Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smart HDD virus


  • This topic is locked This topic is locked
24 replies to this topic

#1 harkim

harkim

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 11 April 2012 - 09:11 PM

Hello,
Recently I got a Smart HDD virus that stopped me from doing anything. I used my tablet to read directions on how to remove it and I was able to remove it to the point where I was able to access my computer again. I used Rkill, malaware bytes, and tdsskiller. I am asking if somebody can look over my log to check to see if there's anything remaining in my computer.
Thank you



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:04:00 PM, on 4/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\USADISK\WEBHARD_Agent.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Kim\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: dlbc_device - - C:\Windows\system32\dlbccoms.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: USADISK UPDATE SERVICE (USADISK_AGENT) - Unknown owner - C:\Program Files (x86)\USADISK\WEBHARD_Agent.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7949 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 PM

Posted 14 April 2012 - 12:19 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 PM

Posted 16 April 2012 - 11:25 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 harkim

harkim
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 17 April 2012 - 04:54 PM

Hello,
Thank you for your reply! Sorry for the late response.


Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 30
Java version out of date!
Adobe Reader X (10.1.2)
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/12/2010 2:28:46 PM
System Uptime: 4/16/2012 10:30:20 PM (19 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P6X58D-E
Processor: Intel® Core™ i7 CPU 930 @ 2.80GHz | LGA1366 | 2801/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 66.764 GiB free.
D: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\4&CF85AA7&0&0010
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\4&CF85AA7&0&0010
Service:
.
==== System Restore Points ===================
.
RP122: 3/22/2012 12:06:52 AM - Configured Splashtop Streamer
RP123: 4/4/2012 10:32:36 PM - Scheduled Checkpoint
RP124: 4/11/2012 3:00:29 AM - Windows Update
RP125: 4/11/2012 7:43:48 AM - Windows Update
RP126: 4/11/2012 5:21:02 PM - Windows Update
RP127: 4/11/2012 5:40:38 PM - Windows Update
RP128: 4/11/2012 5:41:32 PM - Windows Update
RP129: 4/11/2012 6:06:31 PM - Windows Update
RP130: 4/11/2012 6:07:20 PM - Windows Update
RP131: 4/11/2012 8:59:05 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ACER ICONIA 3G DRIVER INSTALL
Adobe AIR
Adobe Reader X (10.1.2)
AIM 7
Counter-Strike
D3DX10
HandBrake 0.9.5
Java Auto Updater
Java™ 6 Update 30
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.61.0.1400
Marvell Miniport Driver
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Skype™ 5.3
Splashtop Streamer
StarCraft II
Steam
The Lord of the Rings FREE Trial
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
4/16/2012 7:57:38 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
4/15/2012 12:03:03 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
4/11/2012 9:36:20 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
4/11/2012 9:36:18 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
4/11/2012 9:36:17 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
4/11/2012 9:36:17 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
4/11/2012 9:34:38 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/11/2012 9:34:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/11/2012 9:34:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/11/2012 9:34:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/11/2012 9:34:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/11/2012 9:34:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl spldr SRTSP SRTSPX Wanarpv6
4/11/2012 9:34:23 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/11/2012 7:43:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB2653956).
4/11/2012 7:43:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2656373).
4/11/2012 7:43:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2675157).
4/11/2012 7:40:28 AM, Error: SRTSPL [11] - Unable to allocate open file data.
4/11/2012 7:40:28 AM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
4/11/2012 7:40:28 AM, Error: SRTSP [4] - Error loading virus definitions.
4/11/2012 7:40:28 AM, Error: Service Control Manager [7000] - The SRTSPL service failed to start due to the following error: A device attached to the system is not functioning.
4/11/2012 7:40:28 AM, Error: Service Control Manager [7000] - The SRTSP service failed to start due to the following error: A device attached to the system is not functioning.
4/11/2012 7:40:22 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
4/11/2012 7:39:50 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a0061c6000, 0x0000000000000000, 0xfffff80002f1a61a, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041112-15210-01.
4/11/2012 6:20:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002eb532f, 0x0000000000000000, 0x000000007ef90000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041112-34710-01.
4/11/2012 6:07:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2679255).
.
==== End Of File ===========================



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by Kim at 17:51:57 on 2012-04-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.4773 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\dlbccoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\USADISK\WEBHARD_Agent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\dinotify.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
TCP: Interfaces\{6F9E2A98-3ECD-4EE3-B1A3-95987DB3EDC0} : DhcpNameServer = 167.206.254.1 167.206.254.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\dzzzm5kh.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 dlbc_device;dlbc_device;C:\Windows\system32\dlbccoms.exe -service --> C:\Windows\system32\dlbccoms.exe -service [?]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-2-9 531328]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2011-1-3 1839776]
R2 USADISK_AGENT;USADISK UPDATE SERVICE;C:\Program Files (x86)\USADISK\WEBHARD_Agent.exe [2011-6-13 155856]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-4-11 138360]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 253088]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Kim\Documents\RealTemp_340\WinRing0x64.sys [2008-7-26 14544]
.
=============== Created Last 30 ================
.
2012-04-13 10:45:23 -------- d-----w- C:\Users\Kim\AppData\Local\{EDA8FB2A-D28C-4771-A692-A0B3E89540B3}
2012-04-12 20:54:30 -------- d-----w- C:\Users\Kim\AppData\Local\{7AE736AD-FF2B-40E6-80FE-91A6AF73E5A0}
2012-04-12 02:06:10 -------- d-----w- C:\Users\Kim\AppData\Local\{3EBB676F-6CEF-4D99-9D2C-92308C4BE77C}
2012-04-12 00:59:32 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 00:59:32 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 00:59:31 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-11 23:15:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-11 22:19:05 -------- d-----w- C:\Windows\pss
2012-04-11 21:21:30 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 21:21:30 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 21:21:30 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 21:21:28 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 21:21:26 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 21:21:26 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 21:21:26 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 20:59:24 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 12:15:54 -------- d-----w- C:\Users\Kim\AppData\Local\{2F6888EF-734D-415D-B17B-5F2D43BE5AC2}
2012-04-11 11:40:52 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-11 03:25:55 -------- d-----w- C:\Users\Kim\AppData\Local\{15D82AB3-558A-4A25-9D43-254F2F2B1005}
2012-04-10 11:40:17 -------- d-----w- C:\Users\Kim\AppData\Local\{342DCAA4-273E-45D6-A281-223939ACF117}
2012-04-09 20:57:04 -------- d-----w- C:\Users\Kim\AppData\Local\{640C014D-FD39-4706-A95C-7620C7FBA0FD}
2012-04-09 04:28:27 -------- d-----w- C:\Users\Kim\AppData\Local\{15A8A818-F47B-419E-8CD4-6568449B0360}
2012-04-08 05:04:51 -------- d-----w- C:\Users\Kim\AppData\Local\{9A31C12C-86A5-4922-AAC6-08B84CB0CA85}
2012-04-07 03:33:16 -------- d-----w- C:\Users\Kim\AppData\Local\{C545E505-2F95-4637-9C7D-BB9AAC72356E}
2012-04-06 10:59:18 -------- d-----w- C:\Users\Kim\AppData\Local\{EEC71066-F3AA-4CCD-97C6-3F08B305D054}
2012-04-05 21:01:43 -------- d-----w- C:\Users\Kim\AppData\Local\{D4DF7461-0BC2-47CA-871B-8BEE4E74E62E}
2012-04-04 21:00:53 -------- d-----w- C:\Users\Kim\AppData\Local\{D4A381BE-DB5B-4B59-B042-4BB2F6ED6F26}
2012-04-04 05:28:16 -------- d-----w- C:\Users\Kim\AppData\Local\{65A22188-6FED-4EAC-8E41-7904D266F76C}
2012-03-28 21:00:29 -------- d-----w- C:\Users\Kim\AppData\Local\{198C43BD-21E4-4037-8310-AD7AC502473D}
2012-03-28 21:00:18 -------- d-----w- C:\Users\Kim\AppData\Local\{ED694DD8-D30F-4349-B7E7-1C8C37A53576}
2012-03-28 01:22:06 -------- d-----w- C:\Users\Kim\AppData\Local\{AD88695E-AD84-4862-9F3F-161365FD788F}
2012-03-22 04:06:28 -------- d-----w- C:\Users\Kim\AppData\Local\{FFFA2FB9-4857-4475-8379-F36343DA5801}
2012-03-19 03:44:42 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 03:44:42 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-04-15 15:46:23 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:27 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-11 09:09:00 173616 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-08 01:00:44 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 17:52:17.46 ===============

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 PM

Posted 17 April 2012 - 06:41 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 harkim

harkim
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 18 April 2012 - 10:00 PM

ComboFix 12-04-18.02 - Kim 04/18/2012 22:44:40.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.5040 [GMT -4:00]
Running from: c:\users\Kim\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\JK9Lvpl7pk5zh0
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))
.
.
2012-04-12 00:59 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 00:59 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 00:59 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 23:15 . 2012-04-11 23:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-11 21:51 . 2012-04-11 21:51 -------- d-----w- c:\windows\Sun
2012-04-11 21:21 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 21:21 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 21:21 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 21:21 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 21:21 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 21:21 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 21:21 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 20:59 . 2012-04-15 15:46 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 11:40 . 2012-04-15 15:46 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-22 04:06 . 2012-03-22 04:06 -------- d-----w- c:\users\Kim\AppData\Local\{FFFA2FB9-4857-4475-8379-F36343DA5801}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 15:46 . 2011-05-19 00:03 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2012-01-30 23:59 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 06:38 . 2012-03-13 19:34 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-13 19:34 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 19:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 19:34 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 19:34 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-11 09:09 . 2010-08-12 20:22 173616 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-02-10 06:36 . 2012-03-13 19:34 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 19:34 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-08 01:00 . 2012-02-08 01:00 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-13 19:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-13 19:34 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 19:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 19:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2011-01-03 115560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Kim\Documents\RealTemp_340\WinRing0x64.sys [2010-08-19 14544]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [2007-02-07 566768]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-09 531328]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 USADISK_AGENT;USADISK UPDATE SERVICE;c:\program files (x86)\USADISK\WEBHARD_Agent.exe [2011-06-13 155856]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - EraserUtilDrv11122
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 15:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\dzzzm5kh.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Symantec Antvirus
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
.
**************************************************************************
.
Completion time: 2012-04-18 22:56:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-19 02:56
.
Pre-Run: 74,063,028,224 bytes free
Post-Run: 73,464,287,232 bytes free
.
- - End Of File - - E46E9A0F859439AD0B11AED4D7D298A1

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 PM

Posted 18 April 2012 - 10:05 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 PM

Posted 21 April 2012 - 07:25 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 harkim

harkim
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 22 April 2012 - 12:14 PM

Hello Gringo,
Thank you for taking the time to look at my logs. I appreciate it. I've been running late on a few things. Here are my logs.
Thanks again

12:59:36.0517 3016 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
12:59:36.0747 3016 ============================================================
12:59:36.0747 3016 Current date / time: 2012/04/22 12:59:36.0747
12:59:36.0747 3016 SystemInfo:
12:59:36.0747 3016
12:59:36.0747 3016 OS Version: 6.1.7601 ServicePack: 1.0
12:59:36.0747 3016 Product type: Workstation
12:59:36.0747 3016 ComputerName: KIM-PC
12:59:36.0747 3016 UserName: Kim
12:59:36.0747 3016 Windows directory: C:\Windows
12:59:36.0747 3016 System windows directory: C:\Windows
12:59:36.0747 3016 Running under WOW64
12:59:36.0747 3016 Processor architecture: Intel x64
12:59:36.0747 3016 Number of processors: 4
12:59:36.0747 3016 Page size: 0x1000
12:59:36.0747 3016 Boot type: Normal boot
12:59:36.0747 3016 ============================================================
12:59:37.0355 3016 Drive \Device\Harddisk0\DR0 - Size: 0x22EF13E000 (139.74 Gb), SectorSize: 0x200, Cylinders: 0x4741, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:59:37.0358 3016 \Device\Harddisk0\DR0:
12:59:37.0358 3016 MBR partitions:
12:59:37.0358 3016 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:59:37.0358 3016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x11745800
12:59:37.0369 3016 C: <-> \Device\Harddisk0\DR0\Partition1
12:59:37.0373 3016 D: <-> \Device\Harddisk0\DR0\Partition0
12:59:37.0373 3016 Initialize success
12:59:37.0373 3016 ============================================================
12:59:42.0695 4736 ============================================================
12:59:42.0695 4736 Scan started
12:59:42.0695 4736 Mode: Manual;
12:59:42.0695 4736 ============================================================
12:59:43.0136 4736 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:59:43.0138 4736 1394ohci - ok
12:59:43.0168 4736 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:59:43.0171 4736 ACPI - ok
12:59:43.0182 4736 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:59:43.0182 4736 AcpiPmi - ok
12:59:43.0232 4736 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:59:43.0232 4736 AdobeARMservice - ok
12:59:43.0308 4736 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:59:43.0310 4736 AdobeFlashPlayerUpdateSvc - ok
12:59:43.0341 4736 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:59:43.0344 4736 adp94xx - ok
12:59:43.0368 4736 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:59:43.0370 4736 adpahci - ok
12:59:43.0384 4736 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:59:43.0385 4736 adpu320 - ok
12:59:43.0401 4736 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:59:43.0401 4736 AeLookupSvc - ok
12:59:43.0434 4736 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:59:43.0437 4736 AFD - ok
12:59:43.0496 4736 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:59:43.0496 4736 agp440 - ok
12:59:43.0517 4736 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:59:43.0518 4736 ALG - ok
12:59:43.0526 4736 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:59:43.0526 4736 aliide - ok
12:59:43.0547 4736 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
12:59:43.0549 4736 AMD External Events Utility - ok
12:59:43.0570 4736 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:59:43.0570 4736 amdide - ok
12:59:43.0587 4736 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:59:43.0588 4736 AmdK8 - ok
12:59:43.0725 4736 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
12:59:43.0762 4736 amdkmdag - ok
12:59:43.0782 4736 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
12:59:43.0783 4736 amdkmdap - ok
12:59:43.0796 4736 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:59:43.0796 4736 AmdPPM - ok
12:59:43.0823 4736 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:59:43.0824 4736 amdsata - ok
12:59:43.0835 4736 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:59:43.0836 4736 amdsbs - ok
12:59:43.0845 4736 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:59:43.0846 4736 amdxata - ok
12:59:43.0865 4736 androidusb (9c59bf508c5d408bb348254e0ba2ee30) C:\Windows\system32\Drivers\androidusb.sys
12:59:43.0865 4736 androidusb - ok
12:59:43.0893 4736 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:59:43.0894 4736 AppID - ok
12:59:43.0949 4736 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:59:43.0950 4736 AppIDSvc - ok
12:59:43.0970 4736 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:59:43.0971 4736 Appinfo - ok
12:59:43.0996 4736 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
12:59:43.0997 4736 AppMgmt - ok
12:59:44.0010 4736 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:59:44.0011 4736 arc - ok
12:59:44.0023 4736 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:59:44.0024 4736 arcsas - ok
12:59:44.0038 4736 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:59:44.0038 4736 AsyncMac - ok
12:59:44.0049 4736 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:59:44.0049 4736 atapi - ok
12:59:44.0099 4736 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:59:44.0103 4736 AudioEndpointBuilder - ok
12:59:44.0113 4736 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:59:44.0118 4736 AudioSrv - ok
12:59:44.0136 4736 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:59:44.0137 4736 AxInstSV - ok
12:59:44.0166 4736 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:59:44.0169 4736 b06bdrv - ok
12:59:44.0203 4736 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:59:44.0205 4736 b57nd60a - ok
12:59:44.0314 4736 BCM43XX (fb4fda64f2e8552eaeb5986c3f34462c) C:\Windows\system32\DRIVERS\bcmwl664.sys
12:59:44.0331 4736 BCM43XX - ok
12:59:44.0353 4736 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:59:44.0354 4736 BDESVC - ok
12:59:44.0365 4736 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:59:44.0365 4736 Beep - ok
12:59:44.0405 4736 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:59:44.0410 4736 BFE - ok
12:59:44.0445 4736 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:59:44.0452 4736 BITS - ok
12:59:44.0477 4736 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:59:44.0478 4736 blbdrive - ok
12:59:44.0501 4736 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:59:44.0502 4736 bowser - ok
12:59:44.0512 4736 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:59:44.0512 4736 BrFiltLo - ok
12:59:44.0521 4736 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:59:44.0522 4736 BrFiltUp - ok
12:59:44.0542 4736 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:59:44.0543 4736 BridgeMP - ok
12:59:44.0571 4736 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:59:44.0572 4736 Browser - ok
12:59:44.0596 4736 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:59:44.0599 4736 Brserid - ok
12:59:44.0642 4736 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:59:44.0642 4736 BrSerWdm - ok
12:59:44.0655 4736 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:59:44.0656 4736 BrUsbMdm - ok
12:59:44.0662 4736 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:59:44.0663 4736 BrUsbSer - ok
12:59:44.0675 4736 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:59:44.0676 4736 BTHMODEM - ok
12:59:44.0697 4736 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:59:44.0698 4736 bthserv - ok
12:59:44.0719 4736 catchme - ok
12:59:44.0770 4736 ccEvtMgr (f3e5c6ceec35c3f65221100b00afb5f9) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
12:59:44.0771 4736 ccEvtMgr - ok
12:59:44.0775 4736 ccSetMgr (f3e5c6ceec35c3f65221100b00afb5f9) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
12:59:44.0776 4736 ccSetMgr - ok
12:59:44.0804 4736 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:59:44.0804 4736 cdfs - ok
12:59:44.0836 4736 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:59:44.0837 4736 cdrom - ok
12:59:44.0863 4736 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:59:44.0864 4736 CertPropSvc - ok
12:59:44.0876 4736 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:59:44.0877 4736 circlass - ok
12:59:44.0895 4736 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:59:44.0898 4736 CLFS - ok
12:59:44.0939 4736 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:59:44.0940 4736 clr_optimization_v2.0.50727_32 - ok
12:59:44.0976 4736 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:59:44.0977 4736 clr_optimization_v2.0.50727_64 - ok
12:59:45.0007 4736 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:59:45.0009 4736 clr_optimization_v4.0.30319_32 - ok
12:59:45.0037 4736 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:59:45.0038 4736 clr_optimization_v4.0.30319_64 - ok
12:59:45.0086 4736 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:59:45.0086 4736 CmBatt - ok
12:59:45.0109 4736 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:59:45.0109 4736 cmdide - ok
12:59:45.0135 4736 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:59:45.0137 4736 CNG - ok
12:59:45.0152 4736 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:59:45.0152 4736 Compbatt - ok
12:59:45.0181 4736 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:59:45.0294 4736 CompositeBus - ok
12:59:45.0382 4736 COMSysApp - ok
12:59:45.0398 4736 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:59:45.0512 4736 crcdisk - ok
12:59:45.0806 4736 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:59:45.0807 4736 CryptSvc - ok
12:59:45.0831 4736 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:59:45.0834 4736 CSC - ok
12:59:45.0849 4736 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
12:59:45.0852 4736 CscService - ok
12:59:45.0912 4736 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:59:45.0917 4736 DcomLaunch - ok
12:59:45.0952 4736 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:59:45.0955 4736 defragsvc - ok
12:59:45.0985 4736 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:59:45.0986 4736 DfsC - ok
12:59:46.0021 4736 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:59:46.0024 4736 Dhcp - ok
12:59:46.0049 4736 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:59:46.0050 4736 discache - ok
12:59:46.0072 4736 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:59:46.0073 4736 Disk - ok
12:59:46.0088 4736 dlbc_device - ok
12:59:46.0208 4736 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:59:46.0209 4736 Dnscache - ok
12:59:46.0317 4736 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:59:46.0319 4736 dot3svc - ok
12:59:46.0369 4736 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:59:46.0370 4736 DPS - ok
12:59:46.0428 4736 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:59:46.0429 4736 drmkaud - ok
12:59:46.0475 4736 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:59:46.0481 4736 DXGKrnl - ok
12:59:46.0510 4736 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:59:46.0511 4736 EapHost - ok
12:59:46.0576 4736 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:59:46.0592 4736 ebdrv - ok
12:59:46.0650 4736 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:59:46.0654 4736 eeCtrl - ok
12:59:46.0670 4736 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:59:46.0671 4736 EFS - ok
12:59:46.0710 4736 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:59:46.0715 4736 ehRecvr - ok
12:59:46.0748 4736 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:59:46.0749 4736 ehSched - ok
12:59:46.0791 4736 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:59:46.0795 4736 elxstor - ok
12:59:46.0825 4736 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:59:46.0826 4736 EraserUtilRebootDrv - ok
12:59:46.0845 4736 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:59:46.0845 4736 ErrDev - ok
12:59:46.0879 4736 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:59:46.0882 4736 EventSystem - ok
12:59:46.0893 4736 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:59:46.0895 4736 exfat - ok
12:59:46.0916 4736 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:59:46.0918 4736 fastfat - ok
12:59:46.0966 4736 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:59:46.0971 4736 Fax - ok
12:59:46.0990 4736 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:59:46.0990 4736 fdc - ok
12:59:47.0004 4736 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:59:47.0005 4736 fdPHost - ok
12:59:47.0017 4736 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:59:47.0018 4736 FDResPub - ok
12:59:47.0027 4736 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:59:47.0028 4736 FileInfo - ok
12:59:47.0042 4736 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:59:47.0042 4736 Filetrace - ok
12:59:47.0051 4736 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:59:47.0052 4736 flpydisk - ok
12:59:47.0105 4736 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:59:47.0107 4736 FltMgr - ok
12:59:47.0138 4736 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:59:47.0147 4736 FontCache - ok
12:59:47.0201 4736 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:59:47.0202 4736 FontCache3.0.0.0 - ok
12:59:47.0213 4736 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:59:47.0214 4736 FsDepends - ok
12:59:47.0233 4736 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:59:47.0233 4736 Fs_Rec - ok
12:59:47.0260 4736 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:59:47.0262 4736 fvevol - ok
12:59:47.0283 4736 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:59:47.0283 4736 gagp30kx - ok
12:59:47.0316 4736 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:59:47.0322 4736 gpsvc - ok
12:59:47.0343 4736 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:59:47.0344 4736 hcw85cir - ok
12:59:47.0379 4736 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:59:47.0382 4736 HdAudAddService - ok
12:59:47.0421 4736 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:59:47.0422 4736 HDAudBus - ok
12:59:47.0434 4736 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:59:47.0434 4736 HidBatt - ok
12:59:47.0475 4736 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:59:47.0476 4736 HidBth - ok
12:59:47.0486 4736 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:59:47.0486 4736 HidIr - ok
12:59:47.0501 4736 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:59:47.0502 4736 hidserv - ok
12:59:47.0519 4736 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
12:59:47.0520 4736 HidUsb - ok
12:59:47.0539 4736 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:59:47.0540 4736 hkmsvc - ok
12:59:47.0562 4736 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:59:47.0565 4736 HomeGroupListener - ok
12:59:47.0585 4736 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:59:47.0588 4736 HomeGroupProvider - ok
12:59:47.0605 4736 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:59:47.0605 4736 HpSAMD - ok
12:59:47.0652 4736 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:59:47.0657 4736 HTTP - ok
12:59:47.0676 4736 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:59:47.0677 4736 hwpolicy - ok
12:59:47.0714 4736 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:59:47.0715 4736 i8042prt - ok
12:59:47.0732 4736 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:59:47.0735 4736 iaStorV - ok
12:59:47.0790 4736 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:59:47.0795 4736 idsvc - ok
12:59:47.0826 4736 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:59:47.0826 4736 iirsp - ok
12:59:47.0855 4736 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:59:47.0861 4736 IKEEXT - ok
12:59:47.0923 4736 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
12:59:47.0937 4736 IntcAzAudAddService - ok
12:59:47.0948 4736 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:59:47.0948 4736 intelide - ok
12:59:47.0957 4736 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:59:47.0957 4736 intelppm - ok
12:59:47.0972 4736 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:59:47.0973 4736 IPBusEnum - ok
12:59:47.0994 4736 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:59:47.0995 4736 IpFilterDriver - ok
12:59:48.0045 4736 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:59:48.0050 4736 iphlpsvc - ok
12:59:48.0068 4736 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:59:48.0068 4736 IPMIDRV - ok
12:59:48.0079 4736 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:59:48.0080 4736 IPNAT - ok
12:59:48.0112 4736 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:59:48.0113 4736 IRENUM - ok
12:59:48.0130 4736 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:59:48.0131 4736 isapnp - ok
12:59:48.0146 4736 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:59:48.0148 4736 iScsiPrt - ok
12:59:48.0176 4736 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:59:48.0177 4736 kbdclass - ok
12:59:48.0188 4736 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:59:48.0189 4736 kbdhid - ok
12:59:48.0206 4736 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:59:48.0207 4736 KeyIso - ok
12:59:48.0225 4736 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:59:48.0226 4736 KSecDD - ok
12:59:48.0255 4736 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:59:48.0256 4736 KSecPkg - ok
12:59:48.0276 4736 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:59:48.0277 4736 ksthunk - ok
12:59:48.0307 4736 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:59:48.0310 4736 KtmRm - ok
12:59:48.0353 4736 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:59:48.0356 4736 LanmanServer - ok
12:59:48.0379 4736 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:59:48.0382 4736 LanmanWorkstation - ok
12:59:48.0476 4736 LiveUpdate (6abe9ecaab7dd0cc6f46ec830e0fe8fc) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
12:59:48.0496 4736 LiveUpdate - ok
12:59:48.0543 4736 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:59:48.0544 4736 lltdio - ok
12:59:48.0565 4736 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:59:48.0568 4736 lltdsvc - ok
12:59:48.0581 4736 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:59:48.0582 4736 lmhosts - ok
12:59:48.0601 4736 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:59:48.0602 4736 LSI_FC - ok
12:59:48.0613 4736 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:59:48.0614 4736 LSI_SAS - ok
12:59:48.0627 4736 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:59:48.0628 4736 LSI_SAS2 - ok
12:59:48.0661 4736 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:59:48.0662 4736 LSI_SCSI - ok
12:59:48.0680 4736 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:59:48.0681 4736 luafv - ok
12:59:48.0700 4736 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:59:48.0701 4736 Mcx2Svc - ok
12:59:48.0713 4736 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:59:48.0713 4736 megasas - ok
12:59:48.0727 4736 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:59:48.0729 4736 MegaSR - ok
12:59:48.0794 4736 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:59:48.0795 4736 Microsoft Office Groove Audit Service - ok
12:59:48.0838 4736 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:59:48.0840 4736 MMCSS - ok
12:59:48.0849 4736 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:59:48.0850 4736 Modem - ok
12:59:48.0870 4736 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:59:48.0870 4736 monitor - ok
12:59:48.0898 4736 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
12:59:48.0899 4736 mouclass - ok
12:59:48.0918 4736 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:59:48.0918 4736 mouhid - ok
12:59:48.0950 4736 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:59:48.0951 4736 mountmgr - ok
12:59:48.0973 4736 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:59:48.0975 4736 mpio - ok
12:59:48.0998 4736 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:59:48.0999 4736 mpsdrv - ok
12:59:49.0052 4736 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:59:49.0058 4736 MpsSvc - ok
12:59:49.0091 4736 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:59:49.0092 4736 MRxDAV - ok
12:59:49.0113 4736 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:59:49.0114 4736 mrxsmb - ok
12:59:49.0138 4736 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:59:49.0140 4736 mrxsmb10 - ok
12:59:49.0175 4736 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:59:49.0176 4736 mrxsmb20 - ok
12:59:49.0199 4736 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:59:49.0200 4736 msahci - ok
12:59:49.0210 4736 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:59:49.0211 4736 msdsm - ok
12:59:49.0231 4736 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:59:49.0233 4736 MSDTC - ok
12:59:49.0251 4736 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:59:49.0251 4736 Msfs - ok
12:59:49.0264 4736 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:59:49.0264 4736 mshidkmdf - ok
12:59:49.0285 4736 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:59:49.0286 4736 msisadrv - ok
12:59:49.0317 4736 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:59:49.0319 4736 MSiSCSI - ok
12:59:49.0324 4736 msiserver - ok
12:59:49.0342 4736 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:59:49.0342 4736 MSKSSRV - ok
12:59:49.0357 4736 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:59:49.0358 4736 MSPCLOCK - ok
12:59:49.0364 4736 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:59:49.0365 4736 MSPQM - ok
12:59:49.0393 4736 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:59:49.0395 4736 MsRPC - ok
12:59:49.0409 4736 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:59:49.0409 4736 mssmbios - ok
12:59:49.0420 4736 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:59:49.0421 4736 MSTEE - ok
12:59:49.0431 4736 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:59:49.0432 4736 MTConfig - ok
12:59:49.0455 4736 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
12:59:49.0455 4736 MTsensor - ok
12:59:49.0494 4736 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:59:49.0495 4736 Mup - ok
12:59:49.0532 4736 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:59:49.0536 4736 napagent - ok
12:59:49.0559 4736 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:59:49.0562 4736 NativeWifiP - ok
12:59:49.0618 4736 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120420.032\ENG64.SYS
12:59:49.0619 4736 NAVENG - ok
12:59:49.0662 4736 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120420.032\EX64.SYS
12:59:49.0675 4736 NAVEX15 - ok
12:59:49.0718 4736 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:59:49.0724 4736 NDIS - ok
12:59:49.0737 4736 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:59:49.0738 4736 NdisCap - ok
12:59:49.0756 4736 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:59:49.0757 4736 NdisTapi - ok
12:59:49.0781 4736 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:59:49.0781 4736 Ndisuio - ok
12:59:49.0810 4736 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:59:49.0811 4736 NdisWan - ok
12:59:49.0824 4736 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:59:49.0824 4736 NDProxy - ok
12:59:49.0838 4736 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:59:49.0839 4736 NetBIOS - ok
12:59:49.0889 4736 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:59:49.0891 4736 NetBT - ok
12:59:49.0903 4736 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:59:49.0905 4736 Netlogon - ok
12:59:49.0926 4736 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:59:49.0930 4736 Netman - ok
12:59:49.0947 4736 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:59:49.0951 4736 netprofm - ok
12:59:50.0006 4736 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:59:50.0008 4736 NetTcpPortSharing - ok
12:59:50.0030 4736 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:59:50.0031 4736 nfrd960 - ok
12:59:50.0063 4736 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:59:50.0066 4736 NlaSvc - ok
12:59:50.0074 4736 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:59:50.0075 4736 Npfs - ok
12:59:50.0097 4736 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:59:50.0099 4736 nsi - ok
12:59:50.0116 4736 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:59:50.0116 4736 nsiproxy - ok
12:59:50.0165 4736 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:59:50.0176 4736 Ntfs - ok
12:59:50.0191 4736 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:59:50.0192 4736 Null - ok
12:59:50.0219 4736 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:59:50.0220 4736 nvraid - ok
12:59:50.0254 4736 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:59:50.0255 4736 nvstor - ok
12:59:50.0271 4736 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:59:50.0272 4736 nv_agp - ok
12:59:50.0325 4736 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:59:50.0328 4736 odserv - ok
12:59:50.0357 4736 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:59:50.0358 4736 ohci1394 - ok
12:59:50.0389 4736 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:59:50.0391 4736 ose - ok
12:59:50.0411 4736 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:59:50.0414 4736 p2pimsvc - ok
12:59:50.0437 4736 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:59:50.0440 4736 p2psvc - ok
12:59:50.0457 4736 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:59:50.0458 4736 Parport - ok
12:59:50.0477 4736 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:59:50.0478 4736 partmgr - ok
12:59:50.0493 4736 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:59:50.0495 4736 PcaSvc - ok
12:59:50.0515 4736 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:59:50.0516 4736 pci - ok
12:59:50.0547 4736 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:59:50.0547 4736 pciide - ok
12:59:50.0560 4736 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:59:50.0561 4736 pcmcia - ok
12:59:50.0571 4736 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:59:50.0572 4736 pcw - ok
12:59:50.0603 4736 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:59:50.0608 4736 PEAUTH - ok
12:59:50.0646 4736 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
12:59:50.0656 4736 PeerDistSvc - ok
12:59:50.0691 4736 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:59:50.0692 4736 PerfHost - ok
12:59:50.0752 4736 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:59:50.0762 4736 pla - ok
12:59:50.0790 4736 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:59:50.0794 4736 PlugPlay - ok
12:59:50.0822 4736 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:59:50.0823 4736 PNRPAutoReg - ok
12:59:50.0855 4736 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:59:50.0858 4736 PNRPsvc - ok
12:59:50.0882 4736 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:59:50.0886 4736 PolicyAgent - ok
12:59:50.0927 4736 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:59:50.0930 4736 Power - ok
12:59:50.0976 4736 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:59:50.0977 4736 PptpMiniport - ok
12:59:50.0992 4736 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:59:50.0993 4736 Processor - ok
12:59:51.0017 4736 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:59:51.0019 4736 ProfSvc - ok
12:59:51.0031 4736 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:59:51.0033 4736 ProtectedStorage - ok
12:59:51.0061 4736 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:59:51.0062 4736 Psched - ok
12:59:51.0093 4736 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:59:51.0103 4736 ql2300 - ok
12:59:51.0144 4736 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:59:51.0144 4736 ql40xx - ok
12:59:51.0172 4736 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:59:51.0174 4736 QWAVE - ok
12:59:51.0186 4736 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:59:51.0186 4736 QWAVEdrv - ok
12:59:51.0195 4736 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:59:51.0319 4736 RasAcd - ok
12:59:51.0496 4736 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:59:51.0602 4736 RasAgileVpn - ok
12:59:51.0635 4736 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:59:51.0637 4736 RasAuto - ok
12:59:51.0660 4736 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:59:51.0661 4736 Rasl2tp - ok
12:59:51.0683 4736 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:59:51.0686 4736 RasMan - ok
12:59:51.0703 4736 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:59:51.0704 4736 RasPppoe - ok
12:59:51.0728 4736 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:59:51.0729 4736 RasSstp - ok
12:59:51.0755 4736 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:59:51.0757 4736 rdbss - ok
12:59:51.0779 4736 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:59:51.0780 4736 rdpbus - ok
12:59:51.0794 4736 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:59:51.0794 4736 RDPCDD - ok
12:59:51.0821 4736 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:59:51.0822 4736 RDPDR - ok
12:59:51.0832 4736 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:59:51.0832 4736 RDPENCDD - ok
12:59:51.0847 4736 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:59:51.0847 4736 RDPREFMP - ok
12:59:51.0895 4736 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
12:59:51.0896 4736 RdpVideoMiniport - ok
12:59:51.0916 4736 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:59:51.0917 4736 RDPWD - ok
12:59:51.0946 4736 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:59:51.0948 4736 rdyboost - ok
12:59:51.0978 4736 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:59:51.0980 4736 RemoteAccess - ok
12:59:51.0999 4736 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:59:52.0001 4736 RemoteRegistry - ok
12:59:52.0014 4736 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:59:52.0015 4736 RpcEptMapper - ok
12:59:52.0032 4736 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:59:52.0033 4736 RpcLocator - ok
12:59:52.0068 4736 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:59:52.0073 4736 RpcSs - ok
12:59:52.0099 4736 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:59:52.0100 4736 rspndr - ok
12:59:52.0182 4736 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:59:52.0183 4736 s3cap - ok
12:59:52.0249 4736 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:59:52.0251 4736 SamSs - ok
12:59:52.0279 4736 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:59:52.0280 4736 sbp2port - ok
12:59:52.0314 4736 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:59:52.0317 4736 SCardSvr - ok
12:59:52.0361 4736 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:59:52.0362 4736 scfilter - ok
12:59:52.0388 4736 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:59:52.0397 4736 Schedule - ok
12:59:52.0423 4736 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:59:52.0423 4736 SCPolicySvc - ok
12:59:52.0445 4736 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:59:52.0447 4736 SDRSVC - ok
12:59:52.0475 4736 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:59:52.0476 4736 secdrv - ok
12:59:52.0498 4736 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:59:52.0499 4736 seclogon - ok
12:59:52.0512 4736 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:59:52.0514 4736 SENS - ok
12:59:52.0526 4736 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:59:52.0527 4736 SensrSvc - ok
12:59:52.0538 4736 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:59:52.0538 4736 Serenum - ok
12:59:52.0576 4736 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:59:52.0577 4736 Serial - ok
12:59:52.0599 4736 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:59:52.0599 4736 sermouse - ok
12:59:52.0630 4736 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:59:52.0632 4736 SessionEnv - ok
12:59:52.0649 4736 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:59:52.0650 4736 sffdisk - ok
12:59:52.0668 4736 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:59:52.0669 4736 sffp_mmc - ok
12:59:52.0675 4736 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:59:52.0675 4736 sffp_sd - ok
12:59:52.0690 4736 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:59:52.0690 4736 sfloppy - ok
12:59:52.0728 4736 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:59:52.0732 4736 SharedAccess - ok
12:59:52.0766 4736 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:59:52.0770 4736 ShellHWDetection - ok
12:59:52.0806 4736 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:59:52.0806 4736 SiSRaid2 - ok
12:59:52.0820 4736 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:59:52.0821 4736 SiSRaid4 - ok
12:59:52.0838 4736 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:59:52.0839 4736 Smb - ok
12:59:52.0925 4736 SmcService (13ffb1d55c2710abc3119474a83c0a44) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
12:59:52.0946 4736 SmcService - ok
12:59:52.0972 4736 SNAC (0bdef6dadb43601fdcb031b4b0383580) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
12:59:52.0974 4736 SNAC - ok
12:59:53.0010 4736 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:59:53.0012 4736 SNMPTRAP - ok
12:59:53.0071 4736 SplashtopRemoteService (ccf611a259882d8cf4dbabae2341ee31) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
12:59:53.0075 4736 SplashtopRemoteService - ok
12:59:53.0093 4736 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:59:53.0093 4736 spldr - ok
12:59:53.0111 4736 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:59:53.0116 4736 Spooler - ok
12:59:53.0187 4736 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:59:53.0211 4736 sppsvc - ok
12:59:53.0224 4736 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:59:53.0225 4736 sppuinotify - ok
12:59:53.0252 4736 SRTSP (83834ebc0786ccf5ee64fbbb6a89cf3a) C:\Windows\system32\Drivers\SRTSP64.SYS
12:59:53.0254 4736 SRTSP - ok
12:59:53.0268 4736 SRTSPL (e47d5d68917e0d70e3730263d41cefa3) C:\Windows\system32\Drivers\SRTSPL64.SYS
12:59:53.0270 4736 SRTSPL - ok
12:59:53.0280 4736 SRTSPX (ea2051ff6a40c89eaa98c1769ad68597) C:\Windows\system32\Drivers\SRTSPX64.SYS
12:59:53.0280 4736 SRTSPX - ok
12:59:53.0305 4736 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:59:53.0309 4736 srv - ok
12:59:53.0333 4736 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:59:53.0336 4736 srv2 - ok
12:59:53.0347 4736 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:59:53.0348 4736 srvnet - ok
12:59:53.0360 4736 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:59:53.0363 4736 SSDPSRV - ok
12:59:53.0432 4736 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:59:53.0434 4736 SstpSvc - ok
12:59:53.0476 4736 SSUService (1cfa4a1f3c7bb4c8f299e00428eb8677) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
12:59:53.0478 4736 SSUService - ok
12:59:53.0506 4736 Steam Client Service - ok
12:59:53.0529 4736 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:59:53.0529 4736 stexstor - ok
12:59:53.0562 4736 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:59:53.0568 4736 stisvc - ok
12:59:53.0593 4736 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:59:53.0594 4736 storflt - ok
12:59:53.0613 4736 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:59:53.0613 4736 storvsc - ok
12:59:53.0635 4736 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:59:53.0635 4736 swenum - ok
12:59:53.0651 4736 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:59:53.0655 4736 swprv - ok
12:59:53.0699 4736 Symantec AntiVirus (4402cf4959a30cb6a008099aba8f22a9) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
12:59:53.0711 4736 Symantec AntiVirus - ok
12:59:53.0782 4736 SymEvent (d1f1a5e72e33d6be449f5f1f4a513dd1) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:59:53.0783 4736 SymEvent - ok
12:59:53.0789 4736 Synth3dVsc - ok
12:59:53.0838 4736 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:59:53.0851 4736 SysMain - ok
12:59:53.0871 4736 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:59:53.0873 4736 TabletInputService - ok
12:59:53.0900 4736 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:59:53.0904 4736 TapiSrv - ok
12:59:53.0923 4736 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:59:53.0925 4736 TBS - ok
12:59:53.0970 4736 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:59:53.0983 4736 Tcpip - ok
12:59:54.0027 4736 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:59:54.0039 4736 TCPIP6 - ok
12:59:54.0070 4736 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:59:54.0070 4736 tcpipreg - ok
12:59:54.0093 4736 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:59:54.0093 4736 TDPIPE - ok
12:59:54.0119 4736 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:59:54.0120 4736 TDTCP - ok
12:59:54.0140 4736 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:59:54.0141 4736 tdx - ok
12:59:54.0159 4736 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:59:54.0160 4736 TermDD - ok
12:59:54.0182 4736 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:59:54.0188 4736 TermService - ok
12:59:54.0205 4736 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:59:54.0207 4736 Themes - ok
12:59:54.0226 4736 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:59:54.0227 4736 THREADORDER - ok
12:59:54.0283 4736 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:59:54.0285 4736 TrkWks - ok
12:59:54.0315 4736 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:59:54.0317 4736 TrustedInstaller - ok
12:59:54.0342 4736 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:59:54.0343 4736 tssecsrv - ok
12:59:54.0364 4736 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:59:54.0365 4736 TsUsbFlt - ok
12:59:54.0371 4736 tsusbhub - ok
12:59:54.0405 4736 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:59:54.0406 4736 tunnel - ok
12:59:54.0427 4736 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:59:54.0428 4736 uagp35 - ok
12:59:54.0453 4736 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:59:54.0456 4736 udfs - ok
12:59:54.0470 4736 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:59:54.0472 4736 UI0Detect - ok
12:59:54.0486 4736 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:59:54.0487 4736 uliagpkx - ok
12:59:54.0506 4736 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:59:54.0507 4736 umbus - ok
12:59:54.0522 4736 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:59:54.0522 4736 UmPass - ok
12:59:54.0549 4736 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
12:59:54.0552 4736 UmRdpService - ok
12:59:54.0612 4736 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:59:54.0616 4736 upnphost - ok
12:59:54.0668 4736 USADISK_AGENT - ok
12:59:54.0684 4736 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:59:54.0685 4736 usbccgp - ok
12:59:54.0711 4736 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:59:54.0712 4736 usbcir - ok
12:59:54.0722 4736 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:59:54.0723 4736 usbehci - ok
12:59:54.0741 4736 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:59:54.0744 4736 usbhub - ok
12:59:54.0755 4736 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:59:54.0756 4736 usbohci - ok
12:59:54.0768 4736 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:59:54.0769 4736 usbprint - ok
12:59:54.0778 4736 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:59:54.0779 4736 USBSTOR - ok
12:59:54.0802 4736 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
12:59:54.0803 4736 usbuhci - ok
12:59:54.0812 4736 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:59:54.0814 4736 UxSms - ok
12:59:54.0829 4736 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:59:54.0830 4736 VaultSvc - ok
12:59:54.0883 4736 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:59:54.0884 4736 vdrvroot - ok
12:59:54.0916 4736 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:59:54.0921 4736 vds - ok
12:59:54.0941 4736 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:59:54.0942 4736 vga - ok
12:59:54.0953 4736 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:59:54.0953 4736 VgaSave - ok
12:59:54.0960 4736 VGPU - ok
12:59:54.0986 4736 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:59:54.0988 4736 vhdmp - ok
12:59:54.0999 4736 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:59:54.0999 4736 viaide - ok
12:59:55.0014 4736 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:59:55.0016 4736 vmbus - ok
12:59:55.0029 4736 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:59:55.0030 4736 VMBusHID - ok
12:59:55.0040 4736 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:59:55.0041 4736 volmgr - ok
12:59:55.0068 4736 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:59:55.0071 4736 volmgrx - ok
12:59:55.0085 4736 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:59:55.0087 4736 volsnap - ok
12:59:55.0100 4736 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:59:55.0101 4736 vsmraid - ok
12:59:55.0148 4736 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:59:55.0160 4736 VSS - ok
12:59:55.0171 4736 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:59:55.0172 4736 vwifibus - ok
12:59:55.0234 4736 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:59:55.0235 4736 vwififlt - ok
12:59:55.0253 4736 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:59:55.0257 4736 W32Time - ok
12:59:55.0272 4736 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:59:55.0273 4736 WacomPen - ok
12:59:55.0298 4736 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:59:55.0299 4736 WANARP - ok
12:59:55.0303 4736 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:59:55.0304 4736 Wanarpv6 - ok
12:59:55.0346 4736 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:59:55.0355 4736 WatAdminSvc - ok
12:59:55.0401 4736 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:59:55.0412 4736 wbengine - ok
12:59:55.0431 4736 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:59:55.0434 4736 WbioSrvc - ok
12:59:55.0456 4736 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:59:55.0460 4736 wcncsvc - ok
12:59:55.0471 4736 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:59:55.0473 4736 WcsPlugInService - ok
12:59:55.0485 4736 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:59:55.0485 4736 Wd - ok
12:59:55.0508 4736 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:59:55.0513 4736 Wdf01000 - ok
12:59:55.0534 4736 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:59:55.0536 4736 WdiServiceHost - ok
12:59:55.0539 4736 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:59:55.0542 4736 WdiSystemHost - ok
12:59:55.0570 4736 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:59:55.0573 4736 WebClient - ok
12:59:55.0640 4736 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:59:55.0643 4736 Wecsvc - ok
12:59:55.0656 4736 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:59:55.0658 4736 wercplsupport - ok
12:59:55.0675 4736 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:59:55.0677 4736 WerSvc - ok
12:59:55.0696 4736 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:59:55.0697 4736 WfpLwf - ok
12:59:55.0707 4736 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:59:55.0707 4736 WIMMount - ok
12:59:55.0759 4736 WinDefend - ok
12:59:55.0764 4736 WinHttpAutoProxySvc - ok
12:59:55.0799 4736 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:59:55.0801 4736 Winmgmt - ok
12:59:55.0859 4736 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Users\Kim\Documents\RealTemp_340\WinRing0x64.sys
12:59:55.0859 4736 WinRing0_1_2_0 - ok
12:59:55.0938 4736 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:59:55.0952 4736 WinRM - ok
12:59:55.0994 4736 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:59:55.0995 4736 WinUsb - ok
12:59:56.0027 4736 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:59:56.0034 4736 Wlansvc - ok
12:59:56.0119 4736 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:59:56.0135 4736 wlidsvc - ok
12:59:56.0150 4736 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:59:56.0150 4736 WmiAcpi - ok
12:59:56.0176 4736 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:59:56.0177 4736 wmiApSrv - ok
12:59:56.0183 4736 WMPNetworkSvc - ok
12:59:56.0197 4736 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:59:56.0199 4736 WPCSvc - ok
12:59:56.0218 4736 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:59:56.0221 4736 WPDBusEnum - ok
12:59:56.0240 4736 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:59:56.0241 4736 ws2ifsl - ok
12:59:56.0265 4736 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:59:56.0267 4736 wscsvc - ok
12:59:56.0272 4736 WSearch - ok
12:59:56.0336 4736 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:59:56.0353 4736 wuauserv - ok
12:59:56.0422 4736 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:59:56.0423 4736 WudfPf - ok
12:59:56.0450 4736 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:59:56.0452 4736 WUDFRd - ok
12:59:56.0472 4736 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:59:56.0474 4736 wudfsvc - ok
12:59:56.0551 4736 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:59:56.0554 4736 WwanSvc - ok
12:59:56.0643 4736 yukonw7 (e1fa6275b7e42cd4ee815f0a6cbc8ae4) C:\Windows\system32\DRIVERS\yk62x64.sys
12:59:56.0645 4736 yukonw7 - ok
12:59:56.0653 4736 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:59:56.0679 4736 \Device\Harddisk0\DR0 - ok
12:59:56.0681 4736 Boot (0x1200) (d11ff05d6ceed8d522a93d547af700a8) \Device\Harddisk0\DR0\Partition0
12:59:56.0682 4736 \Device\Harddisk0\DR0\Partition0 - ok
12:59:56.0693 4736 Boot (0x1200) (55cef69b4b285b5bead7123f4f224044) \Device\Harddisk0\DR0\Partition1
12:59:56.0694 4736 \Device\Harddisk0\DR0\Partition1 - ok
12:59:56.0694 4736 ============================================================
12:59:56.0694 4736 Scan finished
12:59:56.0694 4736 ============================================================
12:59:56.0700 5104 Detected object count: 0
12:59:56.0700 5104 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-22 13:00:46
-----------------------------
13:00:46.831 OS Version: Windows x64 6.1.7601 Service Pack 1
13:00:46.831 Number of processors: 4 586 0x1A05
13:00:46.831 ComputerName: KIM-PC UserName: Kim
13:00:47.216 Initialize success
13:06:04.752 AVAST engine defs: 12042200
13:06:49.018 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:06:49.020 Disk 0 Vendor: WDC_WD1500HLFS-01G6U1 04.04V02 Size: 143089MB BusType: 3
13:06:49.027 Disk 0 MBR read successfully
13:06:49.030 Disk 0 MBR scan
13:06:49.034 Disk 0 Windows 7 default MBR code
13:06:49.041 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:06:49.050 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 142987 MB offset 206848
13:06:49.065 Disk 0 scanning C:\Windows\system32\drivers
13:06:55.476 Service scanning
13:07:11.057 Modules scanning
13:07:11.057 Disk 0 trace - called modules:
13:07:11.066 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:07:11.066 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006587060]
13:07:11.066 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80062c0520]
13:07:11.066 5 ACPI.sys[fffff88000fa67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80062c6060]
13:07:11.892 AVAST engine scan C:\Windows
13:07:14.276 AVAST engine scan C:\Windows\system32
13:09:47.568 AVAST engine scan C:\Windows\system32\drivers
13:09:57.061 AVAST engine scan C:\Users\Kim
13:11:11.542 AVAST engine scan C:\ProgramData
13:12:52.873 Disk 0 MBR has been saved successfully to "C:\Users\Kim\Desktop\MBR.dat"
13:12:52.878 The log file has been saved successfully to "C:\Users\Kim\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 PM

Posted 22 April 2012 - 01:02 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 harkim

harkim
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 23 April 2012 - 04:31 PM

ComboFix 12-04-18.02 - Kim 04/23/2012 17:25:20.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.5232 [GMT -4:00]
Running from: c:\users\Kim\Desktop\ComboFix.exe
Command switches used :: c:\users\Kim\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))
.
.
2012-04-23 21:26 . 2012-04-23 21:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-23 21:26 . 2012-04-23 21:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-12 00:59 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 00:59 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 00:59 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 23:15 . 2012-04-11 23:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-11 21:51 . 2012-04-11 21:51 -------- d-----w- c:\windows\Sun
2012-04-11 21:21 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 21:21 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 21:21 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 21:21 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 21:21 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 21:21 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 21:21 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 20:59 . 2012-04-15 15:46 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 11:40 . 2012-04-15 15:46 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 15:46 . 2011-05-19 00:03 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2012-01-30 23:59 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 06:38 . 2012-03-13 19:34 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-13 19:34 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 19:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 19:34 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 19:34 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-11 09:09 . 2010-08-12 20:22 173616 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-02-10 06:36 . 2012-03-13 19:34 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 19:34 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-08 01:00 . 2012-02-08 01:00 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-13 19:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-13 19:34 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 19:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 19:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-19_02.53.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-12 19:28 . 2012-04-19 02:59 29252 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-22 18:03 28208 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-12 19:28 . 2012-04-22 18:03 13854 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1137087292-1510986219-3983787527-1000_UserData.bin
+ 2010-08-12 18:20 . 2012-04-22 18:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-12 18:20 . 2012-04-15 15:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-09 01:05 . 2012-04-15 15:46 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-09 01:05 . 2012-04-22 18:09 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-22 18:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-15 15:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-14 06:09 . 2012-04-19 02:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-14 06:09 . 2012-04-23 21:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-14 06:09 . 2012-04-19 02:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-14 06:09 . 2012-04-23 21:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-19 02:52 . 2012-04-19 02:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-23 21:27 . 2012-04-23 21:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-23 21:27 . 2012-04-23 21:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-19 02:52 . 2012-04-19 02:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-04-23 21:27 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-19 02:52 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-23 21:27 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-19 02:52 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-16 19:14 . 2012-04-23 21:03 251006 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2010-08-12 20:39 . 2012-04-15 16:04 407890 c:\windows\system32\perfh012.dat
+ 2010-08-12 20:39 . 2012-04-22 18:07 407890 c:\windows\system32\perfh012.dat
- 2009-07-14 02:36 . 2012-04-15 16:04 624162 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-22 18:07 624162 c:\windows\system32\perfh009.dat
+ 2010-08-12 20:39 . 2012-04-22 18:07 104826 c:\windows\system32\perfc012.dat
- 2010-08-12 20:39 . 2012-04-15 16:04 104826 c:\windows\system32\perfc012.dat
- 2009-07-14 02:36 . 2012-04-15 16:04 106538 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-22 18:07 106538 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-19 02:48 390396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-23 21:26 390396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-04-23 21:27 3948544 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-19 02:52 3948544 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-12 23:26 . 2012-04-23 21:26 45656467 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1137087292-1510986219-3983787527-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2011-01-03 115560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Kim\Documents\RealTemp_340\WinRing0x64.sys [2010-08-19 14544]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [2007-02-07 566768]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-09 531328]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 USADISK_AGENT;USADISK UPDATE SERVICE;c:\program files (x86)\USADISK\WEBHARD_Agent.exe [2011-06-13 155856]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-15 138360]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 15:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\dzzzm5kh.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
.
**************************************************************************
.
Completion time: 2012-04-23 17:30:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-23 21:30
ComboFix2.txt 2012-04-19 02:56
.
Pre-Run: 73,801,211,904 bytes free
Post-Run: 73,695,907,840 bytes free
.
- - End Of File - - 9CFB60FFC27D7127D8DBC601DD3AC133


Thanks again, no problems so far and computer seems to be okay.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 PM

Posted 23 April 2012 - 09:10 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 30 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 PM

Posted 26 April 2012 - 01:03 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 harkim

harkim
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 26 April 2012 - 06:42 AM

Hello Gringo,
May I have more time please.
Thank you

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 PM

Posted 26 April 2012 - 07:13 AM

Yes of course - I will check on toy in a couple more days



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users