-8DA2-1B54A1973422} 2012-07-20 12:27:57 -------- d-----w- c:\users\pan\appdata\local\{BCED2EC5-E1A2-4BCF-9A37-B203ED1A6445} 2012-07-20 12:27:44 -------- d-----w- c:\users\pan\appdata\local\{7D408AA6-2436-4685-A17E-FC22651D730E} . ==================== Find3M ==================== . 2012-08-14 23:30:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-14 23:30:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-05 21:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-03 12:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 14:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 14:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-05-31 11:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 21:07:05.21 =============== -
Viruses being detected but not removed
Azzz090 replied to Azzz090's topic in Resolved Malware Removal Logs
Had to uninstall and redowload but I got it. I'll post the other when it's gone through ComboFix 12-08-18.03 - Pan 18/08/2012 20:38:14.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1790.653 [GMT 1:00] Running from: c:\users\Pan\Downloads\ComboFix.exe AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Pan\AppData\Local\{CB1AAAAA-5F5B-455C-96FF-012FE6DDB2E3} c:\users\Pan\AppData\Local\{CB1AAAAA-5F5B-455C-96FF-012FE6DDB2E3}\chrome.manifest c:\users\Pan\AppData\Local\{CB1AAAAA-5F5B-455C-96FF-012FE6DDB2E3}\chrome\content\_cfg.js c:\users\Pan\AppData\Local\{CB1AAAAA-5F5B-455C-96FF-012FE6DDB2E3}\chrome\content\overlay.xul c:\users\Pan\AppData\Local\{CB1AAAAA-5F5B-455C-96FF-012FE6DDB2E3}\install.rdf c:\users\Pan\AppData\Roaming\Cioq c:\users\Pan\AppData\Roaming\Cioq\atun.nyk c:\users\Pan\AppData\Roaming\Ethiy c:\users\Pan\AppData\Roaming\Ethiy\ahidg.ydu c:\users\Pan\AppData\Roaming\Evxe c:\users\Pan\AppData\Roaming\Evxe\uqsuk.car c:\users\Pan\AppData\Roaming\Evxe\uqsuk.tmp c:\users\Pan\AppData\Roaming\Idyr c:\users\Pan\AppData\Roaming\Idyr\usuk.evd c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\ddv.dll c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\energy.dll c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\energy.drv c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\energy.exe c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\exec.drv c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\exec.sys c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\fan.tmp c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\fix.exe c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\fix.tmp c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\FS.sys c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\FW.exe c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\gid.sys c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\hymt.tmp c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\pal.dll c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\PE.exe c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\runddl.dll c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.tmp c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\sld.drv c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\SM.dll c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\std.exe c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\std.tmp c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.sys c:\users\Pan\AppData\Roaming\Roketi c:\users\Pan\AppData\Roaming\Roketi\heig.laf c:\users\Pan\AppData\Roaming\Udgub c:\users\Pan\AppData\Roaming\Udgub\efeqb.oly c:\users\Pan\AppData\Roaming\Undiaz c:\users\Pan\AppData\Roaming\Undiaz\ebbeo.afp c:\users\Pan\AppData\Roaming\Uwicy c:\users\Pan\AppData\Roaming\Uwicy\fudy.ezl c:\users\Pan\AppData\Roaming\Wyivos c:\users\Pan\AppData\Roaming\Wyivos\zuqia.ymi c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 ))))))))))))))))))))))))))))))) . . 2012-08-18 14:45 . 2012-08-18 14:45 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-08-17 16:39 . 2012-08-17 16:39 -------- d-----w- c:\program files\Oracle 2012-08-13 19:08 . 2012-08-13 19:08 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-08-10 19:50 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6414D645-C3EB-47C7-AAD8-73514EDD0F0B}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-14 23:30 . 2012-06-21 19:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-14 23:30 . 2011-07-30 18:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-05 21:06 . 2011-02-20 14:00 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-03 12:46 . 2010-05-02 06:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-21 18:34 . 2012-06-21 18:34 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-13 13:40 . 2012-07-14 17:56 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 16:47 . 2012-07-13 23:35 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 16:47 . 2012-07-13 23:35 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:26 . 2012-07-13 23:35 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 22:19 . 2012-06-21 17:18 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 17:18 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 17:17 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 17:17 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-21 17:18 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-21 17:18 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-21 17:17 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 14:19 . 2012-06-21 17:17 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 14:12 . 2012-06-21 17:17 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 08:33 . 2012-07-14 17:44 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 08:25 . 2012-07-14 17:44 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 08:25 . 2012-07-14 17:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 08:20 . 2012-07-14 17:44 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 08:16 . 2012-07-14 17:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 00:04 . 2012-07-13 23:35 278528 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 00:03 . 2012-07-13 23:35 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-05-31 11:25 . 2010-02-15 22:26 237072 ------w- c:\windows\system32\MpSigStub.exe 2011-04-25 00:58 . 2011-04-25 00:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll 2011-04-25 01:48 . 2011-04-25 01:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2011-04-25 01:00 . 2011-04-25 01:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2011-04-25 00:59 . 2011-04-25 00:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2011-04-25 00:58 . 2011-04-25 00:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2011-04-25 00:57 . 2011-04-25 00:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2011-04-25 00:58 . 2011-04-25 00:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2011-04-25 00:58 . 2011-04-25 00:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2010-03-31 10:09 . 2010-03-31 10:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll 2010-04-08 12:36 . 2010-04-08 12:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll 2011-04-25 00:51 . 2011-04-25 00:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2011-04-25 01:00 . 2011-04-25 01:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2012-07-18 18:40 . 2011-05-06 18:12 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 16:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-07-03 973488] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 2 (0x2) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 23:30] . 2012-08-12 c:\windows\Tasks\HPCeeScheduleForPan.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-28 18:34] . . ------- Supplementary Scan ------- . mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb uInternet Settings,ProxyOverride = <local>;*.local IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Pan\AppData\Roaming\Mozilla\Firefox\Profiles\ptp5irss.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.co.uk FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15435&locale=en_UK&apn_uid=82C573F3-9864-4582-88E4-89E11D130D1C&apn_ptnrs=GG&apn_sauid=&apn_dtid=YYYYYYB3GB&&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . AddRemove-Spotify - c:\users\Pan\AppData\Roaming\Spotify\Spotify.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-18 20:56 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\WLANExt.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\lxbccoms.exe c:\program files\Microsoft LifeCam\MSCamS32.exe c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe c:\program files\SMINST\BLService.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\Microsoft Application Virtualization Client\sftvsa.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Spybot - Search & Destroy\SDWinSec.exe c:\program files\Microsoft Application Virtualization Client\sftlist.exe c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2012-08-18 21:02:02 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-18 20:01 . Pre-Run: 88,586,096,640 bytes free Post-Run: 88,878,563,328 bytes free . - - End Of File - - 39D21CE59EE8BDF8770FD47271D8E346 -
Viruses being detected but not removed
Azzz090 replied to Azzz090's topic in Resolved Malware Removal Logs
I don't think the tool is running properly. I tried twice and both times it just closed unexplextedly. It also didn't let me choose where to save it to when prompting the download, just save or cancel. -
Viruses being detected but not removed
Azzz090 replied to Azzz090's topic in Resolved Malware Removal Logs
Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.18.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Pan :: PAN-PC [administrator] 18/08/2012 19:41:32 mbam-log-2012-08-18 (19-41-32).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206152 Time elapsed: 10 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\WINDOWS\Installer\{d2f30a79-6d29-e35e-ce1a-6ef7d366573b}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully. C:\WINDOWS\Installer\{d2f30a79-6d29-e35e-ce1a-6ef7d366573b}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\WINDOWS\Installer\{d2f30a79-6d29-e35e-ce1a-6ef7d366573b}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\WINDOWS\Installer\{d2f30a79-6d29-e35e-ce1a-6ef7d366573b}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\WINDOWS\Installer\{d2f30a79-6d29-e35e-ce1a-6ef7d366573b}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully. (end) -
Viruses being detected but not removed
Azzz090 replied to Azzz090's topic in Resolved Malware Removal Logs
apologies, this is the DDS . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Pan at 18:13:42 on 2012-08-18 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1790.486 [GMT 1:00] . AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxbccoms.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe C:\Program Files\SMINST\BLService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\HP\HP Deskjet 3050 J610 series\bin\HPNetworkCommunicator.exe C:\Windows\system32\taskeng.exe C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\WINDOWS\vVX3000.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe "C:\Windows\System32\svchost.exe" -k LocalServiceDns C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb uInternet Settings,ProxyOverride = <local>;*.local BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.3.6\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5" mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter" mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0" mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0" mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe" mRun: [VX3000] c:\windows\vVX3000.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{ADC6FCD1-4C03-4A32-BC03-B13D92DD62DE} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{BEC2AB5C-2F1E-4BA4-B5AA-888E30B510B1} : DhcpNameServer = 192.168.137.1 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.3.6\CoIEPlg.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" IFEO: image file execution options - svchost.exe Hosts: 67.212.189.114 google.com Hosts: 67.212.189.114 google.com.au Hosts: 67.212.189.114 www.google.com.au Hosts: 67.212.189.114 google.be Hosts: 67.212.189.114 www.google.be . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - c:\users\pan\appdata\roaming\mozilla\firefox\profiles\ptp5irss.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.co.uk FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15435&locale=en_UK&apn_uid=82C573F3-9864-4582-88E4-89E11D130D1C&apn_ptnrs=GG&apn_sauid=&apn_dtid=YYYYYYB3GB&&q= FF - prefs.js: network.proxy.type - 0 FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008030.006\SymEFA.sys [2011-10-11 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008030.006\BHDrvx86.sys [2011-10-11 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys [2011-10-11 467592] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-4-25 65584] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100415.001\IDSvix86.sys [2010-4-17 343088] R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe -service --> c:\windows\system32\lxbccoms.exe -service [?] R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.3.6\ccSvcHst.exe [2011-10-11 117648] R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-28 365952] R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-28 193840] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040] R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944] R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864] R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304] R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-29 1153368] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-21 250056] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-24 102448] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-21 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-8-18 31560] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896] . =============== Created Last 30 ================ . 2012-08-18 16:57:08 54016 ----a-w- c:\windows\system32\drivers\eblsbvyn.sys 2012-08-18 15:42:07 -------- d-----w- c:\users\pan\appdata\local\{7EF2CA78-90D9-4ECB-8746-C007020E1095} 2012-08-18 14:45:13 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-08-18 14:18:41 -------- d-----w- c:\users\pan\appdata\local\{B5B9D7F7-19D8-42DC-B258-7C998E990F90} 2012-08-17 16:39:36 -------- d-----w- c:\program files\Oracle 2012-08-17 16:17:35 -------- d-----w- c:\users\pan\appdata\local\{053928AA-88E7-429D-8CA3-5739830A6A52} 2012-08-17 16:17:10 -------- d-----w- c:\users\pan\appdata\local\{6AD4C5B9-EE33-4405-8E98-101EDA6C1A0D} 2012-08-16 16:01:19 -------- d-----w- c:\users\pan\appdata\local\{17FAA6B0-9946-407A-A3F0-E6BC6F07F6E0} 2012-08-16 16:00:40 -------- d-----w- c:\users\pan\appdata\local\{807056E7-8E71-4BF3-9923-629900A1D74A} 2012-08-15 16:48:22 -------- d-----w- c:\users\pan\appdata\local\{1E40E3CD-7FF7-44FF-B09A-5F042925ECDB} 2012-08-15 16:47:54 -------- d-----w- c:\users\pan\appdata\local\{A18921C6-3EAF-4E04-8F94-AE3536F21F68} 2012-08-14 12:55:52 -------- d-----w- c:\users\pan\appdata\local\{799399B8-CE06-47F2-A5AA-5A62EB0076FB} 2012-08-14 12:55:29 -------- d-----w- c:\users\pan\appdata\local\{F2309C55-5273-44A8-AC8A-95C64E41F1CC} 2012-08-13 19:08:35 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-08-13 15:50:53 -------- d-----w- c:\users\pan\appdata\local\{F4FB7E55-525D-462F-8BF4-E199C647CB79} 2012-08-13 15:50:34 -------- d-----w- c:\users\pan\appdata\local\{FD3F9E0B-F9F1-47A8-A146-795FF06E7DA4} 2012-08-13 09:16:34 -------- d-----w- c:\users\pan\appdata\local\{83F832F8-8950-4476-9AA1-12208B5F05F2} 2012-08-12 11:33:46 -------- d-----w- c:\users\pan\appdata\local\{ACA6F10F-B641-447E-9522-DFB9555DE6D7} 2012-08-12 11:33:30 -------- d-----w- c:\users\pan\appdata\local\{51DE061C-27AF-445F-889B-2BBE4F154D2C} 2012-08-11 18:54:56 -------- d-----w- c:\users\pan\appdata\local\{C15A903E-A267-49B7-A48B-E6B7AD9E8DC7} 2012-08-11 18:54:13 -------- d-----w- c:\users\pan\appdata\local\{34E89B81-8292-4190-BE96-0BF43D5B1A40} 2012-08-10 19:50:01 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6414d645-c3eb-47c7-aad8-73514edd0f0b}\mpengine.dll 2012-08-10 19:41:39 -------- d-----w- c:\users\pan\appdata\local\{E0B3327F-D375-4440-88D6-8092FE43A169} 2012-08-10 19:41:20 -------- d-----w- c:\users\pan\appdata\local\{A492ACC9-D571-4D72-A8A1-71BEC9A17266} 2012-08-10 00:47:43 -------- d-----w- c:\users\pan\appdata\local\{B7D49221-C8EE-4225-A731-B39B61B73850} 2012-08-10 00:47:18 -------- d-----w- c:\users\pan\appdata\local\{EBC8F122-FACF-4DF8-88F5-8DA6494F463E} 2012-08-09 11:08:26 -------- d-----w- c:\users\pan\appdata\local\{AB8D7EFD-9D91-4DDE-B94E-9E3260AE408B} 2012-08-09 11:08:13 -------- d-----w- c:\users\pan\appdata\local\{695209BD-6E25-4C83-BC08-DFDA3CCA3DFA} 2012-08-08 03:32:03 -------- d-----w- c:\users\pan\appdata\local\{2654DED9-667A-461D-ABF9-D289B73BD883} 2012-08-08 03:31:08 -------- d-----w- c:\users\pan\appdata\local\{E659948B-2406-4DAA-B8AE-41F3CDFDAF6F} 2012-08-07 12:20:51 -------- d-----w- c:\users\pan\appdata\local\{162B9FFA-AD5E-48AF-904F-C3BF46E9CDBE} 2012-08-07 12:20:06 -------- d-----w- c:\users\pan\appdata\local\{B262EB23-8731-493C-B5C5-2901ACA0E333} 2012-08-06 08:58:54 -------- d-----w- c:\users\pan\appdata\local\{A5C712D2-E95F-4516-A221-28C3496253BA} 2012-08-06 08:58:39 -------- d-----w- c:\users\pan\appdata\local\{6F50665D-66C8-4FE3-BF83-70B917D090A0} 2012-08-01 10:29:43 -------- d-----w- c:\users\pan\appdata\local\{CCC167EF-907F-480D-BB1B-2FC7B22891C7} 2012-08-01 10:29:12 -------- d-----w- c:\users\pan\appdata\local\{4BFD3D89-09F7-4D89-8FAC-519873CB162B} 2012-07-28 19:36:08 -------- d-----w- c:\users\pan\appdata\local\{71E94E74-13D8-4BC6-BD6C-81D45F9BB412} 2012-07-28 19:35:33 -------- d-----w- c:\users\pan\appdata\local\{672C54BA-6449-4242-8A91-25AA0B666313} 2012-07-27 22:49:51 -------- d-----w- c:\users\pan\appdata\local\{B759CAAE-DF7A-4E17-AB59-89AB4733234D} 2012-07-27 22:49:28 -------- d-----w- c:\users\pan\appdata\local\{BA7430A2-2A39-4745-BE95-B546AB5992C9} 2012-07-26 08:26:54 -------- d-----w- c:\users\pan\appdata\local\{7ADCBCC8-A007-448E-9047-F66AF8A32D77} 2012-07-26 08:26:40 -------- d-----w- c:\users\pan\appdata\local\{8644702F-9408-4DD1-9D3B-78344F6876C8} 2012-07-25 12:43:37 -------- d-----w- c:\users\pan\appdata\local\{DE88CED2-E51C-4A3D-ABD3-18DAD4FF37E2} 2012-07-25 12:43:05 -------- d-----w- c:\users\pan\appdata\local\{AFA1ED6E-EA76-4B9F-BDE1-06FF5573C4DA} 2012-07-24 12:37:35 -------- d-----w- c:\users\pan\appdata\local\{42ED71AA-459E-4332-86B9-F688464A8F36} 2012-07-24 12:37:19 -------- d-----w- c:\users\pan\appdata\local\{71055A3E-E12C-4802-9315-19D1F33483BB} 2012-07-23 17:55:12 -------- d-----w- c:\users\pan\appdata\local\{2981DD60-0DAB-4319-BC87-16F3609E5827} 2012-07-23 17:54:56 -------- d-----w- c:\users\pan\appdata\local\{C46358A0-EAEE-4EC9-9E15-A318C7730180} 2012-07-22 13:14:34 -------- d-----w- c:\users\pan\appdata\local\{2903F81C-B5C7-42E7-A372-4297B94EF638} 2012-07-22 13:14:19 -------- d-----w- c:\users\pan\appdata\local\{DB2D6CBE-5EEC-44F2-A5B8-F5BB9ECE6E77} 2012-07-21 17:20:15 -------- d-----w- c:\users\pan\appdata\local\{CAECAD3C-825F-40EE-9CC9-42BF317E485A} 2012-07-21 17:19:58 -------- d-----w- c:\users\pan\appdata\local\{28FF73EB-FBB8-4C18-8DA2-1B54A1973422} 2012-07-20 12:27:57 -------- d-----w- c:\users\pan\appdata\local\{BCED2EC5-E1A2-4BCF-9A37-B203ED1A6445} 2012-07-20 12:27:44 -------- d-----w- c:\users\pan\appdata\local\{7D408AA6-2436-4685-A17E-FC22651D730E} . ==================== Find3M ==================== . 2012-08-14 23:30:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-14 23:30:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-05 21:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-03 12:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 14:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 14:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-05-31 11:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 18:15:22.94 =============== -
Hello. My laptop has recently been giving obvious signs of infection, including opening websites unasked. Running Malewarebytes shows six objects, and says that it has removed and deleted them, but a rescan after relogging still shows them. I've tried in safemode and in chameleon with no joy. This is what the log detects. Files Detected: 6 C:\WINDOWS\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot. C:\WINDOWS\Installer\{d2f30a79-6d29-e35e-ce1a-6ef7d366573b}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully. C:\WINDOWS\Installer\{d2f30a79-6d29-e35e-ce1a-6ef7d366573b}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\WINDOWS\Installer\{d2f30a79-6d29-e35e-ce1a-6ef7d366573b}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\WINDOWS\Installer\{d2f30a79-6d29-e35e-ce1a-6ef7d366573b}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\WINDOWS\Installer\{d2f30a79-6d29-e35e-ce1a-6ef7d366573b}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully. Any help would be fantastic. From what i've read, this ain't good.