Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help with malware removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

help with malware removal

Unread postby Chr » January 6th, 2012, 10:01 am

hello, sorry about that here are the two text files.

My norton antiviral perogram is detecting trojanzeroaccess.b and tis serv avtivity 2 which requre manual removal. I am unable to do this with norton tools

Please help
thanks

C



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by KidVersatile at 7:44:30 on 2012-01-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1517 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\windows\system32\conhost.exe
C:\Users\KidVersatile\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\mswinext.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
uRun: [Google Update] "C:\Users\KidVersatile\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6D1E831F-7892-4A0E-A0F0-9F35393CC2F5} : DhcpNameServer = 172.7.1.161
TCP: Interfaces\{9882AC33-8110-4F8F-B99A-8B61A25E7914} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll
BHO-X64: Constant Guard Protection Suite (COM) - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 SMR210;Symantec SMR Utility Service 2.1.0;C:\windows\system32\drivers\SMR210.SYS --> C:\windows\system32\drivers\SMR210.SYS [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-21 1156216]
R1 GIDv2;GIDv2;C:\windows\system32\drivers\GIDv2.sys --> C:\windows\system32\drivers\GIDv2.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120105.001\IDSviA64.sys [2012-1-5 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-19 89600]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-19 13336]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2011-12-17 63048]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2012-1-5 130008]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-10-19 1692480]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-19 2533400]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-1-5 138360]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-06 04:38:27 388096 ----a-r- C:\Users\KidVersatile\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-06 04:38:27 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-01-06 04:15:00 -------- d-----w- C:\Users\KidVersatile\AppData\Local\CrashDumps
2012-01-06 03:27:47 96376 ----a-w- C:\windows\System32\drivers\SMR210.SYS
2012-01-06 03:25:23 -------- d-----w- C:\Users\KidVersatile\AppData\Roaming\PCDr
2012-01-06 03:24:32 -------- d-----w- C:\ProgramData\PCDr
2012-01-06 02:22:04 -------- d-----w- C:\Users\KidVersatile\AppData\Roaming\Roxio Burn
2012-01-06 01:56:04 -------- d-----w- C:\windows\System32\drivers\NBRTWizardx64\0401000.00F
2012-01-06 01:56:04 -------- d-----w- C:\windows\System32\drivers\NBRTWizardx64
2012-01-06 01:56:02 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2012-01-06 01:02:04 -------- d-----w- C:\Users\KidVersatile\AppData\Roaming\Malwarebytes
2012-01-06 01:01:56 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-05 23:52:51 -------- d-----w- C:\Users\KidVersatile\AppData\Local\NPE
2012-01-05 22:29:13 912504 ----a-w- C:\windows\System32\drivers\N360x64\0501000.01D\symefa64.sys
2012-01-05 22:29:13 744568 ----a-w- C:\windows\System32\drivers\N360x64\0501000.01D\srtsp64.sys
2012-01-05 22:29:13 450680 ----a-w- C:\windows\System32\drivers\N360x64\0501000.01D\symds64.sys
2012-01-05 22:29:13 40568 ----a-w- C:\windows\System32\drivers\N360x64\0501000.01D\srtspx64.sys
2012-01-05 22:29:13 386168 ----a-w- C:\windows\System32\drivers\N360x64\0501000.01D\symnets.sys
2012-01-05 22:29:12 171128 ----a-r- C:\windows\System32\drivers\N360x64\0501000.01D\ironx64.sys
2012-01-05 22:28:50 -------- d-----w- C:\windows\System32\drivers\N360x64\0501000.01D
2012-01-05 20:17:18 -------- d-----w- C:\Users\KidVersatile\AppData\Roaming\Macrovision
2012-01-05 19:41:22 -------- d-----w- C:\Users\KidVersatile\AppData\Local\Google
2012-01-05 19:41:06 -------- d-----w- C:\Users\KidVersatile\AppData\Local\Deployment
2012-01-05 19:41:06 -------- d-----w- C:\Users\KidVersatile\AppData\Local\Apps
2012-01-05 18:20:35 -------- d-----w- C:\Users\KidVersatile\AppData\Local\Adobe
2012-01-05 11:16:34 -------- d-----w- C:\Users\KidVersatile\AppData\Local\Apple Computer
2012-01-05 11:15:57 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-01-05 11:15:57 125872 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-01-05 11:15:57 106928 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2012-01-05 11:15:05 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-05 11:15:05 -------- d-----w- C:\Program Files\iTunes
2012-01-05 11:15:05 -------- d-----w- C:\Program Files\iPod
2012-01-05 11:15:05 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-05 11:12:33 -------- d-----w- C:\Users\KidVersatile\AppData\Local\Apple
2012-01-05 11:10:46 -------- d-----w- C:\Program Files\Bonjour
2012-01-05 11:10:46 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-01-05 10:55:23 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-01-05 10:48:06 -------- d-----w- C:\Users\KidVersatile\AppData\Roaming\Tific
2012-01-05 10:48:05 -------- d-----w- C:\Users\KidVersatile\AppData\Local\Symantec
2012-01-05 10:47:35 174200 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2012-01-05 10:47:35 -------- d-----w- C:\Program Files\Symantec
2012-01-05 10:47:35 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-01-05 10:47:14 -------- d-----w- C:\windows\System32\drivers\N360x64
2012-01-05 10:47:13 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2012-01-05 10:47:05 -------- d-----w- C:\ProgramData\NortonInstaller
2012-01-05 10:47:05 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-01-05 10:45:37 -------- d-----w- C:\ProgramData\Norton
2012-01-05 10:39:04 -------- d-----w- C:\Users\KidVersatile\AppData\Local\ID Vault
2012-01-05 10:39:04 -------- d-----w- C:\ProgramData\IsolatedStorage
2012-01-05 10:38:20 -------- d-----w- C:\Users\KidVersatile\AppData\Roaming\ID Vault
2012-01-05 10:38:05 65816 ------w- C:\windows\System32\GIDLogonCP64.dll
2012-01-05 10:38:05 467224 ------w- C:\windows\System32\GIDHOOK64.DLL
2012-01-05 10:38:05 446752 ------w- C:\windows\System32\GIDHookLogon64.dll
2012-01-05 10:38:05 29288 ------w- C:\windows\System32\drivers\gidv2.sys
2012-01-05 10:38:05 206608 ------w- C:\windows\System32\GIDBIN1.DLL
2012-01-05 10:38:05 109064 ------w- C:\windows\System32\EasyHook64.dll
2012-01-05 10:38:05 102160 ------w- C:\windows\System32\GIDBIN3.DLL
2012-01-05 10:37:54 -------- d-----w- C:\ProgramData\GID
2012-01-05 10:37:53 -------- d-----w- C:\Program Files (x86)\SFT
2012-01-05 10:37:43 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite
2012-01-05 10:37:31 -------- d-----w- C:\ProgramData\White Sky, Inc
2012-01-05 10:36:34 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery
2012-01-05 10:17:39 -------- d-----we C:\windows\system64
2012-01-05 10:02:25 -------- d-----w- C:\Program Files (x86)\Dell Touch Software Suite
2012-01-05 10:02:25 -------- d-----w- C:\FIND_EULA_PATH
2012-01-05 10:00:52 -------- d-----w- C:\Users\KidVersatile\AppData\Local\Dell
2012-01-05 10:00:17 -------- d-----w- C:\Users\KidVersatile\AppData\Roaming\Fingertapps
2012-01-05 10:00:16 -------- d-----w- C:\Users\KidVersatile\AppData\Roaming\Dell
2012-01-05 10:00:12 -------- d-----w- C:\Users\KidVersatile\AppData\Roaming\Dell Touch Zone
2012-01-05 10:00:08 -------- d-----w- C:\Users\KidVersatile\AppData\Roaming\Intel Corporation
2012-01-05 09:59:38 -------- d-----w- C:\Users\KidVersatile\AppData\Local\VirtualStore
2012-01-05 09:57:07 -------- d-----w- C:\Users\KidVersatile\AppData\Local\SoftThinks
.
==================== Find3M ====================
.
2011-10-19 14:48:24 95544 ----a-w- C:\windows\System32\bcmwlcoi.dll
2011-10-19 14:48:24 6656 ----a-w- C:\windows\System32\bcmwlrc.dll
2011-10-19 14:48:24 4719168 ----a-w- C:\windows\System32\drivers\BCMWL664.SYS
2011-10-19 14:48:23 3900416 ----a-w- C:\windows\System32\bcmihvsrv64.dll
2011-10-19 14:48:23 3566080 ----a-w- C:\windows\System32\bcmihvui64.dll
2011-10-19 14:35:21 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-10-19 14:35:12 525544 ----a-w- C:\windows\System32\deployJava1.dll
.
============= FINISH: 7:45:07.92 ==============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/5/2012 4:56:45 AM
System Uptime: 1/6/2012 7:33:16 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 024DTD
Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz | CPU 1 | 2527/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 544.767 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 1/5/2012 5:01:27 AM - Installed Dell Stage
RP4: 1/5/2012 6:12:43 AM - Installed iTunes
RP5: 1/5/2012 7:18:00 PM - Norton_Power_Eraser_20120105191758691
RP6: 1/5/2012 11:38:06 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X MUI
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Bejeweled 2 Deluxe
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Blackhawk Striker 2
Bounce Symphony
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
Constant Guard Protection Suite
Cozi
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Digital Delivery
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Product Registration
Dell Stage
Dell VideoStage
Dell Webcam Central
Diner Dash 2 Restaurant Rescue
DirectX 9 Runtime
Dora's World Adventure
eBay
Escape Whisper Valley (TM)
Farm Frenzy
FATE
Final Drive Fury
Final Drive Nitro
Google Chrome
GuardedID
HiJackThis
IDT Audio
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 27
Jewel Quest
Jewel Quest Solitaire 2
Junk Mail filter update
Luxor
Mesh Runtime
Microsoft Default Manager
Microsoft Office 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
Namco All-Stars PAC-MAN
Norton Bootable Recovery Tool Wizard
Norton Security Suite
Penguins!
PhotoShowExpress
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Samantha Swift
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Skype Click to Call
Skype™ 5.6
Sonic CinePlayer Decoder Pack
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Wedding Dash - Ready, Aim, Love!
WildTangent Games
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
1/6/2012 7:34:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
1/6/2012 7:34:20 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
1/6/2012 7:34:16 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/6/2012 7:33:38 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
1/6/2012 7:33:37 AM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
1/5/2012 7:18:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
1/5/2012 6:00:53 AM, Error: Service Control Manager [7034] - The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).
1/5/2012 5:38:32 AM, Error: Service Control Manager [7030] - The CGPS Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/5/2012 5:36:30 AM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).
1/5/2012 11:00:46 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The data is invalid.
1/5/2012 10:48:11 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/5/2012 10:48:11 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
1/5/2012 10:28:48 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/5/2012 10:28:47 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
.
==== End Of File ===========================
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am
Advertisement
Register to Remove

Re: help with malware removal

Unread postby Alander » January 9th, 2012, 1:20 am

Hello, I Am Alander :)

Welcome to the Malware Removal forums.

I would be glad to take a look at your log and help you with solving any malware problems.

DDS logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

As I am still training, everything that I post to you, must be checked by an Admin or Moderator.

Thus, there may be a tiny bit of a delay between posts. While it shouldn't be too long, you can be assured you will get the best possible advice.


  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: help with malware removal

Unread postby Chr » January 9th, 2012, 11:31 am

thanks for the response; I will monitor for your response.

thanks
C
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am

Re: help with malware removal

Unread postby Alander » January 10th, 2012, 2:13 am

Hi , I have bad news.. :(

Zero Access Rootkit
It appears that your computer has a nasty Rootkit infection called ZeroAccess, this infection can prove tricky to remove.

A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:
  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are rootkits from Wikipedia
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
How to backup your files in Windows XP
How to backup your files in Windows Vista/Windows 7

Should you have any questions please feel free to ask.

Please let us know what you have decided to do in your next post.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: help with malware removal

Unread postby Chr » January 10th, 2012, 9:54 am

I would like to try and remove the trojan as I do not know how to reformat.

C
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am

Re: help with malware removal

Unread postby Alander » January 10th, 2012, 10:21 pm

Hi, if you would like to reformat your PC, it is a simple process as outlined in the website below.

http://www.thebestcasescenario.com/?q=node/366
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: help with malware removal

Unread postby Chr » January 10th, 2012, 11:11 pm

Hi,

I bought the computer with the software already installed and I'm not sure I have the necessary disks. I saw in another post in this forum a thread involving removal of root kit virus (i.e. root kit removal tool...) I know it's a lot of work but I would prefer to try that.

thanks,

C
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am

Re: help with malware removal

Unread postby Chr » January 11th, 2012, 2:02 am

Hi,

found this on microsoft website.


Step 1 ATTENTION!

Reformatting a computer will reset it to the factor image, all data must be backed up or it WILL be lost. There are several reasons to reformat a hard drive. A few reasons include but are not limited to: driver issues, virus, cleaning up, getting rid of the computer, etc.

Step 2 RECOVERY DISKS!

Every new windows 7 owner should know that the new computers are not supplied with recovery disks anymore. The manufacturer allows the user to create one set of disks upon the purchase of a new machine. It is important to create the disks early as driver issues and viruses may arise. In order to create recovery disks on windows 7 you want to click on the start menu. Next, type in recovery in the Start Search option area. Next, click on recovery disk creation and follow the process. It will require that you have about 3 dvds or about 7 cds to create the recovery disks.


So since I did not know this, making recovery disks now would probably not be an option since I have a virus in the computer and would not want to copy it and reinstall it.

:pale:
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am

Re: help with malware removal

Unread postby Alander » January 11th, 2012, 7:38 am

Hi Chr,

There might be a recovery partition on your Dell computer, you can follow the steps listed below if a reformat is still your preferred option.

1. Power on the computer
2. At the Dell logo, hold the Ctrl key and press the F11 key simultaneously.
2. The Dell PC Restore screen will come up.
3. Select Restore or use the Tab key to highlight it and press Enter.
4. if you wish to continue, click Confirm, or use the Tab key to highlight it and press Enter.
5. When the utility is finished, click Finish, or use the Tab key to highlight it and press Enter.

If you can't access the recovery partition, or if you still want to go ahead and clean the computer just let me know.
I just want to make sure you know all your options before we continue.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: help with malware removal

Unread postby Chr » January 11th, 2012, 9:52 am

Hi,

Its actually ctrl F10 on my computer. I tried to restore to earlier time point and this did not work. Please lets start with removal

thanks,

C
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am

Re: help with malware removal

Unread postby Alander » January 11th, 2012, 1:01 pm

Hi,

Please do not execute any tools or make any changes to your system during the clean up process without my instructions.

Step 1.
Security Check
Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link 2
  1. Double click the SecurityCheck.exe icon to begin.
  2. Press the Space Bar when you see the "press any key to continue..." message.
    A Notepad results file will open automatically called checkup.txt
  3. Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
  4. Please copy/paste the entire contents of the checkup.txt file into your next reply.


Step 2.
ComboFix
Image
Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
Alternate download site: here
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix.
Please disable any Antivirus or Firewall you have active, as shown in this topic. Close all open application windows.

  1. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
  2. Press Yes to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
  3. For XP users: If not already installed... Press "Yes" to any "Recovery Console" prompts.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    When finished... Notepad will open ... ComboFix will produce a log file called "ComboFix.txt".
  4. Please copy/paste the contents of ComboFix.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. checkup.txt
  3. ComboFix.txt
  4. How is the computer behaving?
Thanks
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: help with malware removal

Unread postby Chr » January 11th, 2012, 10:58 pm

Hi,


here are my logs. I did another virus scan with norton and the trojan.zero.access.b is still there

Results of screen317's Security Check version 0.99.30
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 27
Java version out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````




ComboFix 12-01-10.02 - KidVersatile 01/11/2012 20:09:54.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1595 [GMT -5:00]
Running from: c:\users\KidVersatile\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\kwrd.dll
c:\windows\RPSETUP.EXE.LOG
c:\windows\system32\consrv.dll
c:\windows\system32\java.exe
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-11 02:56 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 02:56 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 02:56 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 02:56 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 02:56 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 02:56 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 02:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 02:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 04:41 . 2012-01-10 04:41 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-01-10 04:33 . 2012-01-10 04:33 -------- d-----w- c:\windows\SysWow64\vmm32
2012-01-10 03:56 . 2012-01-10 03:56 -------- d-----w- C:\inetpub
2012-01-09 16:08 . 2012-01-09 16:08 -------- d-----w- c:\windows\SysWow64\Wat
2012-01-09 16:08 . 2012-01-09 16:08 -------- d-----w- c:\windows\system32\Wat
2012-01-09 16:05 . 2012-01-09 16:05 -------- d-----w- C:\122cb0ca4002658f57f250
2012-01-06 12:40 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-01-06 12:40 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-01-06 12:40 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-01-06 12:40 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-01-06 12:40 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-06 12:40 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-06 12:40 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-01-06 12:40 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-01-06 12:40 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-01-06 12:40 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-01-06 12:40 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-01-06 12:40 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-01-06 12:39 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2012-01-06 12:39 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-01-06 12:39 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-01-06 12:39 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-01-06 12:39 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-01-06 12:39 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-01-06 12:39 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-01-06 12:39 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-06 12:39 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-01-06 04:38 . 2012-01-06 04:38 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-06 03:27 . 2012-01-06 03:27 96376 ----a-w- c:\windows\system32\drivers\SMR210.SYS
2012-01-06 03:24 . 2012-01-06 03:25 -------- d-----w- c:\programdata\PCDr
2012-01-06 01:56 . 2012-01-06 01:56 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64
2012-01-06 01:56 . 2012-01-06 01:56 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2012-01-06 01:01 . 2012-01-06 01:01 -------- d-----w- c:\programdata\Malwarebytes
2012-01-05 23:31 . 2012-01-05 23:31 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-01-05 11:09 . 2012-01-05 11:12 -------- d-----w- c:\programdata\Apple
2012-01-05 10:55 . 2012-01-05 10:55 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-01-05 10:47 . 2012-01-05 11:15 -------- dc----w- c:\windows\system32\DRVSTORE
2012-01-05 10:47 . 2012-01-05 22:29 -------- d-----w- c:\program files\Symantec
2012-01-05 10:47 . 2012-01-05 22:29 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-05 10:47 . 2012-01-05 10:47 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-01-05 10:47 . 2012-01-05 23:59 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-01-05 10:47 . 2012-01-05 10:47 -------- d-----w- c:\program files (x86)\Norton Security Suite
2012-01-05 10:47 . 2012-01-06 01:55 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-01-05 10:45 . 2012-01-06 01:56 -------- d-----w- c:\programdata\Norton
2012-01-05 10:39 . 2012-01-05 10:39 -------- d-----w- c:\programdata\IsolatedStorage
2012-01-05 10:38 . 2011-07-05 15:25 65816 ------w- c:\windows\system32\GIDLogonCP64.dll
2012-01-05 10:38 . 2011-07-05 15:25 467224 ------w- c:\windows\system32\GIDHOOK64.DLL
2012-01-05 10:38 . 2011-07-05 15:24 446752 ------w- c:\windows\system32\GIDHookLogon64.dll
2012-01-05 10:38 . 2011-07-05 15:23 102160 ------w- c:\windows\system32\GIDBIN3.DLL
2012-01-05 10:38 . 2011-07-05 15:23 206608 ------w- c:\windows\system32\GIDBIN1.DLL
2012-01-05 10:38 . 2011-07-05 15:18 29288 ------w- c:\windows\system32\drivers\gidv2.sys
2012-01-05 10:38 . 2009-06-12 21:32 109064 ------w- c:\windows\system32\EasyHook64.dll
2012-01-05 10:37 . 2012-01-05 10:38 -------- d-----w- c:\programdata\GID
2012-01-05 10:37 . 2012-01-05 10:37 -------- d-----w- c:\program files (x86)\SFT
2012-01-05 10:37 . 2012-01-05 10:38 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2012-01-05 10:37 . 2012-01-05 10:37 -------- d-----w- c:\programdata\White Sky, Inc
2012-01-05 10:36 . 2012-01-05 10:36 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2012-01-05 10:02 . 2012-01-05 10:02 -------- d-----w- C:\FIND_EULA_PATH
2012-01-05 10:02 . 2012-01-05 10:02 -------- d-----w- c:\program files (x86)\Dell Touch Software Suite
2012-01-05 09:57 . 2012-01-12 00:56 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks
2012-01-05 09:56 . 2012-01-05 09:59 -------- d-----w- c:\users\KidVersatile
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-05 09:57 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-19 14:48 . 2011-10-19 14:48 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-10-19 14:48 . 2011-10-19 14:48 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-10-19 14:48 . 2011-10-19 14:48 4719168 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2011-10-19 14:48 . 2011-10-19 14:48 3900416 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2011-10-19 14:48 . 2011-10-19 14:48 3566080 ----a-w- c:\windows\system32\bcmihvui64.dll
2011-10-19 14:40 . 2011-10-19 14:40 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-19 14:40 . 2011-10-19 14:40 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-19 14:40 . 2011-10-19 14:40 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-10-19 14:40 . 2011-10-19 14:40 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-10-19 14:40 . 2011-10-19 14:40 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-10-19 14:40 . 2011-10-19 14:40 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-10-19 14:40 . 2011-10-19 14:40 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-10-19 14:40 . 2011-10-19 14:40 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-10-19 14:40 . 2011-10-19 14:40 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-10-19 14:40 . 2011-10-19 14:40 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-10-19 14:40 . 2011-10-19 14:40 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-10-19 14:40 . 2011-10-19 14:40 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-10-19 14:40 . 2011-10-19 14:40 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-19 14:40 . 2011-10-19 14:40 448512 ----a-w- c:\windows\system32\html.iec
2011-10-19 14:40 . 2011-10-19 14:40 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-10-19 14:40 . 2011-10-19 14:40 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-10-19 14:40 . 2011-10-19 14:40 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-10-19 14:40 . 2011-10-19 14:40 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-19 14:40 . 2011-10-19 14:40 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-10-19 14:40 . 2011-10-19 14:40 222208 ----a-w- c:\windows\system32\msls31.dll
2011-10-19 14:40 . 2011-10-19 14:40 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-19 14:40 . 2011-10-19 14:40 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-10-19 14:40 . 2011-10-19 14:40 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-10-19 14:40 . 2011-10-19 14:40 160256 ----a-w- c:\windows\system32\wextract.exe
2011-10-19 14:40 . 2011-10-19 14:40 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-10-19 14:40 . 2011-10-19 14:40 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-10-19 14:40 . 2011-10-19 14:40 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-10-19 14:40 . 2011-10-19 14:40 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-19 14:40 . 2011-10-19 14:40 12288 ----a-w- c:\windows\system32\mshta.exe
2011-10-19 14:40 . 2011-10-19 14:40 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-10-19 14:40 . 2011-10-19 14:40 114176 ----a-w- c:\windows\system32\admparse.dll
2011-10-19 14:40 . 2011-10-19 14:40 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-19 14:40 . 2011-10-19 14:40 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-10-19 14:40 . 2011-10-19 14:40 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-10-19 14:35 . 2011-10-19 14:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-19 14:35 . 2011-10-19 14:35 525544 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2011-12-17 4689992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\System32\drivers\SMR210.SYS [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]
S1 GIDv2;GIDv2; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120107.001\IDSvia64.sys [2012-01-04 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2011-12-17 63048]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-02 2533400]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-01-04 138360]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 15:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617796265-1180705624-484042273-1001Core.job
- c:\users\KidVersatile\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-05 19:41]
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617796265-1180705624-484042273-1001UA.job
- c:\users\KidVersatile\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-05 19:41]
.
2012-01-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
.
2012-01-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-03-24 3668336]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"combofix"="c:\combofix\CF28058.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\SFT\GuardedID\gidd.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-01-11 20:19:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-12 01:19
.
Pre-Run: 581,434,351,616 bytes free
Post-Run: 581,099,429,888 bytes free
.
- - End Of File - - AFD2B2CBB00A8E4FAC42A0E7A45644C1


still have issue with trojan impacting consrv.dll.vir


thanks,

C
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am

Re: help with malware removal

Unread postby Chr » January 11th, 2012, 10:58 pm

Hi,


here are my logs. I did another virus scan with norton and the trojan.zero.access.b is still there

Results of screen317's Security Check version 0.99.30
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 27
Java version out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````




ComboFix 12-01-10.02 - KidVersatile 01/11/2012 20:09:54.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1595 [GMT -5:00]
Running from: c:\users\KidVersatile\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\kwrd.dll
c:\windows\RPSETUP.EXE.LOG
c:\windows\system32\consrv.dll
c:\windows\system32\java.exe
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-11 02:56 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 02:56 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 02:56 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 02:56 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 02:56 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 02:56 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 02:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 02:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 04:41 . 2012-01-10 04:41 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-01-10 04:33 . 2012-01-10 04:33 -------- d-----w- c:\windows\SysWow64\vmm32
2012-01-10 03:56 . 2012-01-10 03:56 -------- d-----w- C:\inetpub
2012-01-09 16:08 . 2012-01-09 16:08 -------- d-----w- c:\windows\SysWow64\Wat
2012-01-09 16:08 . 2012-01-09 16:08 -------- d-----w- c:\windows\system32\Wat
2012-01-09 16:05 . 2012-01-09 16:05 -------- d-----w- C:\122cb0ca4002658f57f250
2012-01-06 12:40 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-01-06 12:40 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-01-06 12:40 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-01-06 12:40 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-01-06 12:40 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-06 12:40 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-06 12:40 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-01-06 12:40 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-01-06 12:40 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-01-06 12:40 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-01-06 12:40 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-01-06 12:40 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-01-06 12:39 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2012-01-06 12:39 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-01-06 12:39 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-01-06 12:39 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-01-06 12:39 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-01-06 12:39 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-01-06 12:39 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-01-06 12:39 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-06 12:39 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-01-06 04:38 . 2012-01-06 04:38 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-06 03:27 . 2012-01-06 03:27 96376 ----a-w- c:\windows\system32\drivers\SMR210.SYS
2012-01-06 03:24 . 2012-01-06 03:25 -------- d-----w- c:\programdata\PCDr
2012-01-06 01:56 . 2012-01-06 01:56 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64
2012-01-06 01:56 . 2012-01-06 01:56 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2012-01-06 01:01 . 2012-01-06 01:01 -------- d-----w- c:\programdata\Malwarebytes
2012-01-05 23:31 . 2012-01-05 23:31 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-01-05 11:09 . 2012-01-05 11:12 -------- d-----w- c:\programdata\Apple
2012-01-05 10:55 . 2012-01-05 10:55 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-01-05 10:47 . 2012-01-05 11:15 -------- dc----w- c:\windows\system32\DRVSTORE
2012-01-05 10:47 . 2012-01-05 22:29 -------- d-----w- c:\program files\Symantec
2012-01-05 10:47 . 2012-01-05 22:29 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-05 10:47 . 2012-01-05 10:47 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-01-05 10:47 . 2012-01-05 23:59 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-01-05 10:47 . 2012-01-05 10:47 -------- d-----w- c:\program files (x86)\Norton Security Suite
2012-01-05 10:47 . 2012-01-06 01:55 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-01-05 10:45 . 2012-01-06 01:56 -------- d-----w- c:\programdata\Norton
2012-01-05 10:39 . 2012-01-05 10:39 -------- d-----w- c:\programdata\IsolatedStorage
2012-01-05 10:38 . 2011-07-05 15:25 65816 ------w- c:\windows\system32\GIDLogonCP64.dll
2012-01-05 10:38 . 2011-07-05 15:25 467224 ------w- c:\windows\system32\GIDHOOK64.DLL
2012-01-05 10:38 . 2011-07-05 15:24 446752 ------w- c:\windows\system32\GIDHookLogon64.dll
2012-01-05 10:38 . 2011-07-05 15:23 102160 ------w- c:\windows\system32\GIDBIN3.DLL
2012-01-05 10:38 . 2011-07-05 15:23 206608 ------w- c:\windows\system32\GIDBIN1.DLL
2012-01-05 10:38 . 2011-07-05 15:18 29288 ------w- c:\windows\system32\drivers\gidv2.sys
2012-01-05 10:38 . 2009-06-12 21:32 109064 ------w- c:\windows\system32\EasyHook64.dll
2012-01-05 10:37 . 2012-01-05 10:38 -------- d-----w- c:\programdata\GID
2012-01-05 10:37 . 2012-01-05 10:37 -------- d-----w- c:\program files (x86)\SFT
2012-01-05 10:37 . 2012-01-05 10:38 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2012-01-05 10:37 . 2012-01-05 10:37 -------- d-----w- c:\programdata\White Sky, Inc
2012-01-05 10:36 . 2012-01-05 10:36 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2012-01-05 10:02 . 2012-01-05 10:02 -------- d-----w- C:\FIND_EULA_PATH
2012-01-05 10:02 . 2012-01-05 10:02 -------- d-----w- c:\program files (x86)\Dell Touch Software Suite
2012-01-05 09:57 . 2012-01-12 00:56 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks
2012-01-05 09:56 . 2012-01-05 09:59 -------- d-----w- c:\users\KidVersatile
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-05 09:57 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-19 14:48 . 2011-10-19 14:48 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-10-19 14:48 . 2011-10-19 14:48 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-10-19 14:48 . 2011-10-19 14:48 4719168 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2011-10-19 14:48 . 2011-10-19 14:48 3900416 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2011-10-19 14:48 . 2011-10-19 14:48 3566080 ----a-w- c:\windows\system32\bcmihvui64.dll
2011-10-19 14:40 . 2011-10-19 14:40 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-19 14:40 . 2011-10-19 14:40 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-19 14:40 . 2011-10-19 14:40 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-10-19 14:40 . 2011-10-19 14:40 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-10-19 14:40 . 2011-10-19 14:40 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-10-19 14:40 . 2011-10-19 14:40 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-10-19 14:40 . 2011-10-19 14:40 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-10-19 14:40 . 2011-10-19 14:40 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-10-19 14:40 . 2011-10-19 14:40 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-10-19 14:40 . 2011-10-19 14:40 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-10-19 14:40 . 2011-10-19 14:40 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-10-19 14:40 . 2011-10-19 14:40 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-10-19 14:40 . 2011-10-19 14:40 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-19 14:40 . 2011-10-19 14:40 448512 ----a-w- c:\windows\system32\html.iec
2011-10-19 14:40 . 2011-10-19 14:40 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-10-19 14:40 . 2011-10-19 14:40 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-10-19 14:40 . 2011-10-19 14:40 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-10-19 14:40 . 2011-10-19 14:40 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-19 14:40 . 2011-10-19 14:40 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-10-19 14:40 . 2011-10-19 14:40 222208 ----a-w- c:\windows\system32\msls31.dll
2011-10-19 14:40 . 2011-10-19 14:40 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-19 14:40 . 2011-10-19 14:40 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-10-19 14:40 . 2011-10-19 14:40 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-10-19 14:40 . 2011-10-19 14:40 160256 ----a-w- c:\windows\system32\wextract.exe
2011-10-19 14:40 . 2011-10-19 14:40 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-10-19 14:40 . 2011-10-19 14:40 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-10-19 14:40 . 2011-10-19 14:40 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-10-19 14:40 . 2011-10-19 14:40 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-19 14:40 . 2011-10-19 14:40 12288 ----a-w- c:\windows\system32\mshta.exe
2011-10-19 14:40 . 2011-10-19 14:40 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-10-19 14:40 . 2011-10-19 14:40 114176 ----a-w- c:\windows\system32\admparse.dll
2011-10-19 14:40 . 2011-10-19 14:40 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-19 14:40 . 2011-10-19 14:40 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-10-19 14:40 . 2011-10-19 14:40 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-10-19 14:35 . 2011-10-19 14:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-19 14:35 . 2011-10-19 14:35 525544 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2011-12-17 4689992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\System32\drivers\SMR210.SYS [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]
S1 GIDv2;GIDv2; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120107.001\IDSvia64.sys [2012-01-04 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2011-12-17 63048]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-02 2533400]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-01-04 138360]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 15:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617796265-1180705624-484042273-1001Core.job
- c:\users\KidVersatile\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-05 19:41]
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617796265-1180705624-484042273-1001UA.job
- c:\users\KidVersatile\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-05 19:41]
.
2012-01-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
.
2012-01-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-03-24 3668336]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"combofix"="c:\combofix\CF28058.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\SFT\GuardedID\gidd.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-01-11 20:19:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-12 01:19
.
Pre-Run: 581,434,351,616 bytes free
Post-Run: 581,099,429,888 bytes free
.
- - End Of File - - AFD2B2CBB00A8E4FAC42A0E7A45644C1


still have issue with trojan impacting consrv.dll.vir


thanks,

C
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am

Re: help with malware removal

Unread postby Alander » January 12th, 2012, 12:56 pm

Hi, consrv.dll.vir is a file that combofix has dealt with, since it has a .vir extension, the file is not harmful and will be removed at the end of the malware removal process

Please also do not execute any scans from norton without my advice

Step 1.
TDSSKiller
Please download TDSSKiller.exe and save it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Step 2.
Upload File/Files for testing

Please go to Virustotal or jotti.org

Copy/paste this file and path into the white box at the top:
c:\windows\system32\IEAdvpack.dll

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image

Step 3.
ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:

    Code: Select all
    REGLOCK::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    

  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Which Antivirus are you using, Norton, McAfee, or both?
  3. TDSS Killer Log
  4. Virus Scan Results
  5. Combofix Log
  6. How is the computer behaving?
Thanks
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: help with malware removal

Unread postby Chr » January 12th, 2012, 4:31 pm

Hello,

I did not complete running combo fix becuse the system detected a McAfee antivirus scanner and I did not want to risk damaging the machine. I thought I had completely uninstalled Mcafee. I wish to run only Norton on my system. I have included my logs for TDSS and Jotti

Can you help me to remove completely Mcafee

thanks

14:47:58.0692 1248 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
14:47:59.0488 1248 ============================================================
14:47:59.0488 1248 Current date / time: 2012/01/12 14:47:59.0488
14:47:59.0488 1248 SystemInfo:
14:47:59.0488 1248
14:47:59.0488 1248 OS Version: 6.1.7601 ServicePack: 1.0
14:47:59.0488 1248 Product type: Workstation
14:47:59.0488 1248 ComputerName: KIDVERSATILE-PC
14:47:59.0488 1248 UserName: KidVersatile
14:47:59.0488 1248 Windows directory: C:\windows
14:47:59.0488 1248 System windows directory: C:\windows
14:47:59.0488 1248 Running under WOW64
14:47:59.0488 1248 Processor architecture: Intel x64
14:47:59.0488 1248 Number of processors: 4
14:47:59.0488 1248 Page size: 0x1000
14:47:59.0488 1248 Boot type: Normal boot
14:47:59.0488 1248 ============================================================
14:48:00.0135 1248 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000, SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
14:48:00.0183 1248 Initialize success
14:48:13.0792 1628 ============================================================
14:48:13.0792 1628 Scan started
14:48:13.0792 1628 Mode: Manual;
14:48:13.0792 1628 ============================================================
14:48:14.0728 1628 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
14:48:14.0744 1628 1394ohci - ok
14:48:14.0931 1628 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
14:48:14.0947 1628 ACPI - ok
14:48:15.0071 1628 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
14:48:15.0087 1628 AcpiPmi - ok
14:48:15.0274 1628 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
14:48:15.0274 1628 adp94xx - ok
14:48:15.0446 1628 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
14:48:15.0446 1628 adpahci - ok
14:48:15.0617 1628 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
14:48:15.0617 1628 adpu320 - ok
14:48:15.0805 1628 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
14:48:15.0820 1628 AFD - ok
14:48:15.0976 1628 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
14:48:15.0992 1628 agp440 - ok
14:48:16.0148 1628 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
14:48:16.0148 1628 aliide - ok
14:48:16.0304 1628 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
14:48:16.0304 1628 amdide - ok
14:48:16.0475 1628 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
14:48:16.0475 1628 AmdK8 - ok
14:48:16.0631 1628 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
14:48:16.0647 1628 AmdPPM - ok
14:48:16.0803 1628 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
14:48:16.0819 1628 amdsata - ok
14:48:16.0975 1628 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
14:48:16.0975 1628 amdsbs - ok
14:48:17.0131 1628 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
14:48:17.0131 1628 amdxata - ok
14:48:17.0271 1628 ApfiltrService (6690e42ced5d067233abad42da141213) C:\windows\system32\DRIVERS\Apfiltr.sys
14:48:17.0287 1628 ApfiltrService - ok
14:48:17.0474 1628 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
14:48:17.0474 1628 AppID - ok
14:48:17.0692 1628 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
14:48:17.0692 1628 arc - ok
14:48:17.0848 1628 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
14:48:17.0848 1628 arcsas - ok
14:48:18.0020 1628 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
14:48:18.0020 1628 AsyncMac - ok
14:48:18.0176 1628 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
14:48:18.0176 1628 atapi - ok
14:48:18.0379 1628 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
14:48:18.0410 1628 b06bdrv - ok
14:48:18.0566 1628 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
14:48:18.0581 1628 b57nd60a - ok
14:48:18.0893 1628 BCM43XX (783f1c7ed6b39454a8d1028d4f30768d) C:\windows\system32\DRIVERS\bcmwl664.sys
14:48:18.0925 1628 BCM43XX - ok
14:48:19.0112 1628 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
14:48:19.0112 1628 Beep - ok
14:48:19.0330 1628 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx64.sys
14:48:19.0330 1628 BHDrvx64 - ok
14:48:19.0502 1628 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
14:48:19.0517 1628 blbdrive - ok
14:48:19.0705 1628 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
14:48:19.0705 1628 bowser - ok
14:48:19.0861 1628 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
14:48:19.0876 1628 BrFiltLo - ok
14:48:20.0032 1628 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
14:48:20.0032 1628 BrFiltUp - ok
14:48:20.0235 1628 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
14:48:20.0235 1628 BridgeMP - ok
14:48:20.0407 1628 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
14:48:20.0407 1628 Brserid - ok
14:48:20.0563 1628 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
14:48:20.0563 1628 BrSerWdm - ok
14:48:20.0719 1628 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
14:48:20.0719 1628 BrUsbMdm - ok
14:48:20.0875 1628 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
14:48:20.0875 1628 BrUsbSer - ok
14:48:21.0046 1628 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
14:48:21.0046 1628 BthEnum - ok
14:48:21.0202 1628 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
14:48:21.0202 1628 BTHMODEM - ok
14:48:21.0358 1628 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
14:48:21.0374 1628 BthPan - ok
14:48:21.0530 1628 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
14:48:21.0592 1628 BTHPORT - ok
14:48:21.0748 1628 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
14:48:21.0779 1628 BTHUSB - ok
14:48:21.0811 1628 catchme - ok
14:48:21.0935 1628 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
14:48:21.0935 1628 cdfs - ok
14:48:22.0091 1628 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
14:48:22.0091 1628 cdrom - ok
14:48:22.0294 1628 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
14:48:22.0294 1628 circlass - ok
14:48:22.0419 1628 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
14:48:22.0435 1628 CLFS - ok
14:48:22.0591 1628 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
14:48:22.0591 1628 CmBatt - ok
14:48:22.0606 1628 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
14:48:22.0606 1628 cmdide - ok
14:48:22.0762 1628 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
14:48:22.0762 1628 CNG - ok
14:48:22.0918 1628 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
14:48:22.0918 1628 Compbatt - ok
14:48:23.0059 1628 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
14:48:23.0059 1628 CompositeBus - ok
14:48:23.0183 1628 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
14:48:23.0199 1628 crcdisk - ok
14:48:23.0386 1628 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\windows\system32\DRIVERS\CtClsFlt.sys
14:48:23.0386 1628 CtClsFlt - ok
14:48:23.0589 1628 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
14:48:23.0589 1628 DfsC - ok
14:48:23.0729 1628 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
14:48:23.0729 1628 discache - ok
14:48:23.0870 1628 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
14:48:23.0870 1628 Disk - ok
14:48:24.0041 1628 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
14:48:24.0041 1628 drmkaud - ok
14:48:24.0197 1628 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
14:48:24.0213 1628 DXGKrnl - ok
14:48:24.0400 1628 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
14:48:24.0525 1628 ebdrv - ok
14:48:24.0650 1628 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:48:24.0650 1628 eeCtrl - ok
14:48:24.0821 1628 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
14:48:24.0837 1628 elxstor - ok
14:48:24.0931 1628 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:48:24.0931 1628 EraserUtilRebootDrv - ok
14:48:25.0055 1628 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
14:48:25.0055 1628 ErrDev - ok
14:48:25.0196 1628 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
14:48:25.0196 1628 exfat - ok
14:48:25.0321 1628 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
14:48:25.0321 1628 fastfat - ok
14:48:25.0461 1628 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
14:48:25.0477 1628 fdc - ok
14:48:25.0633 1628 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
14:48:25.0633 1628 FileInfo - ok
14:48:25.0742 1628 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
14:48:25.0742 1628 Filetrace - ok
14:48:25.0882 1628 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
14:48:25.0882 1628 flpydisk - ok
14:48:26.0023 1628 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
14:48:26.0023 1628 FltMgr - ok
14:48:26.0179 1628 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
14:48:26.0179 1628 FsDepends - ok
14:48:26.0288 1628 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
14:48:26.0288 1628 Fs_Rec - ok
14:48:26.0428 1628 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
14:48:26.0444 1628 fvevol - ok
14:48:26.0584 1628 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
14:48:26.0584 1628 gagp30kx - ok
14:48:26.0740 1628 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
14:48:26.0787 1628 GEARAspiWDM - ok
14:48:26.0927 1628 GIDv2 (9ba22aee7f531ef9ce085cc2e1112bc4) C:\windows\system32\drivers\GIDv2.sys
14:48:26.0959 1628 GIDv2 - ok
14:48:27.0099 1628 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
14:48:27.0099 1628 hcw85cir - ok
14:48:27.0255 1628 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
14:48:27.0255 1628 HdAudAddService - ok
14:48:27.0380 1628 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
14:48:27.0380 1628 HDAudBus - ok
14:48:27.0520 1628 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
14:48:27.0520 1628 HECIx64 - ok
14:48:27.0629 1628 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
14:48:27.0645 1628 HidBatt - ok
14:48:27.0754 1628 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
14:48:27.0754 1628 HidBth - ok
14:48:27.0895 1628 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
14:48:27.0910 1628 HidIr - ok
14:48:28.0066 1628 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
14:48:28.0066 1628 HidUsb - ok
14:48:28.0207 1628 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
14:48:28.0222 1628 HpSAMD - ok
14:48:28.0394 1628 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
14:48:28.0409 1628 HTTP - ok
14:48:28.0503 1628 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
14:48:28.0503 1628 hwpolicy - ok
14:48:28.0659 1628 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
14:48:28.0659 1628 i8042prt - ok
14:48:28.0815 1628 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
14:48:28.0831 1628 iaStor - ok
14:48:28.0971 1628 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
14:48:29.0018 1628 iaStorV - ok
14:48:29.0205 1628 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120111.003\IDSvia64.sys
14:48:29.0221 1628 IDSVia64 - ok
14:48:29.0611 1628 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\windows\system32\DRIVERS\igdkmd64.sys
14:48:29.0829 1628 igfx - ok
14:48:29.0969 1628 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
14:48:29.0969 1628 iirsp - ok
14:48:30.0110 1628 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
14:48:30.0125 1628 Impcd - ok
14:48:30.0297 1628 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
14:48:30.0297 1628 IntcDAud - ok
14:48:30.0437 1628 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
14:48:30.0437 1628 intelide - ok
14:48:30.0593 1628 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
14:48:30.0593 1628 intelppm - ok
14:48:30.0718 1628 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
14:48:30.0734 1628 IpFilterDriver - ok
14:48:30.0843 1628 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
14:48:30.0843 1628 IPMIDRV - ok
14:48:30.0983 1628 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
14:48:30.0983 1628 IPNAT - ok
14:48:31.0124 1628 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
14:48:31.0155 1628 IRENUM - ok
14:48:31.0264 1628 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
14:48:31.0264 1628 isapnp - ok
14:48:31.0358 1628 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
14:48:31.0389 1628 iScsiPrt - ok
14:48:31.0529 1628 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
14:48:31.0529 1628 kbdclass - ok
14:48:31.0639 1628 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
14:48:31.0639 1628 kbdhid - ok
14:48:31.0763 1628 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
14:48:31.0763 1628 KSecDD - ok
14:48:31.0873 1628 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
14:48:31.0888 1628 KSecPkg - ok
14:48:32.0029 1628 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
14:48:32.0029 1628 ksthunk - ok
14:48:32.0185 1628 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
14:48:32.0185 1628 lltdio - ok
14:48:32.0356 1628 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
14:48:32.0356 1628 LSI_FC - ok
14:48:32.0512 1628 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
14:48:32.0512 1628 LSI_SAS - ok
14:48:32.0668 1628 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
14:48:32.0668 1628 LSI_SAS2 - ok
14:48:32.0824 1628 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
14:48:32.0840 1628 LSI_SCSI - ok
14:48:32.0996 1628 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
14:48:32.0996 1628 luafv - ok
14:48:33.0136 1628 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
14:48:33.0136 1628 megasas - ok
14:48:33.0277 1628 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
14:48:33.0292 1628 MegaSR - ok
14:48:33.0433 1628 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
14:48:33.0433 1628 Modem - ok
14:48:33.0573 1628 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
14:48:33.0573 1628 monitor - ok
14:48:33.0698 1628 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
14:48:33.0698 1628 mouclass - ok
14:48:33.0854 1628 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
14:48:33.0854 1628 mouhid - ok
14:48:33.0994 1628 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
14:48:33.0994 1628 mountmgr - ok
14:48:34.0103 1628 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
14:48:34.0119 1628 mpio - ok
14:48:34.0228 1628 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
14:48:34.0228 1628 mpsdrv - ok
14:48:34.0353 1628 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
14:48:34.0369 1628 MRxDAV - ok
14:48:34.0478 1628 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
14:48:34.0493 1628 mrxsmb - ok
14:48:34.0603 1628 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
14:48:34.0603 1628 mrxsmb10 - ok
14:48:34.0649 1628 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
14:48:34.0665 1628 mrxsmb20 - ok
14:48:34.0774 1628 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
14:48:34.0774 1628 msahci - ok
14:48:34.0883 1628 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
14:48:34.0883 1628 msdsm - ok
14:48:34.0993 1628 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
14:48:34.0993 1628 Msfs - ok
14:48:35.0117 1628 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
14:48:35.0133 1628 mshidkmdf - ok
14:48:35.0133 1628 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
14:48:35.0133 1628 msisadrv - ok
14:48:35.0289 1628 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
14:48:35.0289 1628 MSKSSRV - ok
14:48:35.0336 1628 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
14:48:35.0336 1628 MSPCLOCK - ok
14:48:35.0351 1628 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
14:48:35.0351 1628 MSPQM - ok
14:48:35.0367 1628 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
14:48:35.0383 1628 MsRPC - ok
14:48:35.0445 1628 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
14:48:35.0461 1628 mssmbios - ok
14:48:35.0523 1628 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
14:48:35.0523 1628 MSTEE - ok
14:48:35.0601 1628 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
14:48:35.0601 1628 MTConfig - ok
14:48:35.0632 1628 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
14:48:35.0632 1628 Mup - ok
14:48:35.0773 1628 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
14:48:35.0788 1628 NativeWifiP - ok
14:48:35.0944 1628 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120111.018\ENG64.SYS
14:48:35.0944 1628 NAVENG - ok
14:48:36.0147 1628 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120111.018\EX64.SYS
14:48:36.0178 1628 NAVEX15 - ok
14:48:36.0334 1628 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
14:48:36.0350 1628 NDIS - ok
14:48:36.0490 1628 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
14:48:36.0490 1628 NdisCap - ok
14:48:36.0646 1628 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
14:48:36.0646 1628 NdisTapi - ok
14:48:36.0787 1628 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
14:48:36.0787 1628 Ndisuio - ok
14:48:36.0880 1628 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
14:48:36.0880 1628 NdisWan - ok
14:48:36.0943 1628 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
14:48:36.0958 1628 NDProxy - ok
14:48:37.0067 1628 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
14:48:37.0083 1628 NetBIOS - ok
14:48:37.0161 1628 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
14:48:37.0177 1628 NetBT - ok
14:48:37.0333 1628 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
14:48:37.0333 1628 nfrd960 - ok
14:48:37.0489 1628 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
14:48:37.0489 1628 Npfs - ok
14:48:37.0598 1628 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
14:48:37.0598 1628 nsiproxy - ok
14:48:37.0738 1628 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
14:48:37.0769 1628 Ntfs - ok
14:48:37.0879 1628 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
14:48:37.0879 1628 Null - ok
14:48:37.0972 1628 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
14:48:38.0003 1628 nvraid - ok
14:48:38.0097 1628 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
14:48:38.0128 1628 nvstor - ok
14:48:38.0269 1628 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
14:48:38.0269 1628 nv_agp - ok
14:48:38.0315 1628 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
14:48:38.0331 1628 ohci1394 - ok
14:48:38.0347 1628 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
14:48:38.0347 1628 Parport - ok
14:48:38.0393 1628 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
14:48:38.0393 1628 partmgr - ok
14:48:38.0471 1628 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
14:48:38.0471 1628 pci - ok
14:48:38.0487 1628 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
14:48:38.0487 1628 pciide - ok
14:48:38.0503 1628 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
14:48:38.0503 1628 pcmcia - ok
14:48:38.0549 1628 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
14:48:38.0549 1628 pcw - ok
14:48:38.0643 1628 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
14:48:38.0659 1628 PEAUTH - ok
14:48:38.0830 1628 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
14:48:38.0846 1628 PptpMiniport - ok
14:48:38.0955 1628 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
14:48:38.0955 1628 Processor - ok
14:48:39.0095 1628 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
14:48:39.0111 1628 Psched - ok
14:48:39.0251 1628 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
14:48:39.0251 1628 PxHlpa64 - ok
14:48:39.0314 1628 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
14:48:39.0329 1628 ql2300 - ok
14:48:39.0454 1628 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
14:48:39.0454 1628 ql40xx - ok
14:48:39.0563 1628 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
14:48:39.0563 1628 QWAVEdrv - ok
14:48:39.0610 1628 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
14:48:39.0610 1628 RasAcd - ok
14:48:39.0735 1628 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
14:48:39.0735 1628 RasAgileVpn - ok
14:48:39.0875 1628 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
14:48:39.0875 1628 Rasl2tp - ok
14:48:40.0031 1628 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
14:48:40.0031 1628 RasPppoe - ok
14:48:40.0187 1628 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
14:48:40.0187 1628 RasSstp - ok
14:48:40.0297 1628 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
14:48:40.0297 1628 rdbss - ok
14:48:40.0390 1628 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
14:48:40.0390 1628 rdpbus - ok
14:48:40.0531 1628 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
14:48:40.0531 1628 RDPCDD - ok
14:48:40.0655 1628 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
14:48:40.0655 1628 RDPENCDD - ok
14:48:40.0796 1628 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
14:48:40.0796 1628 RDPREFMP - ok
14:48:40.0811 1628 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
14:48:40.0811 1628 RDPWD - ok
14:48:40.0952 1628 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
14:48:40.0967 1628 rdyboost - ok
14:48:41.0123 1628 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
14:48:41.0123 1628 RFCOMM - ok
14:48:41.0279 1628 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
14:48:41.0279 1628 rspndr - ok
14:48:41.0420 1628 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
14:48:41.0467 1628 RSUSBSTOR - ok
14:48:41.0607 1628 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\windows\system32\DRIVERS\Rt64win7.sys
14:48:41.0623 1628 RTL8167 - ok
14:48:41.0732 1628 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
14:48:41.0732 1628 sbp2port - ok
14:48:41.0857 1628 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
14:48:41.0872 1628 scfilter - ok
14:48:42.0169 1628 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
14:48:42.0169 1628 secdrv - ok
14:48:42.0387 1628 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
14:48:42.0387 1628 Serenum - ok
14:48:42.0512 1628 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
14:48:42.0512 1628 Serial - ok
14:48:42.0668 1628 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
14:48:42.0668 1628 sermouse - ok
14:48:42.0855 1628 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
14:48:42.0871 1628 sffdisk - ok
14:48:43.0011 1628 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
14:48:43.0027 1628 sffp_mmc - ok
14:48:43.0136 1628 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
14:48:43.0136 1628 sffp_sd - ok
14:48:43.0167 1628 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
14:48:43.0167 1628 sfloppy - ok
14:48:43.0292 1628 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
14:48:43.0292 1628 SiSRaid2 - ok
14:48:43.0401 1628 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
14:48:43.0401 1628 SiSRaid4 - ok
14:48:43.0541 1628 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
14:48:43.0541 1628 Smb - ok
14:48:43.0697 1628 SMR210 (03573da7c4abcf5591ad4d8c96736b00) C:\windows\system32\drivers\SMR210.SYS
14:48:43.0697 1628 SMR210 - ok
14:48:43.0838 1628 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
14:48:43.0838 1628 spldr - ok
14:48:43.0994 1628 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\N360x64\0501000.01D\SRTSP64.SYS
14:48:43.0994 1628 SRTSP - ok
14:48:44.0150 1628 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
14:48:44.0150 1628 SRTSPX - ok
14:48:44.0275 1628 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
14:48:44.0275 1628 srv - ok
14:48:44.0399 1628 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
14:48:44.0415 1628 srv2 - ok
14:48:44.0509 1628 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
14:48:44.0524 1628 srvnet - ok
14:48:44.0665 1628 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
14:48:44.0665 1628 stexstor - ok
14:48:44.0852 1628 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\windows\system32\DRIVERS\stwrt64.sys
14:48:44.0867 1628 STHDA - ok
14:48:45.0023 1628 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
14:48:45.0023 1628 swenum - ok
14:48:45.0179 1628 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
14:48:45.0179 1628 SymDS - ok
14:48:45.0367 1628 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
14:48:45.0382 1628 SymEFA - ok
14:48:45.0507 1628 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
14:48:45.0507 1628 SymEvent - ok
14:48:45.0569 1628 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
14:48:45.0569 1628 SymIRON - ok
14:48:45.0710 1628 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS
14:48:45.0710 1628 SymNetS - ok
14:48:45.0897 1628 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
14:48:45.0928 1628 Tcpip - ok
14:48:46.0100 1628 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
14:48:46.0131 1628 TCPIP6 - ok
14:48:46.0225 1628 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
14:48:46.0225 1628 tcpipreg - ok
14:48:46.0334 1628 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
14:48:46.0349 1628 TDPIPE - ok
14:48:46.0443 1628 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
14:48:46.0443 1628 TDTCP - ok
14:48:46.0568 1628 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
14:48:46.0568 1628 tdx - ok
14:48:46.0661 1628 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
14:48:46.0661 1628 TermDD - ok
14:48:46.0817 1628 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
14:48:46.0817 1628 tssecsrv - ok
14:48:46.0973 1628 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
14:48:46.0973 1628 TsUsbFlt - ok
14:48:47.0083 1628 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
14:48:47.0083 1628 TsUsbGD - ok
14:48:47.0223 1628 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
14:48:47.0223 1628 tunnel - ok
14:48:47.0254 1628 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
14:48:47.0254 1628 uagp35 - ok
14:48:47.0363 1628 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
14:48:47.0363 1628 udfs - ok
14:48:47.0504 1628 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
14:48:47.0504 1628 uliagpkx - ok
14:48:47.0519 1628 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
14:48:47.0519 1628 umbus - ok
14:48:47.0535 1628 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
14:48:47.0535 1628 UmPass - ok
14:48:47.0551 1628 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys
14:48:47.0551 1628 usbccgp - ok
14:48:47.0675 1628 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
14:48:47.0675 1628 usbcir - ok
14:48:47.0785 1628 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
14:48:47.0800 1628 usbehci - ok
14:48:47.0925 1628 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
14:48:47.0941 1628 usbhub - ok
14:48:48.0050 1628 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
14:48:48.0081 1628 usbohci - ok
14:48:48.0175 1628 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
14:48:48.0175 1628 usbprint - ok
14:48:48.0299 1628 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
14:48:48.0315 1628 USBSTOR - ok
14:48:48.0409 1628 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
14:48:48.0440 1628 usbuhci - ok
14:48:48.0580 1628 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
14:48:48.0580 1628 usbvideo - ok
14:48:48.0705 1628 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
14:48:48.0705 1628 vdrvroot - ok
14:48:48.0861 1628 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
14:48:48.0861 1628 vga - ok
14:48:48.0970 1628 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
14:48:48.0970 1628 VgaSave - ok
14:48:49.0079 1628 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
14:48:49.0079 1628 vhdmp - ok
14:48:49.0189 1628 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
14:48:49.0189 1628 viaide - ok
14:48:49.0204 1628 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
14:48:49.0204 1628 volmgr - ok
14:48:49.0313 1628 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
14:48:49.0329 1628 volmgrx - ok
14:48:49.0438 1628 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
14:48:49.0438 1628 volsnap - ok
14:48:49.0579 1628 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
14:48:49.0579 1628 vsmraid - ok
14:48:49.0688 1628 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
14:48:49.0688 1628 vwifibus - ok
14:48:49.0813 1628 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
14:48:49.0828 1628 vwififlt - ok
14:48:49.0953 1628 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
14:48:49.0953 1628 WacomPen - ok
14:48:50.0093 1628 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
14:48:50.0093 1628 WANARP - ok
14:48:50.0093 1628 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
14:48:50.0093 1628 Wanarpv6 - ok
14:48:50.0249 1628 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
14:48:50.0249 1628 Wd - ok
14:48:50.0374 1628 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
14:48:50.0390 1628 Wdf01000 - ok
14:48:50.0530 1628 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
14:48:50.0530 1628 WfpLwf - ok
14:48:50.0671 1628 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
14:48:50.0686 1628 WimFltr - ok
14:48:50.0795 1628 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
14:48:50.0795 1628 WIMMount - ok
14:48:50.0983 1628 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
14:48:50.0983 1628 WmiAcpi - ok
14:48:51.0139 1628 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
14:48:51.0139 1628 ws2ifsl - ok
14:48:51.0295 1628 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
14:48:51.0310 1628 WudfPf - ok
14:48:51.0435 1628 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
14:48:51.0435 1628 WUDFRd - ok
14:48:51.0497 1628 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:48:51.0560 1628 \Device\Harddisk0\DR0 - ok
14:48:51.0575 1628 Boot (0x1200) (17e6064b18aa88ed8319b3238fe06a25) \Device\Harddisk0\DR0\Partition0
14:48:51.0575 1628 \Device\Harddisk0\DR0\Partition0 - ok
14:48:51.0591 1628 Boot (0x1200) (723ffebde086355ce5f5c8e20d4fdb4a) \Device\Harddisk0\DR0\Partition1
14:48:51.0591 1628 \Device\Harddisk0\DR0\Partition1 - ok
14:48:51.0591 1628 ============================================================
14:48:51.0591 1628 Scan finished
14:48:51.0591 1628 ============================================================
14:48:51.0607 4880 Detected object count: 0
14:48:51.0607 4880 Actual detected object count: 0
14:51:11.0072 4656 Deinitialize success


link to jotti scan

http://virusscan.jotti.org/en/scanresul ... e1dfa04e5b
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware