Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Trojan


  • Please log in to reply
11 replies to this topic

#1 Sandalman3000

Sandalman3000

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 01 June 2012 - 09:34 PM

I keep getting the message winrscmde has stopped working. I downloaded MalwareBytes Anti-Malware afterwards to reveal there is a Trojan. No matter how many times I quarantine or remove it it is still there.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:37 AM

Posted 01 June 2012 - 10:25 PM

Hello, I have moved you to the Am I Infected forum as this section has log requirements.

Lets look at these logs.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.





Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

>>>>

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


>>>>

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Sandalman3000

Sandalman3000
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 06 June 2012 - 01:39 PM

MiniToolBox by Farbar Version: 04-06-2012
Ran by Nostradamus (administrator) on 05-06-2012 at 20:58:20
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Nostradamus-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.ma.comcast.net.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.ma.comcast.net.
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-26-18-53-E3-A8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::961:ac3:a3f7:ca76%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.198(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, June 05, 2012 8:43:50 PM
Lease Expires . . . . . . . . . . : Saturday, July 13, 2148 3:27:00 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 251667992
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-5A-39-56-00-26-18-53-E3-A8
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
0.0.0.0
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.hsd1.ma.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.ma.comcast.net.
Description . . . . . . . . . . . : isatap.hsd1.ma.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.226.197
74.125.226.199
74.125.226.196
74.125.226.192
74.125.226.200
74.125.226.198
74.125.226.201
74.125.226.194
74.125.226.206
74.125.226.193
74.125.226.195



Pinging google.com [74.125.226.194] with 32 bytes of data:

Reply from 74.125.226.194: bytes=32 time=106ms TTL=54

Reply from 74.125.226.194: bytes=32 time=69ms TTL=54



Ping statistics for 74.125.226.194:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 69ms, Maximum = 106ms, Average = 87ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=115ms TTL=51

Reply from 209.191.122.70: bytes=32 time=124ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 115ms, Maximum = 124ms, Average = 119ms



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

===========================================================================
Interface List
10 ...00 26 18 53 e3 a8 ...... NVIDIA nForce Networking Controller
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.hsd1.ma.comcast.net.
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
13 ...00 00 00 00 00 00 00 e0 isatap.hsd1.ma.comcast.net.
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.198 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.198 276
192.168.0.198 255.255.255.255 On-link 192.168.0.198 276
192.168.0.255 255.255.255.255 On-link 192.168.0.198 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.198 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.198 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::961:ac3:a3f7:ca76/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/05/2012 08:59:29 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4f6b8aea, faulting module svchost.exe, version 6.0.6002.18111, time stamp 0x4f6b8aea, exception code 0xc0000005, fault offset 0x00001e98,
process id 0x1368, application start time 0xsvchost.exe0.

Error: (06/05/2012 08:59:16 PM) (Source: Application Error) (User: )
Description: Faulting application PING.EXE, version 6.0.6001.18000, time stamp 0x47919130, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x74e5a57d,
process id 0x4f0, application start time 0xPING.EXE0.

Error: (06/05/2012 08:59:13 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4f6b8aea, faulting module svchost.exe, version 6.0.6002.18111, time stamp 0x4f6b8aea, exception code 0xc0000005, fault offset 0x00001e98,
process id 0xf08, application start time 0xsvchost.exe0.

Error: (06/05/2012 08:58:55 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x74e5a57d,
process id 0x358, application start time 0xnslookup.exe0.

Error: (06/05/2012 08:58:55 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4f6b8aea, faulting module svchost.exe, version 6.0.6002.18111, time stamp 0x4f6b8aea, exception code 0xc0000005, fault offset 0x00001e98,
process id 0x1120, application start time 0xsvchost.exe0.

Error: (06/05/2012 08:58:40 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4f6b8aea, faulting module svchost.exe, version 6.0.6002.18111, time stamp 0x4f6b8aea, exception code 0xc0000005, fault offset 0x00001e98,
process id 0x11ec, application start time 0xsvchost.exe0.

Error: (06/05/2012 08:58:22 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4f6b8aea, faulting module svchost.exe, version 6.0.6002.18111, time stamp 0x4f6b8aea, exception code 0xc0000005, fault offset 0x00001e98,
process id 0x123c, application start time 0xsvchost.exe0.

Error: (06/05/2012 08:58:06 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4f6b8aea, faulting module svchost.exe, version 6.0.6002.18111, time stamp 0x4f6b8aea, exception code 0xc0000005, fault offset 0x00001e98,
process id 0xcac, application start time 0xsvchost.exe0.

Error: (06/05/2012 08:57:53 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4f6b8aea, faulting module svchost.exe, version 6.0.6002.18111, time stamp 0x4f6b8aea, exception code 0xc0000005, fault offset 0x00001e98,
process id 0x13e8, application start time 0xsvchost.exe0.

Error: (06/05/2012 08:57:33 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 0.0.0.0, time stamp 0x4f6b8aea, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x74e5a57d,
process id 0x10f8, application start time 0xsvchost.exe0.


System errors:
=============
Error: (06/05/2012 08:56:17 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (06/05/2012 08:51:30 PM) (Source: Service Control Manager) (User: )
Description: KtmRm for Distributed Transaction Coordinator

Error: (06/05/2012 08:49:04 PM) (Source: Service Control Manager) (User: )
Description: Windows Font Cache Service

Error: (06/05/2012 08:44:13 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (06/05/2012 08:40:22 PM) (Source: Service Control Manager) (User: )
Description: 30000N360

Error: (06/05/2012 08:31:30 PM) (Source: DCOM) (User: )
Description: {7EF1B4E4-6BC9-4D97-B16D-0F1699CCB4A9}

Error: (06/05/2012 07:18:30 AM) (Source: Print) (User: SYSTEM)
Description: Document Untitled - Notepad failed to print and was deleted because of corruption in the spooled file. The associated driver is: EPSON Artisan 810 Series. Try printing the document again.

Error: (06/05/2012 07:17:20 AM) (Source: Service Control Manager) (User: )
Description: Print Spooler2600001Restart the service

Error: (06/05/2012 07:16:01 AM) (Source: Service Control Manager) (User: )
Description: Print Spooler1600001Restart the service

Error: (06/04/2012 02:14:16 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer JLONG
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{642B93AB-B4EA-4195-8E6C-50C5CCE1A973}.
The master browser is stopping or an election is being forced.


Microsoft Office Sessions:
=========================
Error: (06/05/2012 08:59:29 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6002.181114f6b8aeasvchost.exe6.0.6002.181114f6b8aeac000000500001e98136801cd437f9e6002ec

Error: (06/05/2012 08:59:16 PM) (Source: Application Error)(User: )
Description: PING.EXE6.0.6001.1800047919130unknown0.0.0.000000000c000000574e5a57d4f001cd437f9889236c

Error: (06/05/2012 08:59:13 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6002.181114f6b8aeasvchost.exe6.0.6002.181114f6b8aeac000000500001e98f0801cd437f938ae10c

Error: (06/05/2012 08:58:55 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63unknown0.0.0.000000000c000000574e5a57d35801cd437f8b41f7ec

Error: (06/05/2012 08:58:55 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6002.181114f6b8aeasvchost.exe6.0.6002.181114f6b8aeac000000500001e98112001cd437f8ad6da0c

Error: (06/05/2012 08:58:40 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6002.181114f6b8aeasvchost.exe6.0.6002.181114f6b8aeac000000500001e9811ec01cd437f82f1eaac

Error: (06/05/2012 08:58:22 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6002.181114f6b8aeasvchost.exe6.0.6002.181114f6b8aeac000000500001e98123c01cd437f7637093c

Error: (06/05/2012 08:58:06 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6002.181114f6b8aeasvchost.exe6.0.6002.181114f6b8aeac000000500001e98cac01cd437f6e7be8fc

Error: (06/05/2012 08:57:53 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6002.181114f6b8aeasvchost.exe6.0.6002.181114f6b8aeac000000500001e9813e801cd437f62f9972c

Error: (06/05/2012 08:57:33 PM) (Source: Application Error)(User: )
Description: svchost.exe0.0.0.04f6b8aeaunknown0.0.0.000000000c000000574e5a57d10f801cd437f5a62cc8c


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.235)
Apple Mobile Device Support (Version: 5.1.1.4)
Ask Toolbar Updater (Version: 1.2.1.22229)
Battlefield Heroes (Nostradamus)
Blender (Version: 2.62-release)
Bonjour (Version: 3.0.0.10)
EPSON Artisan 810 Series Printer Uninstall
HyperCam 2 (64 bit)
Interlok driver setup x64 (Version: 5.8.10)
iTunes (Version: 10.6.1.7)
Java™ 6 Update 29 (64-bit) (Version: 6.0.290)
M-Audio KeyStudio49i Driver 6.0.1 (x64) (Version: 6.0.1)
M-Audio Micro Driver 2.0.1 (x64) (Version: 2.0.1)
M-Audio Producer Driver 2.0.1 (x64) (Version: 2.0.1)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
MobileMe Control Panel (Version: 2.6.0.29)
NVIDIA 3D Vision Controller Driver 296.10 (Version: 296.10)
NVIDIA 3D Vision Driver 296.10 (Version: 296.10)
NVIDIA Control Panel 296.10 (Version: 296.10)
NVIDIA Display Control Panel (Version: 6.14.12.5721)
NVIDIA Graphics Driver 296.10 (Version: 296.10)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
Paint.NET v3.5.10 (Version: 3.60.0)
Sid Meier's Civilization 4 (Version: 1.74)
Spotify (Version: 0.8.2.610.g090a06f8)
Unity Web Player (Version: )
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR archiver
World of Warcraft Trial

========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 4094.38 MB
Available physical RAM: 1958.64 MB
Total Pagefile: 8387.3 MB
Available Pagefile: 6243.29 MB
Total Virtual: 4095.88 MB
Available Virtual: 3994.13 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.51 GB) (Free:479.62 GB) NTFS
3 Drive e: (Sims3EP05) (CDROM) (Total:5.3 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\NOSTRADAMUS-PC

7BA648898F3D4A8C9ED7 Administrator Guest
Nostradamus UpdatusUser


**** End of log ****

#4 Sandalman3000

Sandalman3000
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 06 June 2012 - 01:40 PM

This gave me two detections. One was skip my default and the other was cure by default. It rebooted the computer. Don't notice the winrscmde anymore.

21:07:19.0607 4320 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
21:07:20.0217 4320 ============================================================
21:07:20.0217 4320 Current date / time: 2012/06/05 21:07:20.0217
21:07:20.0217 4320 SystemInfo:
21:07:20.0217 4320
21:07:20.0217 4320 OS Version: 6.0.6002 ServicePack: 2.0
21:07:20.0217 4320 Product type: Workstation
21:07:20.0217 4320 ComputerName: NOSTRADAMUS-PC
21:07:20.0218 4320 UserName: Nostradamus
21:07:20.0218 4320 Windows directory: C:\Windows
21:07:20.0218 4320 System windows directory: C:\Windows
21:07:20.0218 4320 Running under WOW64
21:07:20.0218 4320 Processor architecture: Intel x64
21:07:20.0218 4320 Number of processors: 4
21:07:20.0218 4320 Page size: 0x1000
21:07:20.0218 4320 Boot type: Normal boot
21:07:20.0218 4320 ============================================================
21:07:21.0294 4320 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:07:21.0299 4320 ============================================================
21:07:21.0299 4320 \Device\Harddisk0\DR0:
21:07:21.0306 4320 MBR partitions:
21:07:21.0307 4320 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
21:07:21.0307 4320 ============================================================
21:07:21.0472 4320 C: <-> \Device\Harddisk0\DR0\Partition0
21:07:21.0472 4320 ============================================================
21:07:21.0472 4320 Initialize success
21:07:21.0472 4320 ============================================================
21:07:35.0557 4976 ============================================================
21:07:35.0557 4976 Scan started
21:07:35.0557 4976 Mode: Manual; TDLFS;
21:07:35.0557 4976 ============================================================
21:07:36.0823 4976 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:07:36.0825 4976 ACDaemon - ok
21:07:36.0911 4976 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
21:07:36.0915 4976 ACPI - ok
21:07:36.0994 4976 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:07:36.0998 4976 AdobeFlashPlayerUpdateSvc - ok
21:07:37.0034 4976 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
21:07:37.0049 4976 adp94xx - ok
21:07:37.0121 4976 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
21:07:37.0127 4976 adpahci - ok
21:07:37.0269 4976 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
21:07:37.0296 4976 adpu160m - ok
21:07:37.0483 4976 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
21:07:37.0529 4976 adpu320 - ok
21:07:37.0556 4976 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
21:07:37.0558 4976 AeLookupSvc - ok
21:07:37.0598 4976 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
21:07:37.0608 4976 AFD - ok
21:07:37.0642 4976 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
21:07:37.0644 4976 agp440 - ok
21:07:37.0663 4976 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
21:07:37.0665 4976 aic78xx - ok
21:07:37.0688 4976 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
21:07:37.0691 4976 ALG - ok
21:07:37.0713 4976 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
21:07:37.0715 4976 aliide - ok
21:07:37.0727 4976 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
21:07:37.0730 4976 amdide - ok
21:07:37.0753 4976 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
21:07:37.0756 4976 AmdK8 - ok
21:07:37.0788 4976 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
21:07:37.0790 4976 Appinfo - ok
21:07:37.0847 4976 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:07:37.0848 4976 Apple Mobile Device - ok
21:07:37.0876 4976 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
21:07:37.0878 4976 arc - ok
21:07:37.0918 4976 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
21:07:37.0920 4976 arcsas - ok
21:07:38.0005 4976 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:07:38.0008 4976 aspnet_state - ok
21:07:38.0036 4976 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
21:07:38.0037 4976 AsyncMac - ok
21:07:38.0059 4976 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
21:07:38.0061 4976 atapi - ok
21:07:38.0107 4976 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
21:07:38.0115 4976 AudioEndpointBuilder - ok
21:07:38.0120 4976 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
21:07:38.0122 4976 AudioSrv - ok
21:07:38.0190 4976 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:07:38.0193 4976 BBSvc - ok
21:07:38.0226 4976 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
21:07:38.0232 4976 BFE - ok
21:07:38.0478 4976 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120531.001\BHDrvx64.sys
21:07:38.0498 4976 BHDrvx64 - ok
21:07:38.0653 4976 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
21:07:38.0692 4976 BITS - ok
21:07:38.0730 4976 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
21:07:38.0732 4976 blbdrive - ok
21:07:38.0774 4976 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:07:38.0780 4976 Bonjour Service - ok
21:07:38.0803 4976 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
21:07:38.0806 4976 bowser - ok
21:07:38.0825 4976 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
21:07:38.0826 4976 BrFiltLo - ok
21:07:38.0838 4976 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
21:07:38.0840 4976 BrFiltUp - ok
21:07:38.0862 4976 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
21:07:38.0864 4976 Browser - ok
21:07:38.0894 4976 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
21:07:38.0896 4976 Brserid - ok
21:07:38.0907 4976 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
21:07:38.0909 4976 BrSerWdm - ok
21:07:38.0927 4976 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
21:07:38.0928 4976 BrUsbMdm - ok
21:07:38.0940 4976 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
21:07:38.0941 4976 BrUsbSer - ok
21:07:38.0951 4976 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
21:07:38.0953 4976 BTHMODEM - ok
21:07:38.0985 4976 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
21:07:38.0987 4976 cdfs - ok
21:07:39.0013 4976 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
21:07:39.0015 4976 cdrom - ok
21:07:39.0041 4976 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
21:07:39.0043 4976 CertPropSvc - ok
21:07:39.0052 4976 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
21:07:39.0055 4976 circlass - ok
21:07:39.0083 4976 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
21:07:39.0089 4976 CLFS - ok
21:07:39.0153 4976 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:07:39.0155 4976 clr_optimization_v2.0.50727_32 - ok
21:07:39.0186 4976 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:07:39.0189 4976 clr_optimization_v2.0.50727_64 - ok
21:07:39.0250 4976 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:07:39.0253 4976 clr_optimization_v4.0.30319_32 - ok
21:07:39.0284 4976 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:07:39.0335 4976 clr_optimization_v4.0.30319_64 - ok
21:07:39.0345 4976 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
21:07:39.0347 4976 cmdide - ok
21:07:39.0357 4976 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
21:07:39.0359 4976 Compbatt - ok
21:07:39.0362 4976 COMSysApp - ok
21:07:39.0379 4976 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
21:07:39.0381 4976 crcdisk - ok
21:07:39.0416 4976 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
21:07:39.0418 4976 CryptSvc - ok
21:07:39.0486 4976 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
21:07:39.0511 4976 DcomLaunch - ok
21:07:39.0556 4976 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
21:07:39.0559 4976 DfsC - ok
21:07:39.0757 4976 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
21:07:39.0842 4976 DFSR - ok
21:07:39.0996 4976 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
21:07:40.0000 4976 Dhcp - ok
21:07:40.0029 4976 DigiRefresh - ok
21:07:40.0071 4976 digiSPTIService (bf8eed240108b8c4989cc4d5a88fd865) C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe
21:07:40.0093 4976 digiSPTIService - ok
21:07:40.0131 4976 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
21:07:40.0133 4976 disk - ok
21:07:40.0172 4976 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
21:07:40.0175 4976 Dnscache - ok
21:07:40.0187 4976 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
21:07:40.0191 4976 dot3svc - ok
21:07:40.0237 4976 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
21:07:40.0240 4976 DPS - ok
21:07:40.0272 4976 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
21:07:40.0278 4976 drmkaud - ok
21:07:40.0342 4976 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
21:07:40.0352 4976 DXGKrnl - ok
21:07:40.0447 4976 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
21:07:40.0451 4976 E1G60 - ok
21:07:40.0484 4976 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
21:07:40.0486 4976 EapHost - ok
21:07:40.0516 4976 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
21:07:40.0520 4976 Ecache - ok
21:07:40.0579 4976 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:07:40.0619 4976 eeCtrl - ok
21:07:40.0662 4976 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
21:07:40.0668 4976 ehRecvr - ok
21:07:40.0709 4976 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
21:07:40.0713 4976 ehSched - ok
21:07:40.0731 4976 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
21:07:40.0733 4976 ehstart - ok
21:07:40.0805 4976 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
21:07:40.0825 4976 elxstor - ok
21:07:40.0880 4976 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
21:07:40.0891 4976 EMDMgmt - ok
21:07:40.0939 4976 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
21:07:40.0941 4976 EpsonBidirectionalService - ok
21:07:40.0944 4976 EraserUtilDrvI9 - ok
21:07:40.0974 4976 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:07:40.0977 4976 EraserUtilRebootDrv - ok
21:07:40.0992 4976 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
21:07:40.0994 4976 ErrDev - ok
21:07:41.0026 4976 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
21:07:41.0033 4976 EventSystem - ok
21:07:41.0070 4976 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
21:07:41.0074 4976 exfat - ok
21:07:41.0106 4976 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
21:07:41.0110 4976 fastfat - ok
21:07:41.0174 4976 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
21:07:41.0178 4976 fdc - ok
21:07:41.0213 4976 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
21:07:41.0215 4976 fdPHost - ok
21:07:41.0224 4976 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
21:07:41.0226 4976 FDResPub - ok
21:07:41.0242 4976 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
21:07:41.0244 4976 FileInfo - ok
21:07:41.0260 4976 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
21:07:41.0262 4976 Filetrace - ok
21:07:41.0275 4976 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:07:41.0277 4976 flpydisk - ok
21:07:41.0304 4976 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
21:07:41.0308 4976 FltMgr - ok
21:07:41.0417 4976 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
21:07:41.0444 4976 FontCache - ok
21:07:41.0497 4976 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:07:41.0500 4976 FontCache3.0.0.0 - ok
21:07:41.0531 4976 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
21:07:41.0533 4976 Fs_Rec - ok
21:07:41.0555 4976 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
21:07:41.0557 4976 gagp30kx - ok
21:07:41.0582 4976 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:07:41.0591 4976 GEARAspiWDM - ok
21:07:41.0630 4976 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
21:07:41.0680 4976 gpsvc - ok
21:07:41.0739 4976 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:07:41.0740 4976 gupdate - ok
21:07:41.0756 4976 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:07:41.0758 4976 gupdatem - ok
21:07:41.0788 4976 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:07:41.0791 4976 gusvc - ok
21:07:41.0833 4976 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
21:07:41.0838 4976 HdAudAddService - ok
21:07:41.0899 4976 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:07:41.0910 4976 HDAudBus - ok
21:07:41.0934 4976 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
21:07:41.0936 4976 HidBth - ok
21:07:41.0945 4976 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
21:07:41.0946 4976 HidIr - ok
21:07:41.0961 4976 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
21:07:41.0963 4976 hidserv - ok
21:07:41.0972 4976 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
21:07:41.0974 4976 HidUsb - ok
21:07:41.0993 4976 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
21:07:41.0996 4976 hkmsvc - ok
21:07:42.0024 4976 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
21:07:42.0026 4976 HpCISSs - ok
21:07:42.0077 4976 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
21:07:42.0097 4976 HTTP - ok
21:07:42.0128 4976 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
21:07:42.0130 4976 i2omp - ok
21:07:42.0159 4976 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
21:07:42.0162 4976 i8042prt - ok
21:07:42.0192 4976 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
21:07:42.0197 4976 iaStorV - ok
21:07:42.0278 4976 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:07:42.0281 4976 IDriverT - ok
21:07:42.0387 4976 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:07:42.0417 4976 idsvc - ok
21:07:42.0667 4976 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120605.001\IDSvia64.sys
21:07:42.0683 4976 IDSVia64 - ok
21:07:42.0797 4976 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
21:07:42.0799 4976 iirsp - ok
21:07:42.0837 4976 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
21:07:42.0845 4976 IKEEXT - ok
21:07:42.0869 4976 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
21:07:42.0871 4976 intelide - ok
21:07:42.0885 4976 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
21:07:42.0887 4976 intelppm - ok
21:07:42.0913 4976 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
21:07:42.0916 4976 IPBusEnum - ok
21:07:42.0947 4976 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:07:42.0949 4976 IpFilterDriver - ok
21:07:42.0984 4976 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
21:07:42.0988 4976 iphlpsvc - ok
21:07:42.0991 4976 IpInIp - ok
21:07:43.0012 4976 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
21:07:43.0014 4976 IPMIDRV - ok
21:07:43.0027 4976 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
21:07:43.0030 4976 IPNAT - ok
21:07:43.0122 4976 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:07:43.0128 4976 iPod Service - ok
21:07:43.0144 4976 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
21:07:43.0146 4976 IRENUM - ok
21:07:43.0162 4976 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
21:07:43.0164 4976 isapnp - ok
21:07:43.0203 4976 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
21:07:43.0206 4976 iScsiPrt - ok
21:07:43.0228 4976 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
21:07:43.0230 4976 iteatapi - ok
21:07:43.0258 4976 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
21:07:43.0260 4976 iteraid - ok
21:07:43.0276 4976 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
21:07:43.0278 4976 kbdclass - ok
21:07:43.0303 4976 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
21:07:43.0305 4976 kbdhid - ok
21:07:43.0318 4976 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:07:43.0319 4976 KeyIso - ok
21:07:43.0362 4976 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
21:07:43.0420 4976 KSecDD - ok
21:07:43.0432 4976 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
21:07:43.0434 4976 ksthunk - ok
21:07:43.0478 4976 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
21:07:43.0488 4976 KtmRm - ok
21:07:43.0576 4976 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
21:07:43.0580 4976 LanmanServer - ok
21:07:43.0615 4976 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
21:07:43.0619 4976 LanmanWorkstation - ok
21:07:43.0636 4976 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
21:07:43.0639 4976 lltdio - ok
21:07:43.0671 4976 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
21:07:43.0677 4976 lltdsvc - ok
21:07:43.0687 4976 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
21:07:43.0689 4976 lmhosts - ok
21:07:43.0713 4976 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
21:07:43.0715 4976 LSI_FC - ok
21:07:43.0732 4976 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
21:07:43.0735 4976 LSI_SAS - ok
21:07:43.0766 4976 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
21:07:43.0768 4976 LSI_SCSI - ok
21:07:43.0808 4976 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
21:07:43.0811 4976 luafv - ok
21:07:43.0844 4976 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:07:43.0852 4976 MBAMProtector - ok
21:07:43.0943 4976 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:07:43.0950 4976 MBAMService - ok
21:07:44.0024 4976 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
21:07:44.0027 4976 McComponentHostService - ok
21:07:44.0049 4976 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
21:07:44.0052 4976 Mcx2Svc - ok
21:07:44.0066 4976 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
21:07:44.0068 4976 megasas - ok
21:07:44.0105 4976 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
21:07:44.0111 4976 MegaSR - ok
21:07:44.0133 4976 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
21:07:44.0135 4976 MMCSS - ok
21:07:44.0153 4976 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
21:07:44.0155 4976 Modem - ok
21:07:44.0193 4976 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
21:07:44.0194 4976 monitor - ok
21:07:44.0208 4976 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
21:07:44.0210 4976 mouclass - ok
21:07:44.0220 4976 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
21:07:44.0222 4976 mouhid - ok
21:07:44.0227 4976 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
21:07:44.0230 4976 MountMgr - ok
21:07:44.0289 4976 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:07:44.0292 4976 MozillaMaintenance - ok
21:07:44.0306 4976 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
21:07:44.0309 4976 mpio - ok
21:07:44.0341 4976 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
21:07:44.0344 4976 mpsdrv - ok
21:07:44.0390 4976 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
21:07:44.0428 4976 MpsSvc - ok
21:07:44.0457 4976 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
21:07:44.0459 4976 Mraid35x - ok
21:07:44.0494 4976 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
21:07:44.0497 4976 MRxDAV - ok
21:07:44.0523 4976 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:07:44.0526 4976 mrxsmb - ok
21:07:44.0554 4976 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:07:44.0560 4976 mrxsmb10 - ok
21:07:44.0566 4976 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:07:44.0569 4976 mrxsmb20 - ok
21:07:44.0617 4976 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
21:07:44.0619 4976 msahci - ok
21:07:44.0631 4976 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
21:07:44.0634 4976 msdsm - ok
21:07:44.0658 4976 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
21:07:44.0661 4976 MSDTC - ok
21:07:44.0679 4976 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
21:07:44.0681 4976 Msfs - ok
21:07:44.0709 4976 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
21:07:44.0711 4976 msisadrv - ok
21:07:44.0740 4976 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
21:07:44.0751 4976 MSiSCSI - ok
21:07:44.0754 4976 msiserver - ok
21:07:44.0771 4976 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
21:07:44.0773 4976 MSKSSRV - ok
21:07:44.0786 4976 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
21:07:44.0788 4976 MSPCLOCK - ok
21:07:44.0800 4976 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
21:07:44.0802 4976 MSPQM - ok
21:07:44.0845 4976 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
21:07:44.0850 4976 MsRPC - ok
21:07:44.0858 4976 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
21:07:44.0859 4976 mssmbios - ok
21:07:44.0868 4976 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
21:07:44.0870 4976 MSTEE - ok
21:07:44.0897 4976 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
21:07:44.0899 4976 MTsensor - ok
21:07:44.0913 4976 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
21:07:44.0915 4976 Mup - ok
21:07:45.0114 4976 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
21:07:45.0115 4976 N360 - ok
21:07:45.0193 4976 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
21:07:45.0203 4976 napagent - ok
21:07:45.0273 4976 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
21:07:45.0277 4976 NativeWifiP - ok
21:07:45.0393 4976 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120605.020\ENG64.SYS
21:07:45.0395 4976 NAVENG - ok
21:07:45.0518 4976 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120605.020\EX64.SYS
21:07:45.0587 4976 NAVEX15 - ok
21:07:45.0716 4976 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
21:07:45.0725 4976 NDIS - ok
21:07:45.0757 4976 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
21:07:45.0758 4976 NdisTapi - ok
21:07:45.0769 4976 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
21:07:45.0771 4976 Ndisuio - ok
21:07:45.0789 4976 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
21:07:45.0792 4976 NdisWan - ok
21:07:45.0806 4976 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
21:07:45.0809 4976 NDProxy - ok
21:07:45.0822 4976 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
21:07:45.0824 4976 NetBIOS - ok
21:07:45.0861 4976 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
21:07:45.0866 4976 netbt - ok
21:07:45.0881 4976 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:07:45.0882 4976 Netlogon - ok
21:07:45.0918 4976 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
21:07:45.0924 4976 Netman - ok
21:07:45.0991 4976 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:07:45.0995 4976 NetMsmqActivator - ok
21:07:45.0998 4976 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:07:45.0999 4976 NetPipeActivator - ok
21:07:46.0042 4976 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
21:07:46.0048 4976 netprofm - ok
21:07:46.0051 4976 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:07:46.0053 4976 NetTcpActivator - ok
21:07:46.0056 4976 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:07:46.0057 4976 NetTcpPortSharing - ok
21:07:46.0091 4976 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
21:07:46.0093 4976 nfrd960 - ok
21:07:46.0122 4976 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
21:07:46.0126 4976 NlaSvc - ok
21:07:46.0147 4976 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
21:07:46.0150 4976 Npfs - ok
21:07:46.0163 4976 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
21:07:46.0165 4976 nsi - ok
21:07:46.0171 4976 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
21:07:46.0173 4976 nsiproxy - ok
21:07:46.0290 4976 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
21:07:46.0357 4976 Ntfs - ok
21:07:46.0524 4976 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
21:07:46.0526 4976 Null - ok
21:07:46.0585 4976 NVENETFD (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys
21:07:46.0635 4976 NVENETFD - ok
21:07:47.0316 4976 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:07:47.0528 4976 nvlddmkm - ok
21:07:47.0776 4976 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
21:07:47.0780 4976 nvraid - ok
21:07:47.0794 4976 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
21:07:47.0795 4976 nvstor - ok
21:07:47.0862 4976 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
21:07:47.0873 4976 nvsvc - ok
21:07:48.0061 4976 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:07:48.0076 4976 nvUpdatusService - ok
21:07:48.0132 4976 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
21:07:48.0135 4976 nv_agp - ok
21:07:48.0137 4976 NwlnkFlt - ok
21:07:48.0141 4976 NwlnkFwd - ok
21:07:48.0158 4976 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
21:07:48.0160 4976 ohci1394 - ok
21:07:48.0224 4976 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:07:48.0271 4976 p2pimsvc - ok
21:07:48.0278 4976 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:07:48.0284 4976 p2psvc - ok
21:07:48.0313 4976 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
21:07:48.0316 4976 Parport - ok
21:07:48.0358 4976 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
21:07:48.0361 4976 partmgr - ok
21:07:48.0376 4976 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
21:07:48.0379 4976 PcaSvc - ok
21:07:48.0408 4976 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
21:07:48.0412 4976 pci - ok
21:07:48.0443 4976 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
21:07:48.0445 4976 pciide - ok
21:07:48.0465 4976 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
21:07:48.0470 4976 pcmcia - ok
21:07:48.0509 4976 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
21:07:48.0544 4976 PEAUTH - ok
21:07:48.0644 4976 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
21:07:48.0647 4976 PerfHost - ok
21:07:48.0748 4976 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
21:07:48.0788 4976 pla - ok
21:07:48.0841 4976 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
21:07:48.0847 4976 PlugPlay - ok
21:07:48.0849 4976 PnkBstrA - ok
21:07:48.0865 4976 PnkBstrB - ok
21:07:48.0903 4976 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:07:48.0908 4976 PNRPAutoReg - ok
21:07:48.0915 4976 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:07:48.0921 4976 PNRPsvc - ok
21:07:48.0975 4976 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
21:07:49.0068 4976 PolicyAgent - ok
21:07:49.0143 4976 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
21:07:49.0147 4976 PptpMiniport - ok
21:07:49.0155 4976 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
21:07:49.0156 4976 Processor - ok
21:07:49.0198 4976 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
21:07:49.0202 4976 ProfSvc - ok
21:07:49.0222 4976 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:07:49.0223 4976 ProtectedStorage - ok
21:07:49.0249 4976 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
21:07:49.0252 4976 PSched - ok
21:07:49.0322 4976 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
21:07:49.0358 4976 ql2300 - ok
21:07:49.0394 4976 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
21:07:49.0397 4976 ql40xx - ok
21:07:49.0432 4976 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
21:07:49.0438 4976 QWAVE - ok
21:07:49.0449 4976 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
21:07:49.0451 4976 QWAVEdrv - ok
21:07:49.0458 4976 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
21:07:49.0460 4976 RasAcd - ok
21:07:49.0491 4976 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
21:07:49.0494 4976 RasAuto - ok
21:07:49.0502 4976 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:07:49.0505 4976 Rasl2tp - ok
21:07:49.0526 4976 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
21:07:49.0532 4976 RasMan - ok
21:07:49.0552 4976 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
21:07:49.0554 4976 RasPppoe - ok
21:07:49.0566 4976 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
21:07:49.0568 4976 RasSstp - ok
21:07:49.0604 4976 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
21:07:49.0609 4976 rdbss - ok
21:07:49.0620 4976 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:07:49.0621 4976 RDPCDD - ok
21:07:49.0659 4976 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
21:07:49.0664 4976 rdpdr - ok
21:07:49.0667 4976 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
21:07:49.0669 4976 RDPENCDD - ok
21:07:49.0710 4976 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
21:07:49.0714 4976 RDPWD - ok
21:07:49.0737 4976 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
21:07:49.0740 4976 RemoteAccess - ok
21:07:49.0772 4976 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
21:07:49.0777 4976 RemoteRegistry - ok
21:07:49.0789 4976 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
21:07:49.0792 4976 RpcLocator - ok
21:07:49.0862 4976 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
21:07:49.0867 4976 RpcSs - ok
21:07:49.0919 4976 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
21:07:49.0922 4976 rspndr - ok
21:07:49.0939 4976 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:07:49.0940 4976 SamSs - ok
21:07:49.0965 4976 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
21:07:49.0968 4976 sbp2port - ok
21:07:50.0000 4976 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
21:07:50.0005 4976 SCardSvr - ok
21:07:50.0020 4976 SCDEmu (46942b6980b35ffda6afa40a8328938c) C:\Windows\system32\drivers\SCDEmu.sys
21:07:50.0030 4976 SCDEmu - ok
21:07:50.0089 4976 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
21:07:50.0128 4976 Schedule - ok
21:07:50.0166 4976 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
21:07:50.0167 4976 SCPolicySvc - ok
21:07:50.0190 4976 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
21:07:50.0194 4976 SDRSVC - ok
21:07:50.0268 4976 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:07:50.0270 4976 SeaPort - ok
21:07:50.0281 4976 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:07:50.0282 4976 secdrv - ok
21:07:50.0289 4976 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
21:07:50.0292 4976 seclogon - ok
21:07:50.0297 4976 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
21:07:50.0300 4976 SENS - ok
21:07:50.0320 4976 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
21:07:50.0322 4976 Serenum - ok
21:07:50.0356 4976 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
21:07:50.0358 4976 Serial - ok
21:07:50.0369 4976 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
21:07:50.0371 4976 sermouse - ok
21:07:50.0387 4976 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
21:07:50.0390 4976 SessionEnv - ok
21:07:50.0403 4976 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
21:07:50.0405 4976 sffdisk - ok
21:07:50.0423 4976 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
21:07:50.0425 4976 sffp_mmc - ok
21:07:50.0433 4976 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
21:07:50.0435 4976 sffp_sd - ok
21:07:50.0446 4976 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
21:07:50.0448 4976 sfloppy - ok
21:07:50.0484 4976 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
21:07:50.0489 4976 SharedAccess - ok
21:07:50.0525 4976 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
21:07:50.0531 4976 ShellHWDetection - ok
21:07:50.0553 4976 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
21:07:50.0555 4976 SiSRaid2 - ok
21:07:50.0570 4976 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
21:07:50.0572 4976 SiSRaid4 - ok
21:07:50.0634 4976 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:07:50.0800 4976 SkypeUpdate - ok
21:07:50.0962 4976 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
21:07:50.0992 4976 slsvc - ok
21:07:51.0071 4976 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
21:07:51.0074 4976 SLUINotify - ok
21:07:51.0105 4976 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
21:07:51.0107 4976 Smb - ok
21:07:51.0118 4976 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
21:07:51.0121 4976 SNMPTRAP - ok
21:07:51.0147 4976 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
21:07:51.0149 4976 spldr - ok
21:07:51.0184 4976 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
21:07:51.0188 4976 Spooler - ok
21:07:51.0259 4976 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502010.003\SRTSP64.SYS
21:07:51.0269 4976 SRTSP - ok
21:07:51.0274 4976 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502010.003\SRTSPX64.SYS
21:07:51.0277 4976 SRTSPX - ok
21:07:51.0317 4976 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
21:07:51.0332 4976 srv - ok
21:07:51.0409 4976 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
21:07:51.0413 4976 srv2 - ok
21:07:51.0441 4976 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
21:07:51.0444 4976 srvnet - ok
21:07:51.0491 4976 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
21:07:51.0495 4976 SSDPSRV - ok
21:07:51.0520 4976 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
21:07:51.0524 4976 SstpSvc - ok
21:07:51.0557 4976 Steam Client Service - ok
21:07:51.0616 4976 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:07:51.0619 4976 Stereo Service - ok
21:07:51.0667 4976 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
21:07:51.0680 4976 stisvc - ok
21:07:51.0729 4976 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
21:07:51.0731 4976 swenum - ok
21:07:51.0781 4976 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
21:07:51.0822 4976 swprv - ok
21:07:51.0841 4976 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
21:07:51.0847 4976 Symc8xx - ok
21:07:51.0928 4976 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS
21:07:51.0969 4976 SymDS - ok
21:07:52.0016 4976 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS
21:07:52.0062 4976 SymEFA - ok
21:07:52.0094 4976 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:07:52.0101 4976 SymEvent - ok
21:07:52.0121 4976 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS
21:07:52.0128 4976 SymIRON - ok
21:07:52.0155 4976 SYMTDIv (61d06be74fa23ebb7d816e4468edd19e) C:\Windows\System32\Drivers\N360x64\0502010.003\SYMTDIV.SYS
21:07:52.0172 4976 SYMTDIv - ok
21:07:52.0193 4976 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
21:07:52.0199 4976 Sym_hi - ok
21:07:52.0212 4976 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
21:07:52.0217 4976 Sym_u3 - ok
21:07:52.0283 4976 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
21:07:52.0337 4976 SysMain - ok
21:07:52.0385 4976 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
21:07:52.0392 4976 TabletInputService - ok
21:07:52.0468 4976 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
21:07:52.0481 4976 TapiSrv - ok
21:07:52.0489 4976 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
21:07:52.0496 4976 TBS - ok
21:07:52.0570 4976 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
21:07:52.0616 4976 Tcpip - ok
21:07:52.0627 4976 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
21:07:52.0635 4976 Tcpip6 - ok
21:07:52.0658 4976 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
21:07:52.0664 4976 tcpipreg - ok
21:07:52.0677 4976 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
21:07:52.0682 4976 TDPIPE - ok
21:07:52.0702 4976 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
21:07:52.0708 4976 TDTCP - ok
21:07:52.0927 4976 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
21:07:52.0933 4976 tdx - ok
21:07:52.0960 4976 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
21:07:52.0966 4976 TermDD - ok
21:07:53.0019 4976 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
21:07:53.0057 4976 TermService - ok
21:07:53.0092 4976 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
21:07:53.0095 4976 Themes - ok
21:07:53.0116 4976 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
21:07:53.0117 4976 THREADORDER - ok
21:07:53.0147 4976 Tpkd (e36c2b04b7eb90a7c3e29ebdfc3a8d30) C:\Windows\system32\drivers\Tpkd.sys
21:07:53.0167 4976 Tpkd - ok
21:07:53.0218 4976 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
21:07:53.0222 4976 TrkWks - ok
21:07:53.0247 4976 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
21:07:53.0248 4976 TrustedInstaller - ok
21:07:53.0269 4976 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:07:53.0271 4976 tssecsrv - ok
21:07:53.0294 4976 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
21:07:53.0296 4976 tunmp - ok
21:07:53.0310 4976 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
21:07:53.0312 4976 tunnel - ok
21:07:53.0331 4976 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
21:07:53.0333 4976 uagp35 - ok
21:07:53.0375 4976 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
21:07:53.0380 4976 udfs - ok
21:07:53.0392 4976 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
21:07:53.0395 4976 UI0Detect - ok
21:07:53.0412 4976 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
21:07:53.0414 4976 uliagpkx - ok
21:07:53.0440 4976 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
21:07:53.0445 4976 uliahci - ok
21:07:53.0468 4976 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
21:07:53.0471 4976 UlSata - ok
21:07:53.0491 4976 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
21:07:53.0494 4976 ulsata2 - ok
21:07:53.0516 4976 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
21:07:53.0518 4976 umbus - ok
21:07:53.0546 4976 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
21:07:53.0551 4976 upnphost - ok
21:07:53.0585 4976 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
21:07:53.0587 4976 USBAAPL64 - ok
21:07:53.0628 4976 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
21:07:53.0631 4976 usbaudio - ok
21:07:53.0662 4976 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
21:07:53.0665 4976 usbccgp - ok
21:07:53.0687 4976 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
21:07:53.0690 4976 usbcir - ok
21:07:53.0719 4976 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
21:07:53.0721 4976 usbehci - ok
21:07:53.0742 4976 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
21:07:53.0747 4976 usbhub - ok
21:07:53.0751 4976 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
21:07:53.0753 4976 usbohci - ok
21:07:53.0763 4976 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
21:07:53.0765 4976 usbprint - ok
21:07:53.0793 4976 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:07:53.0796 4976 USBSTOR - ok
21:07:53.0805 4976 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
21:07:53.0807 4976 usbuhci - ok
21:07:53.0829 4976 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
21:07:53.0832 4976 UxSms - ok
21:07:53.0872 4976 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
21:07:53.0889 4976 vds - ok
21:07:53.0893 4976 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
21:07:53.0895 4976 vga - ok
21:07:53.0921 4976 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
21:07:53.0923 4976 VgaSave - ok
21:07:53.0944 4976 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
21:07:53.0946 4976 viaide - ok
21:07:53.0962 4976 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
21:07:53.0965 4976 volmgr - ok
21:07:54.0007 4976 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
21:07:54.0013 4976 volmgrx - ok
21:07:54.0062 4976 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
21:07:54.0066 4976 volsnap - ok
21:07:54.0089 4976 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
21:07:54.0092 4976 vsmraid - ok
21:07:54.0178 4976 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
21:07:54.0225 4976 VSS - ok
21:07:54.0268 4976 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
21:07:54.0274 4976 W32Time - ok
21:07:54.0321 4976 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
21:07:54.0323 4976 WacomPen - ok
21:07:54.0350 4976 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
21:07:54.0352 4976 Wanarp - ok
21:07:54.0355 4976 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
21:07:54.0356 4976 Wanarpv6 - ok
21:07:54.0392 4976 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
21:07:54.0400 4976 wcncsvc - ok
21:07:54.0426 4976 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
21:07:54.0429 4976 WcsPlugInService - ok
21:07:54.0440 4976 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
21:07:54.0442 4976 Wd - ok
21:07:54.0511 4976 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
21:07:54.0526 4976 Wdf01000 - ok
21:07:54.0539 4976 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
21:07:54.0563 4976 WdiServiceHost - ok
21:07:54.0565 4976 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
21:07:54.0567 4976 WdiSystemHost - ok
21:07:54.0587 4976 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
21:07:54.0591 4976 WebClient - ok
21:07:54.0618 4976 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
21:07:54.0624 4976 Wecsvc - ok
21:07:54.0641 4976 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
21:07:54.0644 4976 wercplsupport - ok
21:07:54.0660 4976 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
21:07:54.0663 4976 WerSvc - ok
21:07:54.0677 4976 WinDefend - ok
21:07:54.0684 4976 WinHttpAutoProxySvc - ok
21:07:54.0725 4976 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
21:07:54.0729 4976 Winmgmt - ok
21:07:54.0837 4976 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
21:07:54.0899 4976 WinRM - ok
21:07:55.0000 4976 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
21:07:55.0053 4976 Wlansvc - ok
21:07:55.0206 4976 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:07:55.0234 4976 wlidsvc - ok
21:07:55.0300 4976 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
21:07:55.0302 4976 WmiAcpi - ok
21:07:55.0346 4976 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
21:07:55.0350 4976 wmiApSrv - ok
21:07:55.0355 4976 WMPNetworkSvc - ok
21:07:55.0387 4976 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
21:07:55.0392 4976 WPCSvc - ok
21:07:55.0419 4976 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
21:07:55.0423 4976 WPDBusEnum - ok
21:07:55.0454 4976 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
21:07:55.0486 4976 WpdUsb - ok
21:07:55.0599 4976 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:07:55.0640 4976 WPFFontCache_v0400 - ok
21:07:55.0652 4976 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
21:07:55.0654 4976 ws2ifsl - ok
21:07:55.0672 4976 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
21:07:55.0675 4976 wscsvc - ok
21:07:55.0677 4976 WSearch - ok
21:07:55.0808 4976 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
21:07:55.0841 4976 wuauserv - ok
21:07:55.0966 4976 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:07:55.0969 4976 WUDFRd - ok
21:07:55.0991 4976 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
21:07:55.0994 4976 wudfsvc - ok
21:07:56.0066 4976 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys
21:07:56.0102 4976 xnacc - ok
21:07:56.0142 4976 xusb21 (47aea795c67b7440e60d1f7542cb3d38) C:\Windows\system32\DRIVERS\xusb21.sys
21:07:56.0144 4976 xusb21 - ok
21:07:56.0149 4976 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:07:56.0176 4976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
21:07:56.0176 4976 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
21:07:56.0202 4976 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:07:56.0202 4976 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:07:56.0228 4976 Boot (0x1200) (44ed91a44177f698d881b80f4d0e0943) \Device\Harddisk0\DR0\Partition0
21:07:56.0230 4976 \Device\Harddisk0\DR0\Partition0 - ok
21:07:56.0230 4976 ============================================================
21:07:56.0230 4976 Scan finished
21:07:56.0230 4976 ============================================================
21:07:56.0240 0444 Detected object count: 2
21:07:56.0240 0444 Actual detected object count: 2
21:12:31.0957 0444 \Device\Harddisk0\DR0\# - copied to quarantine
21:12:31.0958 0444 \Device\Harddisk0\DR0 - copied to quarantine
21:12:31.0989 0444 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:12:31.0991 0444 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:12:32.0003 0444 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:12:32.0010 0444 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:12:32.0012 0444 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:12:32.0014 0444 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:12:32.0016 0444 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:12:32.0019 0444 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:12:32.0022 0444 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:12:32.0024 0444 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:12:32.0026 0444 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:12:32.0051 0444 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:12:32.0052 0444 \Device\Harddisk0\DR0 - ok
21:12:32.0053 0444 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
21:12:32.0054 0444 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:12:32.0054 0444 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:12:54.0519 3832 Deinitialize success

Edited by Sandalman3000, 06 June 2012 - 01:42 PM.


#5 Sandalman3000

Sandalman3000
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 06 June 2012 - 01:43 PM

GMER hasn't found any system modification. Log was empty.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-05 23:04:17
-----------------------------
23:04:17.799 OS Version: Windows x64 6.0.6002 Service Pack 2
23:04:17.800 Number of processors: 4 586 0x502
23:04:17.800 ComputerName: NOSTRADAMUS-PC UserName: Nostradamus
23:04:19.717 Initialize success
23:15:54.634 AVAST engine defs: 12060501
23:18:03.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
23:18:03.064 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 8
23:18:03.158 Disk 0 MBR read successfully
23:18:03.162 Disk 0 MBR scan
23:18:03.167 Disk 0 Windows VISTA default MBR code
23:18:03.174 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
23:18:03.198 Disk 0 scanning C:\Windows\system32\drivers
23:18:11.393 Service scanning
23:18:28.909 Modules scanning
23:18:28.910 Disk 0 trace - called modules:
23:18:28.924 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor.sys
23:18:28.924 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006045790]
23:18:28.925 3 CLASSPNP.SYS[fffffa6000fcec33] -> nt!IofCallDriver -> [0xfffffa800410bab0]
23:18:28.926 5 acpi.sys[fffffa60008fffde] -> nt!IofCallDriver -> \Device\00000057[0xfffffa8004109680]
23:18:31.306 AVAST engine scan C:\Windows
23:18:35.714 AVAST engine scan C:\Windows\system32
23:22:51.006 AVAST engine scan C:\Windows\system32\drivers
23:23:30.409 AVAST engine scan C:\Users\Nostradamus
02:45:21.362 AVAST engine scan C:\ProgramData
03:20:58.159 Scan finished successfully
14:05:53.003 Disk 0 MBR has been saved successfully to "C:\Users\Nostradamus\Desktop\MBR.dat"
14:05:53.009 The log file has been saved successfully to "C:\Users\Nostradamus\Desktop\aswMBR.txt"

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:37 AM

Posted 06 June 2012 - 02:01 PM

Ok that was good.. You did reboot after the TDSS scan?


Lets do a last look.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Sandalman3000

Sandalman3000
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 06 June 2012 - 07:22 PM

C:\Program Files (x86)\Activision\Empires Dawn of the Modern World\EDMW_ResSet.exe probably a variant of Win32/Agent.KFOIWYH trojan cleaned by deleting - quarantined
C:\Program Files (x86)\Cheat Engine2\dbk32.dll a variant of Win32/HackTool.CheatEngine.AA application cleaned by deleting - quarantined
C:\Program Files (x86)\Cheat Engine2\dbk32.sys a variant of Win32/HackTool.CheatEngine.AA application cleaned by deleting - quarantined
C:\Program Files (x86)\Cheat Engine2\Systemcallretriever.exe a variant of Win32/HackTool.SystemCall.AA application cleaned by deleting - quarantined
C:\Program Files (x86)\Cheat Engine2\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application cleaned by deleting - quarantined
C:\Program Files (x86)\HyperCam Toolbar\UninstallToolbar.exe Win32/Somoto application deleted - quarantined
C:\TDSSKiller_Quarantine\05.06.2012_21.07.20\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.06.2012_21.07.20\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.06.2012_21.07.20\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KQ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.06.2012_21.07.20\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.06.2012_21.07.20\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.06.2012_21.07.20\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\Nostradamus\AppData\LocalLow\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\UninstallToolbar.exe Win32/Somoto application deleted - quarantined
C:\Users\Nostradamus\Desktop\Cakewalk Sonar 8 Producer Iso.iso Win32/Agent.PIN trojan deleted - quarantined
C:\Users\Nostradamus\Downloads\Cakewalk Sonar 8 Producer Iso.rar Win32/Agent.PIN trojan deleted - quarantined
C:\Users\Nostradamus\Downloads\CheatEngine55.exe multiple threats deleted - quarantined
C:\Users\Nostradamus\Downloads\CheatEngine561.exe multiple threats deleted - quarantined
C:\Users\Nostradamus\Downloads\HC2Setup64.exe Win32/Somoto application deleted - quarantined

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:37 AM

Posted 06 June 2012 - 07:39 PM

I knew there were more uglies.. :woot:


Let's Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Sandalman3000

Sandalman3000
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 06 June 2012 - 09:58 PM

No detected files.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.06.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Nostradamus :: NOSTRADAMUS-PC [administrator]

Protection: Enabled

6/6/2012 8:46:52 PM
mbam-log-2012-06-06 (20-46-52).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 706330
Time elapsed: 2 hour(s), 11 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:37 AM

Posted 07 June 2012 - 09:49 AM

Looks good to me... How is it running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Sandalman3000

Sandalman3000
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 07 June 2012 - 10:17 PM

No issues. Thank you very much.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:37 AM

Posted 07 June 2012 - 10:30 PM

You're welcome!!

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users