Tech Support banner

Status
Not open for further replies.
1 - 20 of 45 Posts

·
Registered
Joined
·
40 Posts
Discussion Starter #1
Following advise from a forum mod i am following the steps to run the DDS & GMER reports so i can post them with details of my system problems.

I have ran the GMER report with no issues but when i ran the DDS yesterday it ran for over 5 hours without producing anything? It was also at this point when my little girl decided to switch off the laptop as a joke!!

I've set it off again this morning but was just wondering how long it should take?

Cheers

CW

:confused:
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Hello CW,

I'm going to have you try another version of dds. Download DDS.exe from here

Double click to start the tool.

In the panel, click 'Options for dds.txt' to expand the choices.
  • Check the box next to 'attach.txt'
  • Uncheck the box next to 'check mbr'
  • Click Start
Post both logs when it has completed.
 

·
Registered
Joined
·
40 Posts
Discussion Starter #3
Ried,

Many thanks for the new link. Will try later at home. Do you want me to post them on a new link with details of the problems i'm encountering?

CW
 

·
Registered
Joined
·
40 Posts
Discussion Starter #4
Internet Connection Issues

Ried,Thanks for the new DDS link, it worked straight away!! Anyway, down to business:I have a Dell Latitude D410 laptop running Windows XP Pro SP3. Am able to access internet using IE8 but when i have tried to install new software (Firefox, AVG Free 2012 & Minecraft) or update existing software (iTunes) neither will work as they state I need a valid internet connection. The laptop does not seem to recognise that it does have a valid connection!!DDS TXT:DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702Run by Administrator at 17:36:31 on 2012-08-15#Option MBR scan is disabled.Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.679 [GMT 1:00].AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: Norton Internet Security *Enabled* .============== Running Processes ================.C:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.acC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.acC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k bthsvcsC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\svchost.exe -k HTTPFilter.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8uWindow Title = Windows Internet Explorer provided by Yahoo!uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - uURLSearchHooks: {00A6FAF6-072E-44cf-8957-5838F569A31D} - dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exeuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgroundmRun: [igfxtray] c:\windows\system32\igfxtray.exemRun: [igfxhkcmd] c:\windows\system32\hkcmd.exemRun: [igfxpers] c:\windows\system32\igfxpers.exemRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/WirelessmRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentmRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjM5OTgwMTM1LUZQOTIrNi1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEMrMS1MSUMrNzctRkwxMCsxLVRVRyszLVNQMSsxLVNVRCsxLVMxSSsxLVNVMysxLUREVCsxMTAyNy1ERDEwRisxLVNUMTBGQVBQKzE"&"prod=90"&"ver=10.0.1392dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXEuPolicies-Explorer: NoDriveTypeAutoRun = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342455245765DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cabTCP: NameServer = 192.168.1.1TCP: Interfaces\{C7954436-61E9-44A2-8F7D-7669410E3762} : DHCPNameServer = 192.168.1.1Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dllNotify: igfxcui - igfxdev.dllmASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-8-31 340088]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-8-31 744568]R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20110812.001\BHDrvx86.sys [2011-8-12 815736]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-8-31 136312]R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2009-10-5 88192]R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20110830.030\IDSXpx86.sys [2011-8-30 356280]S0 cerc6;cerc6; [x]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S2 aswFsBlk;aswFsBlk; [x]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110830.017\naveng.sys [2011-8-31 86136]S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110830.017\navex15.sys [2011-8-31 1576312]S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?].=============== Created Last 30 ================.2012-08-08 20:49:24 -------- d-----w- c:\program files\CCleaner2012-08-08 20:49:23 -------- d-----w- c:\program files\Sigmatel2012-08-08 20:45:57 -------- d-----w- c:\program files\AVG2012-08-08 20:45:39 -------- d-----w- c:\program files\Norton Internet Security2012-08-08 20:45:37 -------- d-----w- c:\program files\NortonInstaller2012-08-08 19:08:48 -------- d-----w- c:\program files\AVAST Software2012-08-08 19:08:48 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software2012-08-04 11:31:05 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2012-08-04 11:31:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-08-04 11:31:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-07-26 20:09:47 -------- d-----w- c:\documents and settings\all users\application data\MFAData.==================== Find3M ====================.2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll2012-06-02 14:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui2012-06-02 14:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl2012-06-02 14:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui2012-06-02 14:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui2012-06-02 14:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll.============= FINISH: 17:37:00.12 ===============
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
No, please post the logs in this thread. :smile:
 

·
Registered
Joined
·
40 Posts
Discussion Starter #6
No, please post the logs in this thread. :smile:
Oops, have tried to re post under another thread!! However i've encountered problems attaching the ZIP file.

I'm in the process of transfering the logs & DDS txt to my desktop to see if thats any better. If so i'll post the logs.

Can you arrange for the other post to be deleted?

CW
 

·
Registered
Joined
·
40 Posts
Discussion Starter #7
The computer is a Dell Latitude D410 laptop running Windows XP Pro SP3. Am able to access internet using IE8 but when i have tried to install new software (Firefox, AVG Free 2012 & Minecraft) or update existing software (iTunes) neither will work as they state I need a valid internet connection. The laptop does not seem to recognise that it does have a valid connection!!

DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 17:36:31 on 2012-08-15
#Option MBR scan is disabled.
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.679 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

Hope I've done everything OK.

Cheers.

CW
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Hi CW,

I've merged the threads. :smile:

The log seems to be cut off. Can you please try again to copy/paste all of it? If you can't zip and attach, that's fine. Just attaching as a .txt file will do.
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
The attachment is great, thanks. :smile:

Now if you could get me the full dds.txt, we'd be all set to get started. :smile:
 

·
Registered
Joined
·
40 Posts
Discussion Starter #11
I need to slow down!! Full log below!!

DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 17:36:31 on 2012-08-15
#Option MBR scan is disabled.
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.679 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uURLSearchHooks: {00A6FAF6-072E-44cf-8957-5838F569A31D} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - <orphaned>
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjM5OTgwMTM1LUZQOTIrNi1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEMrMS1MSUMrNzctRkwxMCsxLVRVRyszLVNQMSsxLVNVRCsxLVMxSSsxLVNVMysxLUREVCsxMTAyNy1ERDEwRisxLVNUMTBGQVBQKzE"&"prod=90"&"ver=10.0.1392
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342455245765
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C7954436-61E9-44A2-8F7D-7669410E3762} : DHCPNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - <orphaned>
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-8-31 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-8-31 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20110812.001\BHDrvx86.sys [2011-8-12 815736]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-8-31 136312]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2009-10-5 88192]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20110830.030\IDSXpx86.sys [2011-8-30 356280]
S0 cerc6;cerc6; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110830.017\naveng.sys [2011-8-31 86136]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110830.017\navex15.sys [2011-8-31 1576312]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]
.
=============== Created Last 30 ================
.
2012-08-08 20:49:24 -------- d-----w- c:\program files\CCleaner
2012-08-08 20:49:23 -------- d-----w- c:\program files\Sigmatel
2012-08-08 20:45:57 -------- d-----w- c:\program files\AVG
2012-08-08 20:45:39 -------- d-----w- c:\program files\Norton Internet Security
2012-08-08 20:45:37 -------- d-----w- c:\program files\NortonInstaller
2012-08-08 19:08:48 -------- d-----w- c:\program files\AVAST Software
2012-08-08 19:08:48 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-08-04 11:31:05 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-08-04 11:31:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-04 11:31:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-26 20:09:47 -------- d-----w- c:\documents and settings\all users\application data\MFAData
.
==================== Find3M ====================
.
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 14:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 17:37:00.12 ===============


:whistling:
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Thanks. :smile:

I highly suspect you are infected with what's known as ZAccess or Sirefef. I'd like for you to run one more scan for confirmation before we begin removal process.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.
 

·
Registered
Joined
·
40 Posts
Discussion Starter #13
Came back with no objects found!!Log:23:49:56.0953 3792 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:0523:49:57.0062 3792 ============================================================23:49:57.0062 3792 Current date / time: 2012/08/15 23:49:57.006223:49:57.0062 3792 SystemInfo:23:49:57.0062 3792 23:49:57.0062 3792 OS Version: 5.1.2600 ServicePack: 3.023:49:57.0062 3792 Product type: Workstation23:49:57.0062 3792 ComputerName: DELL-F99E45B6C123:49:57.0062 3792 UserName: Administrator23:49:57.0062 3792 Windows directory: C:\WINDOWS23:49:57.0062 3792 System windows directory: C:\WINDOWS23:49:57.0062 3792 Processor architecture: Intel x8623:49:57.0062 3792 Number of processors: 123:49:57.0062 3792 Page size: 0x100023:49:57.0062 3792 Boot type: Normal boot23:49:57.0062 3792 ============================================================23:49:58.0734 3792 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005423:49:58.0734 3792 ============================================================23:49:58.0734 3792 \Device\Harddisk0\DR0:23:49:58.0734 3792 MBR partitions:23:49:58.0734 3792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C123:49:58.0734 3792 ============================================================23:49:58.0750 3792 C: \Device\Harddisk0\DR0\Partition123:49:58.0750 3792 ============================================================23:49:58.0750 3792 Initialize success23:49:58.0750 3792 ============================================================23:50:08.0765 2652 ============================================================23:50:08.0765 2652 Scan started23:50:08.0765 2652 Mode: Manual; 23:50:08.0765 2652 ============================================================23:50:09.0796 2652 ================ Scan services =============================23:50:09.0906 2652 Aavmker4 - ok23:50:09.0906 2652 Abiosdsk - ok23:50:09.0921 2652 abp480n5 - ok23:50:10.0015 2652 [ adc420616c501b45d26c0fd3ef1e54e4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe23:50:10.0015 2652 ACDaemon - ok23:50:10.0062 2652 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys23:50:10.0078 2652 ACPI - ok23:50:10.0093 2652 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys23:50:10.0109 2652 ACPIEC - ok23:50:10.0109 2652 adpu160m - ok23:50:10.0156 2652 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys23:50:10.0171 2652 aec - ok23:50:10.0203 2652 [ 375eb0b97e3950adef3633c27a82438b ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys23:50:10.0203 2652 AegisP - ok23:50:10.0234 2652 [ fe3ea6e9afc1a78e6edca121e006afb7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys23:50:10.0234 2652 Afc - ok23:50:10.0281 2652 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys23:50:10.0296 2652 AFD - ok23:50:10.0296 2652 Aha154x - ok23:50:10.0312 2652 aic78u2 - ok23:50:10.0328 2652 aic78xx - ok23:50:10.0359 2652 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll23:50:10.0375 2652 Alerter - ok23:50:10.0406 2652 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe23:50:10.0406 2652 ALG - ok23:50:10.0406 2652 AliIde - ok23:50:10.0421 2652 amsint - ok23:50:10.0453 2652 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll23:50:10.0468 2652 AppMgmt - ok23:50:10.0484 2652 asc - ok23:50:10.0484 2652 asc3350p - ok23:50:10.0500 2652 asc3550 - ok23:50:10.0500 2652 aswFsBlk - ok23:50:10.0515 2652 aswMon2 - ok23:50:10.0515 2652 AswRdr - ok23:50:10.0531 2652 aswSnx - ok23:50:10.0546 2652 aswSP - ok23:50:10.0562 2652 aswTdi - ok23:50:10.0578 2652 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys23:50:10.0578 2652 AsyncMac - ok23:50:10.0593 2652 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys23:50:10.0593 2652 atapi - ok23:50:10.0593 2652 Atdisk - ok23:50:10.0625 2652 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys23:50:10.0625 2652 Atmarpc - ok23:50:10.0656 2652 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll23:50:10.0656 2652 AudioSrv - ok23:50:10.0687 2652 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys23:50:10.0687 2652 audstub - ok23:50:10.0703 2652 AVGIDSShim - ok23:50:10.0734 2652 [ b9391a83f075351c923c3a37c53af396 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys23:50:10.0734 2652 b57w2k - ok23:50:10.0765 2652 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys23:50:10.0765 2652 Beep - ok23:50:10.0906 2652 [ f7ff24bb7714247f27b615b3a7d8b132 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110812.001\BHDrvx86.sys23:50:10.0921 2652 BHDrvx86 - ok23:50:10.0984 2652 [ 574738f61fca2935f5265dc4e5691314 ] BITS C:\WINDOWS\system32\qmgr.dll23:50:10.0984 2652 BITS - ok23:50:11.0031 2652 [ cfd4e51402da9838b5a04ae680af54a0 ] Browser C:\WINDOWS\System32\browser.dll23:50:11.0031 2652 Browser - ok23:50:11.0062 2652 [ b279426e3c0c344893ed78a613a73bde ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys23:50:11.0062 2652 BthEnum - ok23:50:11.0093 2652 [ 80602b8746d3738f5886ce3d67ef06b6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys23:50:11.0093 2652 BthPan - ok23:50:11.0125 2652 [ 662bfd909447dd9cc15b1a1c366583b4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys23:50:11.0140 2652 BTHPORT - ok23:50:11.0187 2652 [ f4c43c66471b87996d95db7a3a664a37 ] BthServ C:\WINDOWS\System32\bthserv.dll23:50:11.0187 2652 BthServ - ok23:50:11.0234 2652 [ 61364cd71ef63b0f038b7e9df00f1efa ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys23:50:11.0234 2652 BTHUSB - ok23:50:11.0281 2652 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys23:50:11.0281 2652 cbidf2k - ok23:50:11.0296 2652 cd20xrnt - ok23:50:11.0359 2652 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys23:50:11.0359 2652 Cdaudio - ok23:50:11.0375 2652 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys23:50:11.0375 2652 Cdfs - ok23:50:11.0406 2652 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys23:50:11.0406 2652 Cdrom - ok23:50:11.0421 2652 cerc6 - ok23:50:11.0437 2652 Changer - ok23:50:11.0468 2652 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe23:50:11.0531 2652 CiSvc - ok23:50:11.0890 2652 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe23:50:11.0890 2652 ClipSrv - ok23:50:11.0921 2652 [ 0f6c187d38d98f8df904589a5f94d411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys23:50:11.0921 2652 CmBatt - ok23:50:11.0937 2652 CmdIde - ok23:50:11.0937 2652 [ 6e4c9f21f0fae8940661144f41b13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys23:50:11.0953 2652 Compbatt - ok23:50:11.0953 2652 COMSysApp - ok23:50:11.0968 2652 Cpqarray - ok23:50:11.0984 2652 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll23:50:11.0984 2652 CryptSvc - ok23:50:12.0000 2652 dac2w2k - ok23:50:12.0000 2652 dac960nt - ok23:50:12.0062 2652 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll23:50:12.0062 2652 DcomLaunch - ok23:50:12.0140 2652 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll23:50:12.0140 2652 Dhcp - ok23:50:12.0156 2652 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys23:50:12.0156 2652 Disk - ok23:50:12.0171 2652 dmadmin - ok23:50:12.0218 2652 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys23:50:12.0250 2652 dmboot - ok23:50:12.0281 2652 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys23:50:12.0281 2652 dmio - ok23:50:12.0312 2652 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys23:50:12.0312 2652 dmload - ok23:50:12.0343 2652 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll23:50:12.0343 2652 dmserver - ok23:50:12.0375 2652 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys23:50:12.0375 2652 DMusic - ok23:50:12.0437 2652 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll23:50:12.0437 2652 Dnscache - ok23:50:12.0468 2652 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll23:50:12.0484 2652 Dot3svc - ok23:50:12.0484 2652 dpti2o - ok23:50:12.0515 2652 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys23:50:12.0515 2652 drmkaud - ok23:50:12.0546 2652 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll23:50:12.0562 2652 EapHost - ok23:50:12.0578 2652 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll23:50:12.0593 2652 ERSvc - ok23:50:12.0640 2652 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe23:50:12.0640 2652 Eventlog - ok23:50:12.0687 2652 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\system32\es.dll23:50:12.0703 2652 EventSystem - ok23:50:12.0781 2652 [ 4c6fa3fd55087b7c35707068723a1710 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe23:50:12.0812 2652 EvtEng - ok23:50:12.0859 2652 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys23:50:12.0859 2652 Fastfat - ok23:50:12.0906 2652 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll23:50:12.0937 2652 FastUserSwitchingCompatibility - ok23:50:12.0953 2652 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys23:50:12.0953 2652 Fdc - ok23:50:12.0984 2652 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys23:50:12.0984 2652 Fips - ok23:50:13.0000 2652 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys23:50:13.0000 2652 Flpydisk - ok23:50:13.0046 2652 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys23:50:13.0062 2652 FltMgr - ok23:50:13.0078 2652 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys23:50:13.0078 2652 Fs_Rec - ok23:50:13.0093 2652 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys23:50:13.0109 2652 Ftdisk - ok23:50:13.0140 2652 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys23:50:13.0156 2652 GEARAspiWDM - ok23:50:13.0156 2652 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys23:50:13.0171 2652 Gpc - ok23:50:13.0203 2652 [ ca835331825599b938e37525796d3549 ] GTIPCI21 C:\WINDOWS\system32\DRIVERS\gtipci21.sys23:50:13.0218 2652 GTIPCI21 - ok23:50:13.0296 2652 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll23:50:13.0296 2652 helpsvc - ok23:50:13.0312 2652 HidServ - ok23:50:13.0343 2652 [ ccf82c5ec8a7326c3066de870c06daf1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys23:50:13.0343 2652 HidUsb - ok23:50:13.0375 2652 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll23:50:13.0390 2652 hkmsvc - ok23:50:13.0390 2652 hpn - ok23:50:13.0437 2652 [ a84bbbdd125d370593004f6429f8445c ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys23:50:13.0437 2652 HSFHWICH - ok23:50:13.0515 2652 [ b678fa91cf4a1c19b462d8db04cd02ab ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS23:50:13.0562 2652 HSF_DPV - ok23:50:13.0625 2652 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys23:50:13.0625 2652 HTTP - ok23:50:13.0671 2652 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll23:50:13.0671 2652 HTTPFilter - ok23:50:13.0687 2652 i2omgmt - ok23:50:13.0703 2652 i2omp - ok23:50:13.0734 2652 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys23:50:13.0750 2652 i8042prt - ok23:50:13.0843 2652 [ 643162fbc619e35d3f1a90a095a5bb42 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys23:50:13.0906 2652 ialm - ok23:50:14.0015 2652 [ e72d3894d42355e9cd5fd77e1e4fea11 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110830.030\IDSxpx86.sys23:50:14.0015 2652 IDSxpx86 - ok23:50:14.0046 2652 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys23:50:14.0046 2652 Imapi - ok23:50:14.0093 2652 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\WINDOWS\system32\imapi.exe23:50:14.0093 2652 ImapiService - ok23:50:14.0109 2652 ini910u - ok23:50:14.0156 2652 [ b5466a9250342a7aa0cd1fba13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys23:50:14.0156 2652 IntelIde - ok23:50:14.0203 2652 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys23:50:14.0218 2652 intelppm - ok23:50:14.0234 2652 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys23:50:14.0234 2652 Ip6Fw - ok23:50:14.0296 2652 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys23:50:14.0296 2652 IpFilterDriver - ok23:50:14.0296 2652 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys23:50:14.0312 2652 IpInIp - ok23:50:14.0343 2652 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys23:50:14.0343 2652 IpNat - ok23:50:14.0390 2652 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys23:50:14.0390 2652 IPSec - ok23:50:14.0437 2652 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys23:50:14.0437 2652 IRENUM - ok23:50:14.0468 2652 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys23:50:14.0468 2652 isapnp - ok23:50:14.0515 2652 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys23:50:14.0515 2652 Kbdclass - ok23:50:14.0546 2652 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys23:50:14.0562 2652 kmixer - ok23:50:14.0593 2652 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys23:50:14.0593 2652 KSecDD - ok23:50:14.0625 2652 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll23:50:14.0640 2652 LanmanServer - ok23:50:14.0687 2652 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll23:50:14.0687 2652 lanmanworkstation - ok23:50:14.0703 2652 lbrtfdc - ok23:50:14.0734 2652 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll23:50:14.0734 2652 LmHosts - ok23:50:14.0781 2652 [ 3c318b9cd391371bed62126581ee9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys23:50:14.0781 2652 mdmxsdk - ok23:50:14.0796 2652 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll23:50:14.0812 2652 Messenger - ok23:50:14.0843 2652 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys23:50:14.0843 2652 mnmdd - ok23:50:14.0875 2652 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe23:50:14.0875 2652 mnmsrvc - ok23:50:14.0890 2652 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys23:50:14.0906 2652 Modem - ok23:50:14.0921 2652 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys23:50:14.0921 2652 Mouclass - ok23:50:14.0937 2652 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys23:50:14.0953 2652 mouhid - ok23:50:14.0968 2652 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys23:50:14.0968 2652 MountMgr - ok23:50:14.0984 2652 mraid35x - ok23:50:15.0015 2652 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys23:50:15.0031 2652 MRxDAV - ok23:50:15.0109 2652 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys23:50:15.0125 2652 MRxSmb - ok23:50:15.0171 2652 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\system32\msdtc.exe23:50:15.0171 2652 MSDTC - ok23:50:15.0203 2652 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys23:50:15.0203 2652 Msfs - ok23:50:15.0218 2652 MSIServer - ok23:50:15.0265 2652 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys23:50:15.0265 2652 MSKSSRV - ok23:50:15.0281 2652 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys23:50:15.0296 2652 MSPCLOCK - ok23:50:15.0312 2652 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys23:50:15.0312 2652 MSPQM - ok23:50:15.0359 2652 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys23:50:15.0359 2652 mssmbios - ok23:50:15.0390 2652 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys23:50:15.0390 2652 Mup - ok23:50:15.0437 2652 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll23:50:15.0453 2652 napagent - ok23:50:15.0578 2652 [ 862f55824ac81295837b0ab63f91071f ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110830.017\NAVENG.SYS23:50:15.0578 2652 NAVENG - ok23:50:15.0671 2652 [ 529d571b551cb9da44237389b936f1ae ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110830.017\NAVEX15.SYS23:50:15.0750 2652 NAVEX15 - ok23:50:15.0781 2652 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys23:50:15.0796 2652 NDIS - ok23:50:15.0859 2652 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys23:50:15.0859 2652 NdisTapi - ok23:50:15.0890 2652 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys23:50:15.0890 2652 Ndisuio - ok23:50:15.0953 2652 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys23:50:15.0953 2652 NdisWan - ok23:50:15.0968 2652 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys23:50:15.0984 2652 NDProxy - ok23:50:15.0984 2652 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys23:50:15.0984 2652 NetBIOS - ok23:50:16.0015 2652 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys23:50:16.0015 2652 NetBT - ok23:50:16.0062 2652 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe23:50:16.0078 2652 NetDDE - ok23:50:16.0078 2652 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe23:50:16.0078 2652 NetDDEdsdm - ok23:50:16.0109 2652 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\system32\lsass.exe23:50:16.0109 2652 Netlogon - ok23:50:16.0125 2652 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll23:50:16.0140 2652 Netman - ok23:50:16.0171 2652 [ 943337d786a56729263071623bbb9de5 ] Nla C:\WINDOWS\System32\mswsock.dll23:50:16.0187 2652 Nla - ok23:50:16.0203 2652 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys23:50:16.0203 2652 Npfs - ok23:50:16.0312 2652 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys23:50:16.0546 2652 Ntfs - ok23:50:16.0562 2652 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe23:50:16.0562 2652 NtLmSsp - ok23:50:16.0609 2652 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll23:50:16.0640 2652 NtmsSvc - ok23:50:16.0671 2652 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys23:50:16.0671 2652 Null - ok23:50:16.0718 2652 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys23:50:16.0718 2652 NwlnkFlt - ok23:50:16.0734 2652 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys23:50:16.0734 2652 NwlnkFwd - ok23:50:16.0781 2652 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys23:50:16.0781 2652 Parport - ok23:50:16.0796 2652 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys23:50:16.0796 2652 PartMgr - ok23:50:16.0828 2652 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys23:50:16.0843 2652 ParVdm - ok23:50:16.0843 2652 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys23:50:16.0859 2652 PCI - ok23:50:16.0859 2652 PCIDump - ok23:50:16.0890 2652 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys23:50:16.0890 2652 PCIIde - ok23:50:16.0906 2652 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys23:50:16.0906 2652 Pcmcia - ok23:50:16.0921 2652 PDCOMP - ok23:50:16.0937 2652 PDFRAME - ok23:50:16.0937 2652 PDRELI - ok23:50:16.0953 2652 PDRFRAME - ok23:50:16.0968 2652 perc2 - ok23:50:16.0984 2652 perc2hib - ok23:50:17.0031 2652 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe23:50:17.0031 2652 PlugPlay - ok23:50:17.0046 2652 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe23:50:17.0046 2652 PolicyAgent - ok23:50:17.0078 2652 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys23:50:17.0078 2652 PptpMiniport - ok23:50:17.0078 2652 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe23:50:17.0078 2652 ProtectedStorage - ok23:50:17.0109 2652 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys23:50:17.0109 2652 PSched - ok23:50:17.0125 2652 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys23:50:17.0125 2652 Ptilink - ok23:50:17.0140 2652 ql1080 - ok23:50:17.0140 2652 Ql10wnt - ok23:50:17.0156 2652 ql12160 - ok23:50:17.0171 2652 ql1240 - ok23:50:17.0187 2652 ql1280 - ok23:50:17.0218 2652 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys23:50:17.0218 2652 RasAcd - ok23:50:17.0250 2652 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll23:50:17.0265 2652 RasAuto - ok23:50:17.0281 2652 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys23:50:17.0281 2652 Rasl2tp - ok23:50:17.0312 2652 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll23:50:17.0328 2652 RasMan - ok23:50:17.0343 2652 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys23:50:17.0343 2652 RasPppoe - ok23:50:17.0375 2652 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys23:50:17.0375 2652 Raspti - ok23:50:17.0390 2652 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys23:50:17.0406 2652 Rdbss - ok23:50:17.0421 2652 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys23:50:17.0421 2652 RDPCDD - ok23:50:17.0468 2652 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys23:50:17.0484 2652 rdpdr - ok23:50:17.0531 2652 [ 43af5212bd8fb5ba6eed9754358bd8f7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys23:50:17.0531 2652 RDPWD - ok23:50:17.0578 2652 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe23:50:17.0593 2652 RDSessMgr - ok23:50:17.0609 2652 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys23:50:17.0609 2652 redbook - ok23:50:17.0656 2652 [ 8ac155995f5d10fc0d3ad949a1a68075 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe23:50:17.0656 2652 RegSrvc - ok23:50:17.0703 2652 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll23:50:17.0703 2652 RemoteAccess - ok23:50:17.0734 2652 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll23:50:17.0734 2652 RemoteRegistry - ok23:50:17.0781 2652 [ 851c30df2807fcfa21e4c681a7d6440e ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys23:50:17.0781 2652 RFCOMM - ok23:50:17.0812 2652 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\system32\locator.exe23:50:17.0812 2652 RpcLocator - ok23:50:17.0859 2652 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\system32\rpcss.dll23:50:17.0875 2652 RpcSs - ok23:50:17.0921 2652 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\system32\rsvp.exe23:50:17.0921 2652 RSVP - ok23:50:18.0000 2652 [ 131d50f081d2e29ebd1365b21f6b9736 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe23:50:18.0046 2652 S24EventMonitor - ok23:50:18.0062 2652 [ e2c6abcbefb1d44f6aaeb1cd5d6062d4 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys23:50:18.0062 2652 s24trans - ok23:50:18.0078 2652 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe23:50:18.0078 2652 SamSs - ok23:50:18.0125 2652 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe23:50:18.0140 2652 SCardSvr - ok23:50:18.0203 2652 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll23:50:18.0203 2652 Schedule - ok23:50:18.0234 2652 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys23:50:18.0250 2652 Secdrv - ok23:50:18.0281 2652 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll23:50:18.0296 2652 seclogon - ok23:50:18.0296 2652 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll23:50:18.0312 2652 SENS - ok23:50:18.0328 2652 [ 0f29512ccd6bead730039fb4bd2c85ce ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys23:50:18.0328 2652 Serenum - ok23:50:18.0359 2652 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys23:50:18.0359 2652 Serial - ok23:50:18.0375 2652 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys23:50:18.0375 2652 Sfloppy - ok23:50:18.0406 2652 [ 83f41d0d89645d7235c051ab1d9523ac ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll23:50:18.0421 2652 SharedAccess - ok23:50:18.0437 2652 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll23:50:18.0453 2652 ShellHWDetection - ok23:50:18.0453 2652 Simbad - ok23:50:18.0500 2652 [ ddaa5f4a6b958fc313ebd02dd925752f ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe23:50:18.0500 2652 SkypeUpdate - ok23:50:18.0500 2652 Sparrow - ok23:50:18.0531 2652 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys23:50:18.0531 2652 splitter - ok23:50:18.0578 2652 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe23:50:18.0593 2652 Spooler - ok23:50:18.0625 2652 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys23:50:18.0625 2652 sr - ok23:50:18.0656 2652 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\system32\srsvc.dll23:50:18.0656 2652 srservice - ok23:50:18.0765 2652 [ 83726cf02eced69138948083e06b6eac ] SRTSP C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS23:50:18.0781 2652 SRTSP - ok23:50:18.0812 2652 [ 4e7eab2e5615d39cf1f1df9c71e5e225 ] SRTSPX C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS23:50:18.0812 2652 SRTSPX - ok23:50:18.0875 2652 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys23:50:18.0875 2652 Srv - ok23:50:18.0921 2652 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll23:50:18.0921 2652 SSDPSRV - ok23:50:18.0953 2652 [ 305cc42945a713347f978d78566113f3 ] STAC97 C:\WINDOWS\system32\drivers\STAC97.sys23:50:18.0968 2652 STAC97 - ok23:50:19.0015 2652 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll23:50:19.0031 2652 stisvc - ok23:50:19.0046 2652 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys23:50:19.0046 2652 swenum - ok23:50:19.0093 2652 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys23:50:19.0093 2652 swmidi - ok23:50:19.0109 2652 SwPrv - ok23:50:19.0125 2652 symc810 - ok23:50:19.0140 2652 symc8xx - ok23:50:19.0171 2652 [ 9bbeb8c6258e72d62e7560e6667aad39 ] SymDS C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS23:50:19.0187 2652 SymDS - ok23:50:19.0250 2652 [ d5c02629c02a820a7e71bca3d44294a3 ] SymEFA C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS23:50:19.0296 2652 SymEFA - ok23:50:19.0343 2652 [ ab33c3b196197ca467cbdda717860dba ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS23:50:19.0343 2652 SymEvent - ok23:50:19.0390 2652 [ a73399804d5d4a8b20ba60fcf70c9f1f ] SymIRON C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS23:50:19.0390 2652 SymIRON - ok23:50:19.0437 2652 [ dec35ccaf7a222df918306cd2fdfbd39 ] SYMTDI C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS23:50:19.0453 2652 SYMTDI - ok23:50:19.0453 2652 sym_hi - ok23:50:19.0468 2652 sym_u3 - ok23:50:19.0500 2652 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys23:50:19.0500 2652 sysaudio - ok23:50:19.0546 2652 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe23:50:19.0546 2652 SysmonLog - ok23:50:19.0578 2652 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll23:50:19.0593 2652 TapiSrv - ok23:50:19.0656 2652 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys23:50:19.0656 2652 Tcpip - ok23:50:19.0703 2652 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys23:50:19.0703 2652 TDPIPE - ok23:50:19.0718 2652 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys23:50:19.0734 2652 TDTCP - ok23:50:19.0750 2652 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys23:50:19.0750 2652 TermDD - ok23:50:19.0796 2652 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll23:50:19.0812 2652 TermService - ok23:50:19.0828 2652 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\WINDOWS\System32\shsvcs.dll23:50:19.0843 2652 Themes - ok23:50:19.0875 2652 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe23:50:19.0875 2652 TlntSvr - ok23:50:19.0890 2652 TosIde - ok23:50:19.0921 2652 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll23:50:19.0921 2652 TrkWks - ok23:50:19.0968 2652 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys23:50:19.0968 2652 Udfs - ok23:50:19.0984 2652 UIUSys - ok23:50:20.0000 2652 ultra - ok23:50:20.0046 2652 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys23:50:20.0062 2652 Update - ok23:50:20.0093 2652 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll23:50:20.0109 2652 upnphost - ok23:50:20.0125 2652 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe23:50:20.0140 2652 UPS - ok23:50:20.0156 2652 USBAAPL - ok23:50:20.0187 2652 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys23:50:20.0187 2652 usbehci - ok23:50:20.0203 2652 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys23:50:20.0218 2652 usbhub - ok23:50:20.0250 2652 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys23:50:20.0250 2652 usbscan - ok23:50:20.0281 2652 [ a32426d9b14a089eaa1d922e0c5801a9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS23:50:20.0281 2652 usbstor - ok23:50:20.0328 2652 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys23:50:20.0328 2652 usbuhci - ok23:50:20.0343 2652 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys23:50:20.0359 2652 VgaSave - ok23:50:20.0359 2652 ViaIde - ok23:50:20.0390 2652 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys23:50:20.0390 2652 VolSnap - ok23:50:20.0421 2652 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe23:50:20.0437 2652 VSS - ok23:50:20.0578 2652 [ f0608f3b5b6d16f4870e867f9d069b6b ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys23:50:20.0687 2652 w29n51 - ok23:50:20.0734 2652 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time C:\WINDOWS\system32\w32time.dll23:50:20.0734 2652 W32Time - ok23:50:20.0750 2652 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys23:50:20.0765 2652 Wanarp - ok23:50:20.0796 2652 [ d6efaf429fd30c5df613d220e344cce7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys23:50:20.0796 2652 WDC_SAM - ok23:50:20.0812 2652 WDICA - ok23:50:20.0843 2652 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys23:50:20.0843 2652 wdmaud - ok23:50:20.0875 2652 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll23:50:20.0875 2652 WebClient - ok23:50:20.0953 2652 [ 0c5b9cf1bdf998750d9c5eeb5f8c55ac ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys23:50:20.0984 2652 winachsf - ok23:50:21.0078 2652 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll23:50:21.0078 2652 winmgmt - ok23:50:21.0140 2652 [ 8880769b9f88918e27f8e7332aa1aa01 ] WLANKEEPER C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe23:50:21.0156 2652 WLANKEEPER - ok23:50:21.0187 2652 [ c7e39ea41233e9f5b86c8da3a9f1e4a8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll23:50:21.0187 2652 WmdmPmSN - ok23:50:21.0250 2652 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi C:\WINDOWS\System32\advapi32.dll23:50:21.0281 2652 Wmi - ok23:50:21.0312 2652 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe23:50:21.0312 2652 WmiApSrv - ok23:50:21.0375 2652 [ 7c278e6408d1dce642230c0585a854d5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll23:50:21.0375 2652 wscsvc - ok23:50:21.0781 2652 [ 35321fb577cdc98ce3eb3a3eb9e4610a ] wuauserv C:\WINDOWS\system32\wuauserv.dll23:50:21.0781 2652 wuauserv - ok23:50:21.0812 2652 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll23:50:21.0828 2652 WZCSVC - ok23:50:21.0859 2652 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll23:50:21.0906 2652 xmlprov - ok23:50:22.0000 2652 [ dd0042f0c3b606a6a8b92d49afb18ad6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe23:50:22.0046 2652 YahooAUService - ok23:50:22.0062 2652 ================ Scan global ===============================23:50:22.0125 2652 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll23:50:22.0156 2652 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll23:50:22.0187 2652 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll23:50:22.0203 2652 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe23:50:22.0203 2652 [Global] - ok23:50:22.0203 2652 ================ Scan MBR ==================================23:50:22.0218 2652 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR023:50:22.0437 2652 \Device\Harddisk0\DR0 - ok23:50:22.0437 2652 ================ Scan VBR ==================================23:50:22.0437 2652 Boot (0x1200) (78831b1a1d60568492f486d95533f529) \Device\Harddisk0\DR0\Partition123:50:22.0453 2652 \Device\Harddisk0\DR0\Partition1 - ok23:50:22.0453 2652 ============================================================23:50:22.0453 2652 Scan finished23:50:22.0453 2652 ============================================================23:50:22.0468 2644 Detected object count: 023:50:22.0468 2644 Actual detected object count: 0
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
I appreciate the log, but as you can see, the format is all whacked out which makes it extremely difficult for me to read properly. Would you mind attaching it?
 

·
Registered
Joined
·
40 Posts
Discussion Starter #15
Ried,

Will re run it when i get back from work. Only problem i had when i ran it was it didnt initially produce a log, i had to click on report which gave me the above txt. There was no option to save it in any way shape or form, hence me copying it!!

Will try again later and if i can save it i'll copy it to a notepad file and try attaching that.

CW
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Thank you, let's get started. :)

Download ComboFix from here


* IMPORTANT- Save ComboFix.exe directly to your Desktop or the command I'm going to give you will not work.

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Click Start>Run and copy/paste the following into the Run box and click OK:

ComboFix /nombr

Follow the prompts, but when asked to install Recovery Console, click No. The download packages from Microsoft are temporarily unavailable.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 

·
Registered
Joined
·
40 Posts
Discussion Starter #18
Ried, Downloaded ComboFix from the kink and saved to dektop but whne i copy the txt to the start / run and click OK i get the following message "Windows cannot find "combofix". make sure you typedthe name correctly. to search for a file click start button and then clic search".

Cheer

CW
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Try it this way: (be sure to include the initial quote mark)

"c:\documents and settings\all users\combofix.exe" /nombr
 
1 - 20 of 45 Posts
Status
Not open for further replies.
Top