Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I am infected


  • This topic is locked This topic is locked
27 replies to this topic

#1 TaylorUK

TaylorUK

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 05 December 2011 - 02:45 AM

Hello

So you have an idea of whats been happening, the rundown is as follows...

I installed Norton 360 the other day, and since have been suffering multiple system crashes, BSOD's, system not functioning, programs not working, high usage alerts on seemingly irrelevant files (windows installer, svchost.exe and a couple of others) and just generally presented with a sometimes unusable system. I visited the Norton forums to seek advice. From there, we have fully removed Norton, reinstalled, downloaded and run MBAM (which froze during a normal scan AND a scan in SafeMode), followed instructions to change program settings in Rapport, and nothing has changed. At all. The system is still running much slower, still crashing, had another BSOD late last night whilst Norton was performing background checks, and the general idea is that some nasty infection has managed to embed itself into my system.

So...upon the guys at Norton Community's recommendation, im told you guys can help! :) Any information you need, let me know what (and how! :P) to retrieve it, im fairly familiar with this sort of stuff, just not anywhere near the level you guys are!

Also, I dont know if its still as effective as it once was, but I've also run Security Task Manager, but nothing stood out as being malicious.

Thanking you in advance,

Chris Taylor


(Link to thread on Norton Community Forum http://community.norton.com/t5/Norton-360/Since-installing-360-multiple-crashes-bluescreens-had-NONE-of/td-p/601872 )

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,995 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:47 AM

Posted 05 December 2011 - 11:32 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 TaylorUK

TaylorUK
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 05 December 2011 - 12:12 PM

Thanks Orange Blossom

Log 1

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Cralice at 17:01:57 on 2011-12-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3563.1643 [GMT 0:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.khandro.net/animal_tiger.htm
uDefault_Page_URL = hxxp://packardbell.msn.com
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://packardbell.msn.com
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E0BCE7F2-A306-4F1B-88AF-8D0161C63369} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E0BCE7F2-A306-4F1B-88AF-8D0161C63369}\F42377962756C6563737731373432353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E0BCE7F2-A306-4F1B-88AF-8D0161C63369}\F42716E6765602D4F62696C6560275966496D23383 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E0BCE7F2-A306-4F1B-88AF-8D0161C63369}\F42716E6765602D4F62696C6560275966496D25673 : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cralice\AppData\Roaming\Mozilla\Firefox\Profiles\mpem1k78.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.khandro.net/animal_tiger.htm
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111123.001\BHDrvx64.sys [2011-11-23 1156216]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111202.001\IDSviA64.sys [2011-12-2 488568]
R1 RapportCerberus_32301;RapportCerberus_32301;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_32301.sys [2011-11-7 396944]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-7 55056]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-5-3 352848]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-7-21 873064]
R2 GREGService;GREGService;C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2011-1-18 39528]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-5-3 244624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-2 366152]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-12-4 130008]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [2011-3-9 257344]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\system32\drivers\b57xdbd.sys --> C:\Windows\system32\drivers\b57xdbd.sys [?]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\system32\drivers\b57xdmp.sys --> C:\Windows\system32\drivers\b57xdmp.sys [?]
R3 bScsiMSa;bScsiMSa;C:\Windows\system32\drivers\bScsiMSa.sys --> C:\Windows\system32\drivers\bScsiMSa.sys [?]
R3 bScsiSDa;bScsiSDa;C:\Windows\system32\DRIVERS\bScsiSDa.sys --> C:\Windows\system32\DRIVERS\bScsiSDa.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-4 138360]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-27 136176]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-27 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-7 61712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2011-12-05 07:31:44 -------- d-----w- C:\Users\Cralice\AppData\Local\{13222175-5758-4939-AC37-CA24D73B8C4C}
2011-12-05 07:31:32 -------- d-----w- C:\Users\Cralice\AppData\Local\{D499BD1E-248D-4172-BDDA-A136E0888BCE}
2011-12-04 21:09:27 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-04 20:59:57 -------- d-----r- C:\Program Files (x86)\Skype
2011-12-04 19:22:24 -------- d-----w- C:\Users\Cralice\AppData\Local\Mozilla
2011-12-04 17:58:18 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-12-04 16:44:12 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-12-04 16:44:01 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-12-04 16:44:01 -------- d-----w- C:\Program Files\Symantec
2011-12-04 16:44:01 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-12-04 16:43:41 912504 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\SymEFA64.sys
2011-12-04 16:43:41 744568 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\srtsp64.sys
2011-12-04 16:43:41 450680 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\SymDS64.sys
2011-12-04 16:43:41 40568 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\srtspx64.sys
2011-12-04 16:43:41 386168 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\symnets.sys
2011-12-04 16:43:41 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\Ironx64.sys
2011-12-04 16:43:22 -------- d-----w- C:\Windows\System32\drivers\N360x64\0501000.01D
2011-12-04 16:43:22 -------- d-----w- C:\Windows\System32\drivers\N360x64
2011-12-04 16:43:19 -------- d-----w- C:\Program Files (x86)\Norton 360
2011-12-04 16:43:08 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-12-04 15:02:06 -------- d-----w- C:\Users\Cralice\AppData\Local\{D3D4CE23-5317-4908-8636-8C6317782A7F}
2011-12-04 15:01:54 -------- d-----w- C:\Users\Cralice\AppData\Local\{2D5CFC3A-CDFB-427F-B026-B646AF286554}
2011-12-04 14:52:59 -------- d-----w- C:\Users\Cralice\AppData\Local\{E8CE1EE7-478D-46F0-9D22-1067BEF60929}
2011-12-04 14:52:47 -------- d-----w- C:\Users\Cralice\AppData\Local\{7DD9A953-26AA-41F4-8877-649478A6A135}
2011-12-04 14:47:15 -------- d-----w- C:\Users\Cralice\AppData\Local\{CEAEF0A2-CEA6-4102-9BB3-3577403AC668}
2011-12-03 22:50:43 -------- d-----w- C:\Users\Cralice\AppData\Local\{26508D2E-BF95-440F-A650-AFC3225AEDBD}
2011-12-03 22:50:30 -------- d-----w- C:\Users\Cralice\AppData\Local\{D5290BD8-C77A-4539-96BD-5BF9866780CD}
2011-12-03 09:59:51 -------- d-----w- C:\Users\Cralice\AppData\Local\{7F371650-1F7D-4E1A-BD2E-1B4066801664}
2011-12-02 21:57:44 -------- d-----w- C:\Users\Cralice\AppData\Local\{56A79693-3DB7-4C5B-AAE4-9A02B8032917}
2011-12-02 21:55:34 -------- d-----w- C:\Users\Cralice\AppData\Local\{04897244-944A-4094-976C-9A1E393E8C36}
2011-12-02 09:25:35 -------- d-----w- C:\Users\Cralice\AppData\Roaming\Malwarebytes
2011-12-02 09:25:27 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-02 09:25:23 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-02 09:25:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-02 08:42:28 -------- d-----w- C:\Users\Cralice\AppData\Local\{93DF05EE-2F0B-4680-8B32-2FE47CA6B481}
2011-12-01 20:42:11 -------- d-----w- C:\Users\Cralice\AppData\Local\{F5124BFF-2169-44C4-A17D-AD309C285846}
2011-12-01 08:35:58 -------- d-----w- C:\Users\Cralice\AppData\Local\{E99648D4-4532-4BDC-9CF0-8C39A5B3AD3B}
2011-12-01 08:35:33 -------- d-----w- C:\Users\Cralice\AppData\Local\{5E2CC179-4D37-4AA4-8B94-8D03D7B6BF7F}
2011-11-30 20:18:15 -------- d-----w- C:\Users\Cralice\AppData\Local\{5C6BD911-E29B-41E5-9027-850A504D63E5}
2011-11-30 08:15:41 -------- d-----w- C:\Users\Cralice\AppData\Local\{BDFFE319-3585-4DD4-9BAF-DE8EF2A93457}
2011-11-30 08:15:20 -------- d-----w- C:\Users\Cralice\AppData\Local\{03F63D76-EA3F-495F-B9AF-EE2B5F44B722}
2011-11-29 16:41:21 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-11-29 16:41:21 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-11-29 16:36:19 -------- d-----w- C:\ProgramData\PCSettings
2011-11-29 13:19:41 -------- d-----w- C:\Users\Cralice\AppData\Local\{40F159AC-B721-48D1-9ED0-02E3846B7C61}
2011-11-29 05:43:18 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E22C4020-91B4-4B66-9969-04A4F0ACEB52}\mpengine.dll
2011-11-28 13:02:45 -------- d-----w- C:\Users\Cralice\AppData\Local\{E4C5E09C-7CA7-490F-B610-A94672B7E988}
2011-11-28 10:24:14 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-11-28 01:00:21 -------- d-----w- C:\Users\Cralice\AppData\Local\{07FCC0F7-74A3-4AE0-9281-6B14BC287C48}
2011-11-27 07:27:27 -------- d-----w- C:\Users\Cralice\AppData\Local\{CA21187C-A5FD-40E3-BE07-B5FFD4ECCD27}
2011-11-26 19:04:07 -------- d-----w- C:\Users\Cralice\AppData\Local\{1DA66138-BDD8-4A55-ACF5-5DAB4DABEA55}
2011-11-26 07:01:59 -------- d-----w- C:\Users\Cralice\AppData\Local\{7306504B-38CC-4751-BFD0-66A8EE70AE27}
2011-11-26 07:01:39 -------- d-----w- C:\Users\Cralice\AppData\Local\{20D10872-D964-4489-958F-62A19C0F2303}
2011-11-25 13:23:33 -------- d-----w- C:\Users\Cralice\AppData\Local\{BA76DCD4-43A4-4159-9490-9931DF08FDCB}
2011-11-24 23:54:31 -------- d-----w- C:\Users\Cralice\AppData\Local\{682A49E6-2264-475D-8744-B44D1E4B5C5D}
2011-11-24 11:50:29 -------- d-----w- C:\Users\Cralice\AppData\Local\{AD7A4CC8-4820-48E6-AF9D-35F4FE14C718}
2011-11-23 23:14:27 -------- d-----w- C:\Users\Cralice\AppData\Local\{7C1F861F-1C6F-4603-9742-D1264E4C33E8}
2011-11-23 10:33:39 -------- d-----w- C:\Users\Cralice\AppData\Local\{2127FF41-7A30-4F2B-BB01-C5938618862D}
2011-11-22 21:19:52 -------- d-----w- C:\Users\Cralice\AppData\Local\{059C9F10-0A67-484A-9348-57A83F2FDA2A}
2011-11-22 18:02:24 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2011-11-22 18:02:24 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\1_hpzppw71.dll
2011-11-22 08:57:06 -------- d-----w- C:\Users\Cralice\AppData\Local\{D46B9068-AF19-402F-B244-074EE60FFF50}
2011-11-21 20:55:01 -------- d-----w- C:\Users\Cralice\AppData\Local\{96192C17-2331-4ACD-BD8B-A3F071BA3941}
2011-11-21 07:35:50 -------- d-----w- C:\Users\Cralice\AppData\Local\{D6A2C938-6447-4EEF-A17A-8B1DC58D99F0}
2011-11-20 19:33:33 -------- d-----w- C:\Users\Cralice\AppData\Local\{1EDCFD0F-339F-4ECC-ADB9-96254D4E31ED}
2011-11-20 07:29:19 -------- d-----w- C:\Users\Cralice\AppData\Local\{3E596730-BFF7-491D-9DB0-08C6CE0933D1}
2011-11-19 17:04:08 -------- d-----w- C:\Users\Cralice\AppData\Local\{2A6F48CC-3BC1-4B46-9ED9-0887FEC75464}
2011-11-18 09:18:14 -------- d-----w- C:\Users\Cralice\AppData\Local\{AD5B831B-DFC9-40B4-A4F1-DB66694FE072}
2011-11-17 21:16:07 -------- d-----w- C:\Users\Cralice\AppData\Local\{23DAB430-82F3-44A9-8564-D361352B42EA}
2011-11-17 09:13:45 -------- d-----w- C:\Users\Cralice\AppData\Local\{8F601DA0-B0C3-4104-83F1-43CFC2CAB945}
2011-11-17 09:13:18 -------- d-----w- C:\Users\Cralice\AppData\Local\{C667D653-BAC5-4723-B13B-E53F328A10D6}
2011-11-15 08:29:32 -------- d-----w- C:\Users\Cralice\AppData\Local\{E104F411-02AB-411D-92C5-A284B92DAD22}
2011-11-15 08:29:21 -------- d-----w- C:\Users\Cralice\AppData\Local\{79E98052-038E-4669-AD5D-2593BC08B01F}
2011-11-12 09:40:10 -------- d-----w- C:\Users\Cralice\AppData\Local\{E2524F94-923C-4ABB-B9AB-D41CAEE9F187}
2011-11-11 20:56:05 -------- d-----w- C:\Users\Cralice\AppData\Local\{EBB4520B-AB0B-4684-9D26-1D85AEA7214A}
2011-11-11 20:55:43 -------- d-----w- C:\Users\Cralice\AppData\Local\{6D74CA9E-C125-4183-879C-DC79A565B483}
2011-11-11 08:53:50 -------- d-----w- C:\Users\Cralice\AppData\Local\{A704B86D-E427-4967-BC27-CAD19C5BFFB6}
2011-11-10 20:35:21 -------- d-----w- C:\Users\Cralice\AppData\Local\{F6E40C3D-913D-4AC8-8D14-EBBEA8EE0876}
2011-11-10 20:34:58 -------- d-----w- C:\Users\Cralice\AppData\Local\{4D2F9DF6-A88A-4153-AE74-37B73594376F}
2011-11-10 12:57:37 -------- d-----w- C:\Users\Cralice\AppData\Local\Microsoft Help
2011-11-10 08:32:49 -------- d-----w- C:\Users\Cralice\AppData\Local\{EBD5BADC-3B53-480C-96D3-A8B5605B01F3}
2011-11-09 20:54:48 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 20:54:48 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 20:54:46 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 20:54:44 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-09 11:55:18 -------- d-----w- C:\Users\Cralice\AppData\Local\{B1A73CC3-4717-4159-A4D1-CE2E88808C7A}
2011-11-08 23:53:10 -------- d-----w- C:\Users\Cralice\AppData\Local\{51A5BA80-A12C-435D-BC67-B9EDB2B918C3}
.
==================== Find3M ====================
.
2011-11-17 09:13:38 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-07 21:28:40 63760 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
.
============= FINISH: 17:03:05.09 ===============


Cannot create a GMER log due to running 64bit Windows 7


Thanks guys

Attached Files



#4 TaylorUK

TaylorUK
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 07 December 2011 - 01:37 AM

Just a quick follow up, more BSOD's, plus MBAM keeps coming up with the following error... [OpenEvent] Failed to perform desired action. Error Code: 2.

#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 10 December 2011 - 02:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430836 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 TaylorUK

TaylorUK
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 10 December 2011 - 05:00 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Cralice at 9:56:16 on 2011-12-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3563.2000 [GMT 0:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.khandro.net/animal_tiger.htm
uDefault_Page_URL = hxxp://packardbell.msn.com
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://packardbell.msn.com
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E0BCE7F2-A306-4F1B-88AF-8D0161C63369} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E0BCE7F2-A306-4F1B-88AF-8D0161C63369}\F42377962756C6563737731373432353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E0BCE7F2-A306-4F1B-88AF-8D0161C63369}\F42716E6765602D4F62696C6560275966496D23383 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E0BCE7F2-A306-4F1B-88AF-8D0161C63369}\F42716E6765602D4F62696C6560275966496D25673 : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cralice\AppData\Roaming\Mozilla\Firefox\Profiles\mpem1k78.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.khandro.net/animal_tiger.htm
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111123.001\BHDrvx64.sys [2011-11-23 1156216]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111208.001\IDSviA64.sys [2011-12-9 488568]
R1 RapportCerberus_32301;RapportCerberus_32301;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_32301.sys [2011-11-7 396944]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-7 55056]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-5-3 352848]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-7-21 873064]
R2 GREGService;GREGService;C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2011-1-18 39528]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-5-3 244624]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-12-4 130008]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [2011-3-9 257344]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\system32\drivers\b57xdbd.sys --> C:\Windows\system32\drivers\b57xdbd.sys [?]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\system32\drivers\b57xdmp.sys --> C:\Windows\system32\drivers\b57xdmp.sys [?]
R3 bScsiMSa;bScsiMSa;C:\Windows\system32\drivers\bScsiMSa.sys --> C:\Windows\system32\drivers\bScsiMSa.sys [?]
R3 bScsiSDa;bScsiSDa;C:\Windows\system32\DRIVERS\bScsiSDa.sys --> C:\Windows\system32\DRIVERS\bScsiSDa.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-4 138360]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-27 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-2 366152]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-27 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-7 61712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2011-12-10 09:44:56 -------- d-----w- C:\Users\Cralice\AppData\Local\{F564422F-FC87-4E61-B65C-2BA641332320}
2011-12-10 09:44:45 -------- d-----w- C:\Users\Cralice\AppData\Local\{F7E0B382-7594-44B9-9C97-7DC6C314227E}
2011-12-08 21:01:43 -------- d-----w- C:\Users\Cralice\AppData\Local\{307CD7BF-7A1E-4F8D-971A-DF3795C2BD26}
2011-12-08 06:54:25 -------- d-----w- C:\Users\Cralice\AppData\Local\{C04FD487-CB2B-49C7-82A1-5B7B0A6B1F30}
2011-12-07 17:48:26 -------- d-----w- C:\Users\Cralice\AppData\Local\{76964BAA-EE4F-4BD9-996E-AF481B14CDA4}
2011-12-07 17:48:12 -------- d-----w- C:\Users\Cralice\AppData\Local\{7D8DA082-E4A3-4BB4-BE41-9771A33E4EDC}
2011-12-06 21:36:43 -------- d-----w- C:\Users\Cralice\AppData\Local\{4A7436A0-45C8-479A-80E9-503E0B33E24E}
2011-12-06 21:36:21 -------- d-----w- C:\Users\Cralice\AppData\Local\{196956A3-1B38-4C95-81B5-FAE2F6BF6B92}
2011-12-06 09:31:55 -------- d-----w- C:\Users\Cralice\AppData\Local\{9B116FDF-DF13-4E93-BB89-931FFA50462D}
2011-12-06 09:31:44 -------- d-----w- C:\Users\Cralice\AppData\Local\{B0FDA40F-9A8D-4ACB-9137-B43BA6FCBB2F}
2011-12-05 19:36:33 -------- d-----w- C:\Users\Cralice\AppData\Local\{F1E13A21-2672-44DA-8A2F-AE5FFF0B768F}
2011-12-05 19:36:21 -------- d-----w- C:\Users\Cralice\AppData\Local\{A9EDAD1E-3041-43B4-A153-1FE8AD563E93}
2011-12-05 07:31:44 -------- d-----w- C:\Users\Cralice\AppData\Local\{13222175-5758-4939-AC37-CA24D73B8C4C}
2011-12-05 07:31:32 -------- d-----w- C:\Users\Cralice\AppData\Local\{D499BD1E-248D-4172-BDDA-A136E0888BCE}
2011-12-04 21:09:27 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-04 20:59:57 -------- d-----r- C:\Program Files (x86)\Skype
2011-12-04 19:22:24 -------- d-----w- C:\Users\Cralice\AppData\Local\Mozilla
2011-12-04 17:58:18 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-12-04 16:44:12 34288 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-12-04 16:44:01 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-12-04 16:44:01 -------- d-----w- C:\Program Files\Symantec
2011-12-04 16:44:01 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-12-04 16:43:41 912504 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\SymEFA64.sys
2011-12-04 16:43:41 744568 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\srtsp64.sys
2011-12-04 16:43:41 450680 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\SymDS64.sys
2011-12-04 16:43:41 40568 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\srtspx64.sys
2011-12-04 16:43:41 386168 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\symnets.sys
2011-12-04 16:43:41 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\Ironx64.sys
2011-12-04 16:43:22 -------- d-----w- C:\Windows\System32\drivers\N360x64\0501000.01D
2011-12-04 16:43:22 -------- d-----w- C:\Windows\System32\drivers\N360x64
2011-12-04 16:43:19 -------- d-----w- C:\Program Files (x86)\Norton 360
2011-12-04 16:43:08 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-12-04 15:02:06 -------- d-----w- C:\Users\Cralice\AppData\Local\{D3D4CE23-5317-4908-8636-8C6317782A7F}
2011-12-04 15:01:54 -------- d-----w- C:\Users\Cralice\AppData\Local\{2D5CFC3A-CDFB-427F-B026-B646AF286554}
2011-12-04 14:52:59 -------- d-----w- C:\Users\Cralice\AppData\Local\{E8CE1EE7-478D-46F0-9D22-1067BEF60929}
2011-12-04 14:52:47 -------- d-----w- C:\Users\Cralice\AppData\Local\{7DD9A953-26AA-41F4-8877-649478A6A135}
2011-12-04 14:47:15 -------- d-----w- C:\Users\Cralice\AppData\Local\{CEAEF0A2-CEA6-4102-9BB3-3577403AC668}
2011-12-03 22:50:43 -------- d-----w- C:\Users\Cralice\AppData\Local\{26508D2E-BF95-440F-A650-AFC3225AEDBD}
2011-12-03 22:50:30 -------- d-----w- C:\Users\Cralice\AppData\Local\{D5290BD8-C77A-4539-96BD-5BF9866780CD}
2011-12-03 09:59:51 -------- d-----w- C:\Users\Cralice\AppData\Local\{7F371650-1F7D-4E1A-BD2E-1B4066801664}
2011-12-02 21:57:44 -------- d-----w- C:\Users\Cralice\AppData\Local\{56A79693-3DB7-4C5B-AAE4-9A02B8032917}
2011-12-02 21:55:34 -------- d-----w- C:\Users\Cralice\AppData\Local\{04897244-944A-4094-976C-9A1E393E8C36}
2011-12-02 09:25:35 -------- d-----w- C:\Users\Cralice\AppData\Roaming\Malwarebytes
2011-12-02 09:25:27 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-02 09:25:23 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-02 09:25:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-02 08:42:28 -------- d-----w- C:\Users\Cralice\AppData\Local\{93DF05EE-2F0B-4680-8B32-2FE47CA6B481}
2011-12-01 20:42:11 -------- d-----w- C:\Users\Cralice\AppData\Local\{F5124BFF-2169-44C4-A17D-AD309C285846}
2011-12-01 08:35:58 -------- d-----w- C:\Users\Cralice\AppData\Local\{E99648D4-4532-4BDC-9CF0-8C39A5B3AD3B}
2011-12-01 08:35:33 -------- d-----w- C:\Users\Cralice\AppData\Local\{5E2CC179-4D37-4AA4-8B94-8D03D7B6BF7F}
2011-11-30 20:18:15 -------- d-----w- C:\Users\Cralice\AppData\Local\{5C6BD911-E29B-41E5-9027-850A504D63E5}
2011-11-30 08:15:41 -------- d-----w- C:\Users\Cralice\AppData\Local\{BDFFE319-3585-4DD4-9BAF-DE8EF2A93457}
2011-11-30 08:15:20 -------- d-----w- C:\Users\Cralice\AppData\Local\{03F63D76-EA3F-495F-B9AF-EE2B5F44B722}
2011-11-29 16:41:21 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-11-29 16:41:21 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-11-29 16:36:19 -------- d-----w- C:\ProgramData\PCSettings
2011-11-29 13:19:41 -------- d-----w- C:\Users\Cralice\AppData\Local\{40F159AC-B721-48D1-9ED0-02E3846B7C61}
2011-11-29 05:43:18 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E22C4020-91B4-4B66-9969-04A4F0ACEB52}\mpengine.dll
2011-11-28 13:02:45 -------- d-----w- C:\Users\Cralice\AppData\Local\{E4C5E09C-7CA7-490F-B610-A94672B7E988}
2011-11-28 10:24:14 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-11-28 01:00:21 -------- d-----w- C:\Users\Cralice\AppData\Local\{07FCC0F7-74A3-4AE0-9281-6B14BC287C48}
2011-11-27 07:27:27 -------- d-----w- C:\Users\Cralice\AppData\Local\{CA21187C-A5FD-40E3-BE07-B5FFD4ECCD27}
2011-11-26 19:04:07 -------- d-----w- C:\Users\Cralice\AppData\Local\{1DA66138-BDD8-4A55-ACF5-5DAB4DABEA55}
2011-11-26 07:01:59 -------- d-----w- C:\Users\Cralice\AppData\Local\{7306504B-38CC-4751-BFD0-66A8EE70AE27}
2011-11-26 07:01:39 -------- d-----w- C:\Users\Cralice\AppData\Local\{20D10872-D964-4489-958F-62A19C0F2303}
2011-11-25 13:23:33 -------- d-----w- C:\Users\Cralice\AppData\Local\{BA76DCD4-43A4-4159-9490-9931DF08FDCB}
2011-11-24 23:54:31 -------- d-----w- C:\Users\Cralice\AppData\Local\{682A49E6-2264-475D-8744-B44D1E4B5C5D}
2011-11-24 11:50:29 -------- d-----w- C:\Users\Cralice\AppData\Local\{AD7A4CC8-4820-48E6-AF9D-35F4FE14C718}
2011-11-23 23:14:27 -------- d-----w- C:\Users\Cralice\AppData\Local\{7C1F861F-1C6F-4603-9742-D1264E4C33E8}
2011-11-23 10:33:39 -------- d-----w- C:\Users\Cralice\AppData\Local\{2127FF41-7A30-4F2B-BB01-C5938618862D}
2011-11-22 21:19:52 -------- d-----w- C:\Users\Cralice\AppData\Local\{059C9F10-0A67-484A-9348-57A83F2FDA2A}
2011-11-22 18:02:24 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2011-11-22 18:02:24 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\1_hpzppw71.dll
2011-11-22 08:57:06 -------- d-----w- C:\Users\Cralice\AppData\Local\{D46B9068-AF19-402F-B244-074EE60FFF50}
2011-11-21 20:55:01 -------- d-----w- C:\Users\Cralice\AppData\Local\{96192C17-2331-4ACD-BD8B-A3F071BA3941}
2011-11-21 07:35:50 -------- d-----w- C:\Users\Cralice\AppData\Local\{D6A2C938-6447-4EEF-A17A-8B1DC58D99F0}
2011-11-20 19:33:33 -------- d-----w- C:\Users\Cralice\AppData\Local\{1EDCFD0F-339F-4ECC-ADB9-96254D4E31ED}
2011-11-20 07:29:19 -------- d-----w- C:\Users\Cralice\AppData\Local\{3E596730-BFF7-491D-9DB0-08C6CE0933D1}
2011-11-19 17:04:08 -------- d-----w- C:\Users\Cralice\AppData\Local\{2A6F48CC-3BC1-4B46-9ED9-0887FEC75464}
2011-11-18 09:18:14 -------- d-----w- C:\Users\Cralice\AppData\Local\{AD5B831B-DFC9-40B4-A4F1-DB66694FE072}
2011-11-17 21:16:07 -------- d-----w- C:\Users\Cralice\AppData\Local\{23DAB430-82F3-44A9-8564-D361352B42EA}
2011-11-17 09:13:45 -------- d-----w- C:\Users\Cralice\AppData\Local\{8F601DA0-B0C3-4104-83F1-43CFC2CAB945}
2011-11-17 09:13:18 -------- d-----w- C:\Users\Cralice\AppData\Local\{C667D653-BAC5-4723-B13B-E53F328A10D6}
2011-11-15 08:29:32 -------- d-----w- C:\Users\Cralice\AppData\Local\{E104F411-02AB-411D-92C5-A284B92DAD22}
2011-11-15 08:29:21 -------- d-----w- C:\Users\Cralice\AppData\Local\{79E98052-038E-4669-AD5D-2593BC08B01F}
2011-11-12 09:40:10 -------- d-----w- C:\Users\Cralice\AppData\Local\{E2524F94-923C-4ABB-B9AB-D41CAEE9F187}
2011-11-11 20:56:05 -------- d-----w- C:\Users\Cralice\AppData\Local\{EBB4520B-AB0B-4684-9D26-1D85AEA7214A}
2011-11-11 20:55:43 -------- d-----w- C:\Users\Cralice\AppData\Local\{6D74CA9E-C125-4183-879C-DC79A565B483}
2011-11-11 08:53:50 -------- d-----w- C:\Users\Cralice\AppData\Local\{A704B86D-E427-4967-BC27-CAD19C5BFFB6}
2011-11-10 20:35:21 -------- d-----w- C:\Users\Cralice\AppData\Local\{F6E40C3D-913D-4AC8-8D14-EBBEA8EE0876}
2011-11-10 20:34:58 -------- d-----w- C:\Users\Cralice\AppData\Local\{4D2F9DF6-A88A-4153-AE74-37B73594376F}
2011-11-10 12:57:37 -------- d-----w- C:\Users\Cralice\AppData\Local\Microsoft Help
.
==================== Find3M ====================
.
2011-11-17 09:13:38 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-07 21:28:40 63760 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 9:57:44.27 ===============

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 AM

Posted 11 December 2011 - 09:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers, and all other programs working. Make sure you save your file if working on a document.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#8 TaylorUK

TaylorUK
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 12 December 2011 - 07:50 AM

Hi Nasdaq.

Followed the instructions to disable Norton 360, ComboFix said it was still running, I checked over and over again to ensure I had followed the instructions right and ended up proceeding anyway. Have run it a number of times since yesterday and it keeps...stalling after stage 4. It just seems to sit and do nothing. I noticed the test says it should take 10mins, but this time can easily double for a badly infected machine, I have left it for durations of up to an hour, disabled all screensavers etc incase they were interfering, and was wondering if I should just keep waiting or ask as to whether I am missing something?

Kind Regards,

Chris Taylor

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 AM

Posted 13 December 2011 - 09:50 AM

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

#10 TaylorUK

TaylorUK
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 14 December 2011 - 04:43 AM

'Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) '

It downloaded at over 3 times the size specified... 1.82mb...is this right?

#11 TaylorUK

TaylorUK
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 14 December 2011 - 06:21 AM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-14 11:13:54
-----------------------------
11:13:54.132 OS Version: Windows x64 6.1.7601 Service Pack 1
11:13:54.132 Number of processors: 2 586 0x100
11:13:54.132 ComputerName: CRALICE-PC UserName: Cralice
11:13:56.004 Initialize success
11:14:05.356 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:14:05.356 Disk 0 Vendor: TOSHIBA_MK3259GSXP GN003J Size: 305245MB BusType: 11
11:14:07.431 Disk 0 MBR read successfully
11:14:07.431 Disk 0 MBR scan
11:14:07.447 Disk 0 Windows 7 default MBR code
11:14:07.447 Service scanning
11:14:08.726 Modules scanning
11:14:08.726 Disk 0 trace - called modules:
11:14:08.757 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:14:08.773 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045ce250]
11:14:08.773 3 CLASSPNP.SYS[fffff88001bb243f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80040fa1f0]
11:14:08.788 Scan finished successfully
11:14:21.674 Disk 0 MBR has been saved successfully to "C:\Users\Cralice\Desktop\MBR.dat"
11:14:21.689 The log file has been saved successfully to "C:\Users\Cralice\Desktop\aswMBR.txt"




11:16:51.0736 6064 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
11:16:53.0748 6064 ============================================================
11:16:53.0748 6064 Current date / time: 2011/12/14 11:16:53.0748
11:16:53.0748 6064 SystemInfo:
11:16:53.0748 6064
11:16:53.0748 6064 OS Version: 6.1.7601 ServicePack: 1.0
11:16:53.0748 6064 Product type: Workstation
11:16:53.0748 6064 ComputerName: CRALICE-PC
11:16:53.0748 6064 UserName: Cralice
11:16:53.0748 6064 Windows directory: C:\Windows
11:16:53.0748 6064 System windows directory: C:\Windows
11:16:53.0748 6064 Running under WOW64
11:16:53.0748 6064 Processor architecture: Intel x64
11:16:53.0748 6064 Number of processors: 2
11:16:53.0748 6064 Page size: 0x1000
11:16:53.0748 6064 Boot type: Normal boot
11:16:53.0748 6064 ============================================================
11:16:55.0355 6064 Initialize success
11:16:57.0149 4984 ============================================================
11:16:57.0149 4984 Scan started
11:16:57.0149 4984 Mode: Manual;
11:16:57.0149 4984 ============================================================
11:16:58.0210 4984 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:16:58.0210 4984 1394ohci - ok
11:16:58.0335 4984 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:16:58.0335 4984 ACPI - ok
11:16:58.0444 4984 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:16:58.0444 4984 AcpiPmi - ok
11:16:58.0584 4984 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:16:58.0584 4984 adp94xx - ok
11:16:58.0709 4984 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:16:58.0709 4984 adpahci - ok
11:16:58.0834 4984 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:16:58.0834 4984 adpu320 - ok
11:16:58.0959 4984 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:16:58.0974 4984 AFD - ok
11:16:59.0084 4984 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:16:59.0084 4984 agp440 - ok
11:16:59.0193 4984 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:16:59.0193 4984 aliide - ok
11:16:59.0302 4984 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:16:59.0318 4984 amdide - ok
11:16:59.0427 4984 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:16:59.0427 4984 AmdK8 - ok
11:16:59.0723 4984 amdkmdag (f99dfeb934c18fcf96cd589e6681629c) C:\Windows\system32\DRIVERS\atikmdag.sys
11:16:59.0770 4984 amdkmdag - ok
11:16:59.0895 4984 amdkmdap (2d964e526cd067d5aafd46bfd19b3749) C:\Windows\system32\DRIVERS\atikmpag.sys
11:16:59.0895 4984 amdkmdap - ok
11:17:00.0004 4984 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:17:00.0004 4984 AmdPPM - ok
11:17:00.0098 4984 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:17:00.0098 4984 amdsata - ok
11:17:00.0222 4984 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:17:00.0222 4984 amdsbs - ok
11:17:00.0363 4984 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:17:00.0363 4984 amdxata - ok
11:17:00.0472 4984 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:17:00.0472 4984 AppID - ok
11:17:00.0628 4984 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:17:00.0628 4984 arc - ok
11:17:00.0753 4984 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:17:00.0753 4984 arcsas - ok
11:17:00.0893 4984 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:17:00.0893 4984 AsyncMac - ok
11:17:00.0924 4984 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:17:00.0924 4984 atapi - ok
11:17:01.0065 4984 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
11:17:01.0065 4984 AtiHDAudioService - ok
11:17:01.0127 4984 atillk64 - ok
11:17:01.0268 4984 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:17:01.0268 4984 b06bdrv - ok
11:17:01.0377 4984 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:17:01.0377 4984 b57nd60a - ok
11:17:01.0486 4984 b57xdbd (a424cb46a145e5aabf15621550976df2) C:\Windows\system32\drivers\b57xdbd.sys
11:17:01.0486 4984 b57xdbd - ok
11:17:01.0595 4984 b57xdmp (be4e6fd5a898812b85d5817ad9754a9f) C:\Windows\system32\drivers\b57xdmp.sys
11:17:01.0611 4984 b57xdmp - ok
11:17:01.0720 4984 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:17:01.0720 4984 Beep - ok
11:17:01.0923 4984 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111123.001\BHDrvx64.sys
11:17:01.0923 4984 BHDrvx64 - ok
11:17:02.0048 4984 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
11:17:02.0048 4984 blbdrive - ok
11:17:02.0157 4984 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:17:02.0157 4984 bowser - ok
11:17:02.0266 4984 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:17:02.0266 4984 BrFiltLo - ok
11:17:02.0375 4984 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:17:02.0375 4984 BrFiltUp - ok
11:17:02.0469 4984 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:17:02.0469 4984 Brserid - ok
11:17:02.0562 4984 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:17:02.0578 4984 BrSerWdm - ok
11:17:02.0672 4984 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:17:02.0687 4984 BrUsbMdm - ok
11:17:02.0781 4984 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:17:02.0781 4984 BrUsbSer - ok
11:17:02.0906 4984 bScsiMSa (413dd8ab0bb30b9c4f5e6a34977a1c34) C:\Windows\system32\drivers\bScsiMSa.sys
11:17:02.0906 4984 bScsiMSa - ok
11:17:03.0046 4984 bScsiSDa (9f880f03f4a72215c8b77fd51322c297) C:\Windows\system32\DRIVERS\bScsiSDa.sys
11:17:03.0046 4984 bScsiSDa - ok
11:17:03.0155 4984 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
11:17:03.0155 4984 BthEnum - ok
11:17:03.0249 4984 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:17:03.0264 4984 BTHMODEM - ok
11:17:03.0389 4984 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:17:03.0389 4984 BthPan - ok
11:17:03.0514 4984 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
11:17:03.0514 4984 BTHPORT - ok
11:17:03.0623 4984 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
11:17:03.0639 4984 BTHUSB - ok
11:17:03.0732 4984 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:17:03.0732 4984 cdfs - ok
11:17:03.0842 4984 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:17:03.0857 4984 cdrom - ok
11:17:03.0966 4984 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:17:03.0966 4984 circlass - ok
11:17:04.0060 4984 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:17:04.0060 4984 CLFS - ok
11:17:04.0185 4984 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
11:17:04.0185 4984 CmBatt - ok
11:17:04.0294 4984 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:17:04.0294 4984 cmdide - ok
11:17:04.0419 4984 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
11:17:04.0419 4984 CNG - ok
11:17:04.0528 4984 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
11:17:04.0528 4984 Compbatt - ok
11:17:04.0653 4984 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:17:04.0653 4984 CompositeBus - ok
11:17:04.0778 4984 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:17:04.0778 4984 crcdisk - ok
11:17:04.0934 4984 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:17:04.0934 4984 DfsC - ok
11:17:05.0027 4984 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:17:05.0027 4984 discache - ok
11:17:05.0121 4984 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:17:05.0121 4984 Disk - ok
11:17:05.0230 4984 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:17:05.0230 4984 drmkaud - ok
11:17:05.0386 4984 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:17:05.0386 4984 DXGKrnl - ok
11:17:05.0573 4984 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:17:05.0604 4984 ebdrv - ok
11:17:05.0698 4984 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:17:05.0698 4984 eeCtrl - ok
11:17:05.0870 4984 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:17:05.0885 4984 elxstor - ok
11:17:05.0994 4984 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:17:05.0994 4984 EraserUtilRebootDrv - ok
11:17:06.0072 4984 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:17:06.0088 4984 ErrDev - ok
11:17:06.0197 4984 ETD (9d8739a2a2173c9d27c499a3fc6eda3f) C:\Windows\system32\DRIVERS\ETD.sys
11:17:06.0197 4984 ETD - ok
11:17:06.0306 4984 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:17:06.0306 4984 exfat - ok
11:17:06.0416 4984 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:17:06.0416 4984 fastfat - ok
11:17:06.0540 4984 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:17:06.0540 4984 fdc - ok
11:17:06.0665 4984 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:17:06.0665 4984 FileInfo - ok
11:17:06.0774 4984 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:17:06.0774 4984 Filetrace - ok
11:17:06.0868 4984 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:17:06.0884 4984 flpydisk - ok
11:17:07.0008 4984 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:17:07.0008 4984 FltMgr - ok
11:17:07.0164 4984 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:17:07.0164 4984 FsDepends - ok
11:17:07.0336 4984 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:17:07.0336 4984 Fs_Rec - ok
11:17:07.0492 4984 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:17:07.0492 4984 fvevol - ok
11:17:07.0601 4984 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:17:07.0601 4984 gagp30kx - ok
11:17:07.0742 4984 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:17:07.0742 4984 GEARAspiWDM - ok
11:17:07.0898 4984 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:17:07.0898 4984 hcw85cir - ok
11:17:08.0007 4984 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:17:08.0007 4984 HdAudAddService - ok
11:17:08.0116 4984 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:17:08.0116 4984 HDAudBus - ok
11:17:08.0241 4984 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:17:08.0241 4984 HidBatt - ok
11:17:08.0350 4984 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:17:08.0366 4984 HidBth - ok
11:17:08.0553 4984 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:17:08.0553 4984 HidIr - ok
11:17:08.0724 4984 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:17:08.0724 4984 HidUsb - ok
11:17:08.0896 4984 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:17:08.0896 4984 HpSAMD - ok
11:17:09.0021 4984 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:17:09.0021 4984 HTTP - ok
11:17:09.0114 4984 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:17:09.0114 4984 hwpolicy - ok
11:17:09.0239 4984 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:17:09.0239 4984 i8042prt - ok
11:17:09.0348 4984 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:17:09.0364 4984 iaStorV - ok
11:17:09.0536 4984 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111212.002\IDSvia64.sys
11:17:09.0551 4984 IDSVia64 - ok
11:17:09.0629 4984 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:17:09.0629 4984 iirsp - ok
11:17:09.0801 4984 IntcAzAudAddService (88798b4381fd58fae2da07880c177c5c) C:\Windows\system32\drivers\RTKVHD64.sys
11:17:09.0832 4984 IntcAzAudAddService - ok
11:17:09.0910 4984 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:17:09.0926 4984 intelide - ok
11:17:10.0019 4984 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
11:17:10.0019 4984 intelppm - ok
11:17:10.0128 4984 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:17:10.0128 4984 IpFilterDriver - ok
11:17:10.0238 4984 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:17:10.0253 4984 IPMIDRV - ok
11:17:10.0347 4984 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:17:10.0347 4984 IPNAT - ok
11:17:10.0472 4984 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:17:10.0472 4984 IRENUM - ok
11:17:10.0565 4984 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:17:10.0565 4984 isapnp - ok
11:17:10.0659 4984 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:17:10.0659 4984 iScsiPrt - ok
11:17:10.0784 4984 k57nd60a (0469bff65bbdee9e46d0c45ee32a08bd) C:\Windows\system32\DRIVERS\k57nd60a.sys
11:17:10.0784 4984 k57nd60a - ok
11:17:10.0908 4984 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:17:10.0908 4984 kbdclass - ok
11:17:11.0018 4984 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:17:11.0018 4984 kbdhid - ok
11:17:11.0127 4984 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
11:17:11.0127 4984 KSecDD - ok
11:17:11.0220 4984 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
11:17:11.0236 4984 KSecPkg - ok
11:17:11.0345 4984 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:17:11.0345 4984 ksthunk - ok
11:17:11.0486 4984 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:17:11.0486 4984 lltdio - ok
11:17:11.0657 4984 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:17:11.0657 4984 LSI_FC - ok
11:17:11.0766 4984 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:17:11.0766 4984 LSI_SAS - ok
11:17:11.0907 4984 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:17:11.0907 4984 LSI_SAS2 - ok
11:17:12.0219 4984 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:17:12.0219 4984 LSI_SCSI - ok
11:17:12.0328 4984 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:17:12.0328 4984 luafv - ok
11:17:12.0702 4984 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
11:17:12.0702 4984 MBAMProtector - ok
11:17:12.0827 4984 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:17:12.0827 4984 megasas - ok
11:17:12.0921 4984 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:17:12.0921 4984 MegaSR - ok
11:17:12.0952 4984 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:17:12.0968 4984 Modem - ok
11:17:13.0061 4984 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:17:13.0077 4984 monitor - ok
11:17:13.0186 4984 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:17:13.0186 4984 mouclass - ok
11:17:13.0311 4984 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:17:13.0311 4984 mouhid - ok
11:17:13.0404 4984 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:17:13.0404 4984 mountmgr - ok
11:17:13.0498 4984 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:17:13.0498 4984 mpio - ok
11:17:13.0529 4984 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:17:13.0529 4984 mpsdrv - ok
11:17:13.0623 4984 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:17:13.0623 4984 MRxDAV - ok
11:17:13.0716 4984 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:17:13.0732 4984 mrxsmb - ok
11:17:13.0826 4984 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:17:13.0826 4984 mrxsmb10 - ok
11:17:13.0919 4984 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:17:13.0919 4984 mrxsmb20 - ok
11:17:14.0028 4984 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:17:14.0028 4984 msahci - ok
11:17:14.0122 4984 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:17:14.0138 4984 msdsm - ok
11:17:14.0247 4984 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:17:14.0247 4984 Msfs - ok
11:17:14.0356 4984 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:17:14.0356 4984 mshidkmdf - ok
11:17:14.0387 4984 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:17:14.0387 4984 msisadrv - ok
11:17:14.0481 4984 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:17:14.0481 4984 MSKSSRV - ok
11:17:14.0512 4984 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:17:14.0512 4984 MSPCLOCK - ok
11:17:14.0606 4984 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:17:14.0606 4984 MSPQM - ok
11:17:14.0637 4984 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:17:14.0637 4984 MsRPC - ok
11:17:14.0715 4984 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:17:14.0715 4984 mssmbios - ok
11:17:14.0746 4984 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:17:14.0746 4984 MSTEE - ok
11:17:14.0824 4984 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:17:14.0824 4984 MTConfig - ok
11:17:14.0855 4984 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:17:14.0855 4984 Mup - ok
11:17:14.0980 4984 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:17:14.0980 4984 NativeWifiP - ok
11:17:15.0152 4984 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111213.020\ENG64.SYS
11:17:15.0152 4984 NAVENG - ok
11:17:15.0323 4984 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111213.020\EX64.SYS
11:17:15.0339 4984 NAVEX15 - ok
11:17:15.0479 4984 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
11:17:15.0495 4984 NDIS - ok
11:17:15.0588 4984 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:17:15.0588 4984 NdisCap - ok
11:17:15.0698 4984 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:17:15.0698 4984 NdisTapi - ok
11:17:15.0807 4984 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:17:15.0807 4984 Ndisuio - ok
11:17:15.0885 4984 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:17:15.0900 4984 NdisWan - ok
11:17:15.0916 4984 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:17:15.0916 4984 NDProxy - ok
11:17:16.0010 4984 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:17:16.0010 4984 NetBIOS - ok
11:17:16.0041 4984 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:17:16.0041 4984 NetBT - ok
11:17:16.0181 4984 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:17:16.0181 4984 nfrd960 - ok
11:17:16.0290 4984 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:17:16.0290 4984 Npfs - ok
11:17:16.0353 4984 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:17:16.0353 4984 nsiproxy - ok
11:17:16.0446 4984 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:17:16.0462 4984 Ntfs - ok
11:17:16.0556 4984 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
11:17:16.0556 4984 NTIDrvr - ok
11:17:16.0649 4984 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:17:16.0649 4984 Null - ok
11:17:16.0680 4984 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:17:16.0680 4984 nvraid - ok
11:17:16.0774 4984 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:17:16.0774 4984 nvstor - ok
11:17:16.0868 4984 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:17:16.0868 4984 nv_agp - ok
11:17:16.0961 4984 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:17:16.0961 4984 ohci1394 - ok
11:17:17.0102 4984 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
11:17:17.0102 4984 Parport - ok
11:17:17.0180 4984 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:17:17.0195 4984 partmgr - ok
11:17:17.0211 4984 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:17:17.0211 4984 pci - ok
11:17:17.0304 4984 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:17:17.0304 4984 pciide - ok
11:17:17.0336 4984 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:17:17.0336 4984 pcmcia - ok
11:17:17.0414 4984 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:17:17.0414 4984 pcw - ok
11:17:17.0523 4984 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:17:17.0523 4984 PEAUTH - ok
11:17:17.0694 4984 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:17:17.0694 4984 PptpMiniport - ok
11:17:17.0726 4984 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:17:17.0726 4984 Processor - ok
11:17:17.0835 4984 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:17:17.0835 4984 Psched - ok
11:17:17.0913 4984 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:17:17.0928 4984 PxHlpa64 - ok
11:17:17.0991 4984 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:17:18.0006 4984 ql2300 - ok
11:17:18.0100 4984 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:17:18.0100 4984 ql40xx - ok
11:17:18.0209 4984 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:17:18.0209 4984 QWAVEdrv - ok
11:17:18.0350 4984 RapportCerberus_32301 (f3de80c63bb10edc5aa92fc16edc6e23) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_32301.sys
11:17:18.0350 4984 RapportCerberus_32301 - ok
11:17:18.0443 4984 RapportEI64 (c3c5f9517aac5848ffb7f66040780c3c) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
11:17:18.0443 4984 RapportEI64 - ok
11:17:18.0537 4984 RapportKE64 (f6cd072af2e424cd4ff82194e36a6f3c) C:\Windows\system32\Drivers\RapportKE64.sys
11:17:18.0537 4984 RapportKE64 - ok
11:17:18.0662 4984 RapportPG64 (819e5a7e3729273c252ae35f9e5e0bc8) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
11:17:18.0662 4984 RapportPG64 - ok
11:17:18.0771 4984 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:17:18.0771 4984 RasAcd - ok
11:17:18.0880 4984 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:17:18.0880 4984 RasAgileVpn - ok
11:17:18.0989 4984 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:17:18.0989 4984 Rasl2tp - ok
11:17:19.0036 4984 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:17:19.0036 4984 RasPppoe - ok
11:17:19.0145 4984 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:17:19.0145 4984 RasSstp - ok
11:17:19.0176 4984 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:17:19.0192 4984 rdbss - ok
11:17:19.0286 4984 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
11:17:19.0286 4984 rdpbus - ok
11:17:19.0395 4984 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:17:19.0395 4984 RDPCDD - ok
11:17:19.0488 4984 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:17:19.0504 4984 RDPENCDD - ok
11:17:19.0598 4984 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:17:19.0613 4984 RDPREFMP - ok
11:17:19.0644 4984 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:17:19.0644 4984 RDPWD - ok
11:17:19.0738 4984 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:17:19.0738 4984 rdyboost - ok
11:17:19.0878 4984 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:17:19.0878 4984 RFCOMM - ok
11:17:20.0003 4984 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:17:20.0003 4984 rspndr - ok
11:17:20.0144 4984 rtl8192se (0cb26835629b6b4001a31774883b8b46) C:\Windows\system32\DRIVERS\rtl8192se.sys
11:17:20.0159 4984 rtl8192se - ok
11:17:20.0237 4984 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:17:20.0253 4984 sbp2port - ok
11:17:20.0268 4984 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:17:20.0268 4984 scfilter - ok
11:17:20.0362 4984 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
11:17:20.0378 4984 sdbus - ok
11:17:20.0487 4984 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:17:20.0487 4984 secdrv - ok
11:17:20.0549 4984 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
11:17:20.0549 4984 Serenum - ok
11:17:20.0643 4984 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
11:17:20.0643 4984 Serial - ok
11:17:20.0705 4984 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:17:20.0705 4984 sermouse - ok
11:17:20.0768 4984 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:17:20.0783 4984 sffdisk - ok
11:17:20.0814 4984 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:17:20.0830 4984 sffp_mmc - ok
11:17:20.0877 4984 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:17:20.0877 4984 sffp_sd - ok
11:17:20.0970 4984 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:17:20.0970 4984 sfloppy - ok
11:17:21.0095 4984 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
11:17:21.0111 4984 Sftfs - ok
11:17:21.0220 4984 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:17:21.0220 4984 Sftplay - ok
11:17:21.0314 4984 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:17:21.0314 4984 Sftredir - ok
11:17:21.0407 4984 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
11:17:21.0407 4984 Sftvol - ok
11:17:21.0516 4984 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:17:21.0516 4984 SiSRaid2 - ok
11:17:21.0610 4984 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:17:21.0610 4984 SiSRaid4 - ok
11:17:21.0719 4984 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:17:21.0719 4984 Smb - ok
11:17:21.0844 4984 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:17:21.0844 4984 spldr - ok
11:17:22.0000 4984 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSP64.SYS
11:17:22.0016 4984 SRTSP - ok
11:17:22.0156 4984 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
11:17:22.0156 4984 SRTSPX - ok
11:17:22.0265 4984 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:17:22.0281 4984 srv - ok
11:17:22.0374 4984 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:17:22.0374 4984 srv2 - ok
11:17:22.0468 4984 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:17:22.0468 4984 srvnet - ok
11:17:22.0577 4984 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:17:22.0577 4984 stexstor - ok
11:17:22.0702 4984 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:17:22.0702 4984 swenum - ok
11:17:22.0858 4984 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
11:17:22.0874 4984 SymDS - ok
11:17:23.0030 4984 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
11:17:23.0045 4984 SymEFA - ok
11:17:23.0186 4984 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:17:23.0186 4984 SymEvent - ok
11:17:23.0326 4984 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
11:17:23.0326 4984 SymIRON - ok
11:17:23.0466 4984 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS
11:17:23.0482 4984 SymNetS - ok
11:17:23.0638 4984 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:17:23.0669 4984 Tcpip - ok
11:17:23.0810 4984 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:17:23.0825 4984 TCPIP6 - ok
11:17:23.0919 4984 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:17:23.0919 4984 tcpipreg - ok
11:17:24.0012 4984 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:17:24.0012 4984 TDPIPE - ok
11:17:24.0090 4984 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:17:24.0090 4984 TDTCP - ok
11:17:24.0184 4984 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:17:24.0184 4984 tdx - ok
11:17:24.0278 4984 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:17:24.0278 4984 TermDD - ok
11:17:24.0418 4984 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:17:24.0418 4984 tssecsrv - ok
11:17:24.0512 4984 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:17:24.0512 4984 TsUsbFlt - ok
11:17:24.0590 4984 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:17:24.0590 4984 TsUsbGD - ok
11:17:24.0699 4984 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:17:24.0714 4984 tunnel - ok
11:17:24.0746 4984 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:17:24.0746 4984 uagp35 - ok
11:17:24.0855 4984 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
11:17:24.0855 4984 UBHelper - ok
11:17:24.0948 4984 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:17:24.0948 4984 udfs - ok
11:17:25.0058 4984 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:17:25.0058 4984 uliagpkx - ok
11:17:25.0167 4984 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:17:25.0167 4984 umbus - ok
11:17:25.0494 4984 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:17:25.0494 4984 UmPass - ok
11:17:25.0588 4984 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:17:25.0588 4984 usbccgp - ok
11:17:25.0682 4984 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:17:25.0682 4984 usbcir - ok
11:17:25.0775 4984 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:17:25.0775 4984 usbehci - ok
11:17:25.0884 4984 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\Windows\system32\DRIVERS\usbfilter.sys
11:17:25.0884 4984 usbfilter - ok
11:17:25.0994 4984 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:17:25.0994 4984 usbhub - ok
11:17:26.0118 4984 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:17:26.0118 4984 usbohci - ok
11:17:26.0212 4984 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
11:17:26.0212 4984 usbprint - ok
11:17:26.0306 4984 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:17:26.0306 4984 USBSTOR - ok
11:17:26.0321 4984 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:17:26.0321 4984 usbuhci - ok
11:17:26.0415 4984 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
11:17:26.0415 4984 usbvideo - ok
11:17:26.0540 4984 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:17:26.0540 4984 vdrvroot - ok
11:17:26.0649 4984 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:17:26.0649 4984 vga - ok
11:17:26.0758 4984 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:17:26.0758 4984 VgaSave - ok
11:17:26.0852 4984 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:17:26.0867 4984 vhdmp - ok
11:17:26.0961 4984 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:17:26.0961 4984 viaide - ok
11:17:27.0054 4984 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:17:27.0054 4984 volmgr - ok
11:17:27.0179 4984 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:17:27.0179 4984 volmgrx - ok
11:17:27.0288 4984 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:17:27.0288 4984 volsnap - ok
11:17:27.0382 4984 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:17:27.0382 4984 vsmraid - ok
11:17:27.0491 4984 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:17:27.0491 4984 vwifibus - ok
11:17:27.0600 4984 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:17:27.0600 4984 vwififlt - ok
11:17:27.0694 4984 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:17:27.0710 4984 WacomPen - ok
11:17:27.0834 4984 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:17:27.0834 4984 WANARP - ok
11:17:27.0850 4984 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:17:27.0866 4984 Wanarpv6 - ok
11:17:28.0006 4984 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:17:28.0006 4984 Wd - ok
11:17:28.0115 4984 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:17:28.0131 4984 Wdf01000 - ok
11:17:28.0271 4984 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:17:28.0271 4984 WfpLwf - ok
11:17:28.0380 4984 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:17:28.0380 4984 WIMMount - ok
11:17:28.0552 4984 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:17:28.0552 4984 WinUsb - ok
11:17:28.0692 4984 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:17:28.0692 4984 WmiAcpi - ok
11:17:28.0817 4984 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:17:28.0817 4984 ws2ifsl - ok
11:17:28.0942 4984 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:17:28.0942 4984 WudfPf - ok
11:17:29.0004 4984 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:17:29.0020 4984 \Device\Harddisk0\DR0 - ok
11:17:29.0020 4984 Boot (0x1200) (a5a35d7ca65d5fb56086df4296504858) \Device\Harddisk0\DR0\Partition0
11:17:29.0020 4984 \Device\Harddisk0\DR0\Partition0 - ok
11:17:29.0051 4984 Boot (0x1200) (9022e8b573fece4964db8d85ce1eda32) \Device\Harddisk0\DR0\Partition1
11:17:29.0051 4984 \Device\Harddisk0\DR0\Partition1 - ok
11:17:29.0051 4984 ============================================================
11:17:29.0051 4984 Scan finished
11:17:29.0051 4984 ============================================================
11:17:29.0067 5556 Detected object count: 0
11:17:29.0067 5556 Actual detected object count: 0

Attached Files

  • Attached File  MBR.zip   564bytes   0 downloads


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 AM

Posted 14 December 2011 - 09:59 AM

Try this.

Click the Posted Image button. > Run - copy and paste this command in the box ComboFix /nombr then click OK.

(That command presumes ComboFix is on the desktop you may need to use C:\ComboFix /nombr if you have ComboFix on the c:\drive)

#13 TaylorUK

TaylorUK
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 14 December 2011 - 01:02 PM

Left it running, can only presume it finished and restarted and presented me with the following notepad txt

ComboFix 11-12-10.01 - Cralice 14/12/2011 17:06:06.7.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3563.2073 [GMT 0:00]
Running from: c:\users\Cralice\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))
.
.
2011-12-14 17:44 . 2011-12-14 17:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-04 20:59 . 2011-12-04 20:59 -------- d-----r- c:\program files (x86)\Skype
2011-12-04 19:22 . 2011-12-04 19:22 -------- d-----w- c:\users\Cralice\AppData\Local\Mozilla
2011-12-04 17:58 . 2011-12-04 17:58 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-12-04 16:44 . 2011-07-06 12:44 34288 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-04 16:44 . 2011-12-04 16:44 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-04 16:44 . 2011-12-04 16:44 -------- d-----w- c:\program files\Symantec
2011-12-04 16:44 . 2011-12-04 16:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-12-04 16:43 . 2011-12-04 16:43 -------- d-----w- c:\windows\system32\drivers\N360x64
2011-12-04 16:43 . 2011-12-04 16:43 -------- d-----w- c:\program files (x86)\Norton 360
2011-12-04 16:43 . 2011-12-04 16:43 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-12-02 09:25 . 2011-12-02 09:25 -------- d-----w- c:\users\Cralice\AppData\Roaming\Malwarebytes
2011-12-02 09:25 . 2011-12-02 09:25 -------- d-----w- c:\programdata\Malwarebytes
2011-12-02 09:25 . 2011-12-02 09:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-02 09:25 . 2011-08-31 17:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-29 16:41 . 2010-08-21 03:59 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-11-29 16:41 . 2010-08-21 03:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-11-29 16:36 . 2011-11-29 16:36 -------- d-----w- c:\programdata\PCSettings
2011-11-29 05:43 . 2011-10-18 01:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E22C4020-91B4-4B66-9969-04A4F0ACEB52}\mpengine.dll
2011-11-22 18:02 . 2011-11-22 18:02 -------- d-----w- c:\programdata\Hewlett-Packard
2011-11-22 18:02 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-11-22 18:02 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\1_hpzppw71.dll
2011-11-17 09:13 . 2011-11-17 09:13 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 09:13 . 2011-10-02 16:07 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-07 21:28 . 2011-09-28 12:56 63760 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2011-09-29 16:29 . 2011-11-09 20:54 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-09 20:54 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-09-28 15:25 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" [2011-03-09 295744]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-31 1092688]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-25 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-27 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-27 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-07 61712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111123.001\BHDrvx64.sys [2011-11-23 1156216]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111212.002\IDSvia64.sys [2011-12-02 488568]
S1 RapportCerberus_32301;RapportCerberus_32301;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_32301.sys [2011-11-07 396944]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-07 55056]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-31 352848]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-02-22 873064]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2011-01-18 39528]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-04-22 244624]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [2011-03-09 257344]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 931640]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\drivers\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-04 138360]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-27 20:39]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-27 20:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"Power Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-02-22 1796200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bleepingcomputer.com/forums/topic430836.html/page__pid__2507647#entry2507647
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Cralice\AppData\Roaming\Mozilla\Firefox\Profiles\mpem1k78.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.khandro.net/animal_tiger.htm
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-14 17:47:56
ComboFix-quarantined-files.txt 2011-12-14 17:47
.
Pre-Run: 222,128,705,536 bytes free
Post-Run: 222,096,121,856 bytes free
.
- - End Of File - - 8E2D8F97382786526811D8BACF4C34FB


So...what does that mean? :P

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 AM

Posted 15 December 2011 - 09:36 AM

This ComboFix command bypasses the Master Boot Record. You may have a bad partition. Lets check it out.

  • Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.
After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

To do print screen follow these steps:

* Press Alt and Print Screen button on your keyboard
* Open Paint program
* From the menu choose Edit then Paste
* Now save the picture and attach it here for me to review.

#15 TaylorUK

TaylorUK
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 17 December 2011 - 04:08 AM

System crashed twice when trying to enter Computer Management, had to reset on one crash due to the severity of it, but nonetheless, screenshot attached! Im starting to wonder whether to just do a system reboot? Ive backed up most of my data to disc just incase this is the way forward




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users