Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe*32 winrscmde


  • This topic is locked This topic is locked
18 replies to this topic

#1 donchawunder

donchawunder

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 17 July 2012 - 03:43 PM

Hello, this is my first post. My computer lately has been playing random bits of audio advertisement when no programs are open or in use. I have tried running Norton Anti-virus twice. Restarting my computer several times, and am currently running the Malwarebytes program due to request from tech savy friend. I have read several forums on different sites and the problem seems to go far deeper than it appears. I am running a i5 alienware m14x with windows 7 home premium. Constantly programs randomly close and quit responding. I am getting frequest pop-ups in my bottom left corner of the screen stating High CPU usage from "winrscmde" and my CPU usage will spike from 0-3%(usual) to 40-50%(and higher at times aswell hitting up to 80-90%. Under task manager and processes the "svchost.exe*32 winrscmde" is using in excess of 1,000,000K of memory and has gotten as high as 1.5mil. Any help to fix this would greatly be appreciated as I am preparing to head back to college soon. When explaining please use the enlish language:) I am aware of some computer terms but am not the most tech savy person. Please and Thankyou in advance for help!

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:06 AM

Posted 22 July 2012 - 03:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461120 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 donchawunder

donchawunder
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 22 July 2012 - 05:09 PM

After the maywarebytes scan, 2 trojans and 2 rootkit viruses were removed. Performance has greatly increased but under processes "scvhost.exe *32 description:winrscmde" is still there and running. currently at 50,000K. two other svchost.exe processes are now running at greater numbers, such as 150,000K and 180,000K. I am unsure if they are at normal numbers or if any are a virus and it has gone into hibernation. If i am free of a virus, i greatly appreciate any persued help. If not, I greatly appreciate the soon to come help.

I am unable to have a windows CD/DVD with me but should be able to get mine from home soon.

DDS scan is underneath. I am running windows 64 bit so GMER log not required per say bot above. If anything else is needed please let me know.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Justin at 17:02:40 on 2012-07-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3377 [GMT -5:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Justin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\PTC\WindchillSharePointProducts\ClientManager\ProductPointService.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
-netsvcs
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\AlienRespawn\sftservice.EXE
C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://AlienwareArena.com
uDefault_Page_URL = hxxp://AlienwareArena.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Spotify] "C:\Users\Justin\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Justin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.exe -update activex
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~1.LNK - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDCH~1.LNK - C:\Windows\Installer\{371E8B48-2AF1-491B-8F35-BD60D18CB927}\PPS.ico
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1ED703D1-4DF3-48A5-9FA0-F78CFB726E8F} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1ED703D1-4DF3-48A5-9FA0-F78CFB726E8F}\343556562697 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1ED703D1-4DF3-48A5-9FA0-F78CFB726E8F}\3555444454E4C494E4B4E2E45445D243932444 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1ED703D1-4DF3-48A5-9FA0-F78CFB726E8F}\9684F64756C60234C657260294E647271677563747023516E64656374796E6 : DhcpNameServer = 172.16.48.2
TCP: Interfaces\{1ED703D1-4DF3-48A5-9FA0-F78CFB726E8F}\C4164556368602F40756E6149627 : DhcpNameServer = 138.47.18.130 138.47.18.129
TCP: Interfaces\{1ED703D1-4DF3-48A5-9FA0-F78CFB726E8F}\C4164556368675051423 : DhcpNameServer = 138.47.18.130 138.47.18.129
TCP: Interfaces\{D7C20E91-9E64-4C31-9273-CF9B6DC40A9A} : DhcpNameServer = 138.47.18.130 138.47.18.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-4-13 8704]
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 13680]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-16 1161376]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys --> C:\Windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\IPSDefs\20120720.001\IDSviA64.sys [2012-7-21 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NAVx64\1307010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\NAVx64\1307010.005\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-7-28 98208]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-1-13 15296]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-28 13336]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccsvchst.exe [2012-5-18 138232]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-28 2214504]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2011-7-28 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-7 138912]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-16 250056]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-1-8 87336]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-1 1431888]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 Remote Solver for Flow Simulation 2011;Remote Solver for Flow Simulation 2011;C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2010-12-1 110344]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-17 23:02:34 20480 ----a-w- C:\Windows\svchost.exe
2012-07-17 19:55:00 -------- d-----w- C:\Users\Justin\AppData\Roaming\Malwarebytes
2012-07-17 19:54:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-17 19:54:44 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-17 19:54:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-17 00:22:54 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-11 08:03:31 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-10 19:23:16 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-01 02:33:05 -------- d-----w- C:\Program Files\iPod
2012-07-01 02:33:02 -------- d-----w- C:\Program Files\iTunes
2012-07-01 02:33:02 -------- d-----w- C:\Program Files (x86)\iTunes
2012-07-01 02:28:42 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-01 02:28:42 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-01 02:28:42 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-01 02:28:42 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-01 02:28:42 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-01 02:28:42 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-01 02:28:42 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-07-17 00:22:54 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-14 19:37:37 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-14 19:37:37 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-05-14 17:31:03 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-05-14 17:30:56 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-14 16:50:13 3360624 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-05-14 02:49:38 532480 ----a-w- C:\Windows\SysWow64\alienwareScreensaverDemo.scr
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 17:03:34.40 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 22 July 2012 - 11:19 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Edited by gringo_pr, 23 July 2012 - 05:27 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 donchawunder

donchawunder
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 23 July 2012 - 04:59 PM

I have no problem doing such things, but before I do, do you know for sure that i still have the virus? So far, no ads have been playing through audio as were before, and my computers performance has increased greatly. Is it at all possible the malwarebytes scan got rid of the virus, and a good shut down and restart solved my issues? or must I run the above two scans in order for you to tell?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 23 July 2012 - 05:29 PM

Greetings


It is possible that MBAM got rid enough of the virus to stop the ads - but I want to make sure that it removed all the virus to make it does not return


Please see edit above (had a copy and paste error)


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 donchawunder

donchawunder
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 24 July 2012 - 02:22 PM

Hello Gringo, My computer seems to be working better. When I Ctrl-Alt-Delete and go under processes the process "scvhost*32 description:winrscmde" is still present and using 250K I am unsure if this is normal or if this is abnormal. Combofix went well. After finishing I did receive the error warned about but after restarting my computer I am able to use internet and other programs. Just before my computer restarted the final time I did receive a "High CPU usage by 'svchost'" warning in the bottom left of my screen. Since the restart no such action has arised. One questin is once this is all done. I have Norton AV and also Norton Spyware Protection. Previously stated by you i should not run multiple AV programs. But am I able to run AV and SP at the same time? If not. Which would you recommend of the three programs I have to run? Norton AV, SV or Windows defender SP?

The combofix log is below typed as requested.

ComboFix 12-07-25.04 - Justin 07/24/2012 13:09:16.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3478 [GMT -5:00]
Running from: c:\users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8AJ2M3Q5\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Justin\Documents\~WRL0005.tmp
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))
.
.
2012-07-17 19:55 . 2012-07-17 19:55 -------- d-----w- c:\users\Justin\AppData\Roaming\Malwarebytes
2012-07-17 19:54 . 2012-07-17 19:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-17 19:54 . 2012-07-17 19:54 -------- d-----w- c:\programdata\Malwarebytes
2012-07-17 19:54 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-17 00:22 . 2012-07-17 00:22 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-17 00:22 . 2012-07-17 00:22 -------- d-----w- c:\windows\system32\Macromed
2012-07-11 08:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 19:23 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-01 02:33 . 2012-07-01 02:33 -------- d-----w- c:\program files\iPod
2012-07-01 02:33 . 2012-07-01 02:33 -------- d-----w- c:\program files\iTunes
2012-07-01 02:33 . 2012-07-01 02:33 -------- d-----w- c:\program files (x86)\iTunes
2012-07-01 02:28 . 2012-07-01 02:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-01 02:28 . 2012-07-01 02:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-01 02:28 . 2012-07-01 02:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-01 02:28 . 2012-07-01 02:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-01 02:28 . 2012-07-01 02:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-01 02:28 . 2012-07-01 02:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-01 02:28 . 2012-07-01 02:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-01 02:28 . 2012-07-01 02:28 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 00:22 . 2011-07-28 11:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-22 16:51 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 16:51 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 16:51 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 16:51 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 16:51 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 16:51 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 16:51 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-22 16:51 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-22 16:51 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-14 19:37 . 2012-05-14 17:30 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-14 19:37 . 2012-05-14 17:26 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-14 17:31 . 2012-05-14 17:26 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-05-14 17:30 . 2012-05-14 17:26 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-14 16:50 . 2012-05-14 17:26 3360624 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-05-14 02:49 . 2012-05-14 02:49 532480 ----a-w- c:\windows\SysWow64\alienwareScreensaverDemo.scr
2012-05-01 05:40 . 2012-06-14 18:48 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 18:48 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 18:49 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 18:49 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 18:49 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-03 1242448]
"Spotify"="c:\users\Justin\AppData\Roaming\Spotify\Spotify.exe" [2012-07-22 7601880]
"Spotify Web Helper"="c:\users\Justin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-22 1193176]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-01-10 1545584]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-09-05 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-10-01 640376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Integrated Webcam Live! Central"="c:\program files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" [2011-08-12 520330]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks Background Downloader.lnk - c:\program files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe [2011-12-1 1834280]
Windchill ProductPoint Client Manager.lnk - c:\windows\Installer\{371E8B48-2AF1-491B-8F35-BD60D18CB927}\PPS.ico [2011-12-1 7782]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-01-13 15296]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-17 250056]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-07 35840]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-01-08 87336]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-02 1431888]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-05-04 158976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Remote Solver for Flow Simulation 2011;Remote Solver for Flow Simulation 2011;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2010-12-01 110344]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-05 1255736]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-11 25960]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS [2012-01-17 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\IPSDefs\20120722.001\IDSvia64.sys [2012-06-14 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2011-02-01 98208]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-08-18 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-27 27760]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-06-16 176000]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-07 138912]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-05-04 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-12-26 76912]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2011-03-03 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-02-03 8505856]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-03-04 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-03-04 181760]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-03 333928]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-17 00:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-01 6602856]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-02-01 2186856]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 703088]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2011-01-13 13256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1692264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://AlienwareArena.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-(Default) - (no file)
AddRemove-alienwareScreensaverDemo - c:\windows\system32\alienwareScreensaverDemo.scr
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:0a,5a,b3,2f,0f,2e,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\AlienRespawn\TOASTER.EXE
c:\program files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2012-07-24 13:51:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-24 18:51
.
Pre-Run: 311,318,274,048 bytes free
Post-Run: 314,015,830,016 bytes free
.
- - End Of File - - B328647C48543FF624A1963805A50791

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 24 July 2012 - 10:12 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 donchawunder

donchawunder
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 25 July 2012 - 05:07 PM

After running TDSSkiller, it found one rootkit at a High Risk. It was cured and computer restarted. I have the log as posted below. AFTER TDSS ran, I began to run the aswMBR scan. After downloading the additional info. I began the scan. Just a few minutes after the scan began, my computer bluescreened, I could not get a picture quick enough but the bottom said something about a physical memory dump, then my computer restarted. It is running again, but i did not try the aswMBR scan a second time. What are the next steps for me? TDSSkiller log below.



TDSSkiller Log:

16:47:33.0915 3396 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
16:47:34.0243 3396 ============================================================
16:47:34.0243 3396 Current date / time: 2012/07/25 16:47:34.0243
16:47:34.0243 3396 SystemInfo:
16:47:34.0243 3396
16:47:34.0243 3396 OS Version: 6.1.7601 ServicePack: 1.0
16:47:34.0243 3396 Product type: Workstation
16:47:34.0243 3396 ComputerName: JUSTIN-PC
16:47:34.0243 3396 UserName: Justin
16:47:34.0243 3396 Windows directory: C:\Windows
16:47:34.0243 3396 System windows directory: C:\Windows
16:47:34.0243 3396 Running under WOW64
16:47:34.0243 3396 Processor architecture: Intel x64
16:47:34.0243 3396 Number of processors: 4
16:47:34.0243 3396 Page size: 0x1000
16:47:34.0243 3396 Boot type: Normal boot
16:47:34.0243 3396 ============================================================
16:47:35.0038 3396 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:47:35.0038 3396 ============================================================
16:47:35.0038 3396 \Device\Harddisk0\DR0:
16:47:35.0038 3396 MBR partitions:
16:47:35.0038 3396 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x2777000
16:47:35.0038 3396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x278B000, BlocksNum 0x37BFA800
16:47:35.0038 3396 ============================================================
16:47:35.0116 3396 C: <-> \Device\Harddisk0\DR0\Partition1
16:47:35.0116 3396 ============================================================
16:47:35.0116 3396 Initialize success
16:47:35.0116 3396 ============================================================
16:48:01.0389 5008 ============================================================
16:48:01.0389 5008 Scan started
16:48:01.0389 5008 Mode: Manual;
16:48:01.0389 5008 ============================================================
16:48:03.0058 5008 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:48:03.0073 5008 1394ohci - ok
16:48:03.0120 5008 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
16:48:03.0120 5008 Acceler - ok
16:48:03.0183 5008 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:48:03.0183 5008 ACPI - ok
16:48:03.0229 5008 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:48:03.0229 5008 AcpiPmi - ok
16:48:03.0353 5008 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:48:03.0353 5008 AdobeARMservice - ok
16:48:03.0493 5008 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:48:03.0493 5008 AdobeFlashPlayerUpdateSvc - ok
16:48:03.0553 5008 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:48:03.0573 5008 adp94xx - ok
16:48:03.0733 5008 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:48:03.0733 5008 adpahci - ok
16:48:03.0753 5008 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:48:03.0753 5008 adpu320 - ok
16:48:03.0773 5008 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:48:03.0773 5008 AeLookupSvc - ok
16:48:03.0853 5008 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
16:48:03.0853 5008 AERTFilters - ok
16:48:03.0913 5008 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:48:03.0923 5008 AFD - ok
16:48:03.0983 5008 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:48:03.0983 5008 agp440 - ok
16:48:04.0003 5008 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:48:04.0013 5008 ALG - ok
16:48:04.0073 5008 AlienFusionService (f89e4fc4c35dd06f0a5d1c8bd3952036) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
16:48:04.0073 5008 AlienFusionService - ok
16:48:04.0093 5008 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:48:04.0093 5008 aliide - ok
16:48:04.0103 5008 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:48:04.0103 5008 amdide - ok
16:48:04.0193 5008 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:48:04.0193 5008 AmdK8 - ok
16:48:04.0213 5008 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
16:48:04.0213 5008 AmdPPM - ok
16:48:04.0303 5008 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:48:04.0313 5008 amdsata - ok
16:48:04.0413 5008 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:48:04.0423 5008 amdsbs - ok
16:48:04.0433 5008 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:48:04.0433 5008 amdxata - ok
16:48:04.0473 5008 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:48:04.0473 5008 AppID - ok
16:48:04.0523 5008 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:48:04.0523 5008 AppIDSvc - ok
16:48:04.0633 5008 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:48:04.0643 5008 Appinfo - ok
16:48:05.0133 5008 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:48:05.0133 5008 Apple Mobile Device - ok
16:48:05.0443 5008 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:48:05.0453 5008 arc - ok
16:48:05.0543 5008 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:48:05.0563 5008 arcsas - ok
16:48:05.0783 5008 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:48:05.0803 5008 aspnet_state - ok
16:48:05.0863 5008 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:48:05.0863 5008 AsyncMac - ok
16:48:06.0003 5008 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:48:06.0003 5008 atapi - ok
16:48:06.0103 5008 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:48:06.0113 5008 AudioEndpointBuilder - ok
16:48:06.0123 5008 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:48:06.0123 5008 AudioSrv - ok
16:48:06.0371 5008 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:48:06.0387 5008 AxInstSV - ok
16:48:06.0543 5008 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:48:06.0558 5008 b06bdrv - ok
16:48:06.0667 5008 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:48:06.0667 5008 b57nd60a - ok
16:48:06.0770 5008 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:48:06.0770 5008 BDESVC - ok
16:48:06.0800 5008 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:48:06.0800 5008 Beep - ok
16:48:07.0040 5008 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:48:07.0070 5008 BFE - ok
16:48:07.0420 5008 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
16:48:07.0430 5008 BHDrvx64 - ok
16:48:08.0210 5008 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:48:08.0240 5008 BITS - ok
16:48:08.0310 5008 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:48:08.0310 5008 blbdrive - ok
16:48:08.0400 5008 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:48:08.0420 5008 Bonjour Service - ok
16:48:08.0440 5008 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:48:08.0440 5008 bowser - ok
16:48:08.0490 5008 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:48:08.0490 5008 BrFiltLo - ok
16:48:08.0500 5008 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:48:08.0500 5008 BrFiltUp - ok
16:48:08.0510 5008 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:48:08.0510 5008 BridgeMP - ok
16:48:08.0580 5008 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:48:08.0580 5008 Browser - ok
16:48:08.0610 5008 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:48:08.0610 5008 Brserid - ok
16:48:08.0620 5008 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:48:08.0620 5008 BrSerWdm - ok
16:48:08.0620 5008 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:48:08.0620 5008 BrUsbMdm - ok
16:48:08.0630 5008 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:48:08.0630 5008 BrUsbSer - ok
16:48:08.0680 5008 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:48:08.0680 5008 BTHMODEM - ok
16:48:08.0720 5008 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:48:08.0720 5008 bthserv - ok
16:48:08.0820 5008 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
16:48:08.0840 5008 BVRPMPR5a64 - ok
16:48:08.0840 5008 catchme - ok
16:48:09.0020 5008 ccSet_NAV (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys
16:48:09.0020 5008 ccSet_NAV - ok
16:48:09.0070 5008 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:48:09.0070 5008 cdfs - ok
16:48:09.0120 5008 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:48:09.0130 5008 cdrom - ok
16:48:09.0190 5008 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:48:09.0200 5008 CertPropSvc - ok
16:48:09.0270 5008 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
16:48:09.0320 5008 circlass - ok
16:48:09.0410 5008 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:48:09.0420 5008 CLFS - ok
16:48:09.0630 5008 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:48:09.0640 5008 clr_optimization_v2.0.50727_32 - ok
16:48:09.0830 5008 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:48:09.0830 5008 clr_optimization_v2.0.50727_64 - ok
16:48:10.0100 5008 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:48:10.0110 5008 clr_optimization_v4.0.30319_32 - ok
16:48:10.0290 5008 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:48:10.0290 5008 clr_optimization_v4.0.30319_64 - ok
16:48:10.0370 5008 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:48:10.0380 5008 CmBatt - ok
16:48:10.0400 5008 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:48:10.0400 5008 cmdide - ok
16:48:10.0630 5008 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
16:48:10.0660 5008 CNG - ok
16:48:10.0880 5008 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:48:10.0880 5008 Compbatt - ok
16:48:11.0000 5008 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:48:11.0000 5008 CompositeBus - ok
16:48:11.0030 5008 COMSysApp - ok
16:48:11.0670 5008 CoordinatorServiceHost (20c701dcba0704e9d38829bd510cd186) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
16:48:11.0670 5008 CoordinatorServiceHost - ok
16:48:11.0730 5008 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:48:11.0730 5008 crcdisk - ok
16:48:12.0080 5008 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
16:48:12.0080 5008 CryptSvc - ok
16:48:12.0240 5008 CtClsFlt (df214bff646880d0eb31bdc86136b29b) C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:48:12.0250 5008 CtClsFlt - ok
16:48:12.0520 5008 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:48:12.0552 5008 DcomLaunch - ok
16:48:12.0801 5008 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:48:12.0817 5008 defragsvc - ok
16:48:12.0832 5008 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:48:12.0832 5008 DfsC - ok
16:48:12.0910 5008 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:48:12.0910 5008 Dhcp - ok
16:48:12.0942 5008 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:48:12.0942 5008 discache - ok
16:48:12.0988 5008 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:48:13.0004 5008 Disk - ok
16:48:13.0020 5008 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:48:13.0035 5008 Dnscache - ok
16:48:13.0051 5008 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:48:13.0051 5008 dot3svc - ok
16:48:13.0066 5008 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:48:13.0066 5008 DPS - ok
16:48:13.0113 5008 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:48:13.0113 5008 drmkaud - ok
16:48:13.0176 5008 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:48:13.0176 5008 DXGKrnl - ok
16:48:13.0191 5008 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:48:13.0191 5008 EapHost - ok
16:48:13.0307 5008 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:48:13.0367 5008 ebdrv - ok
16:48:13.0487 5008 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:48:13.0497 5008 eeCtrl - ok
16:48:13.0637 5008 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:48:13.0637 5008 EFS - ok
16:48:13.0697 5008 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:48:13.0717 5008 ehRecvr - ok
16:48:13.0737 5008 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:48:13.0737 5008 ehSched - ok
16:48:13.0817 5008 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:48:13.0837 5008 elxstor - ok
16:48:13.0877 5008 EMSC (e47d9d7e6e53892fc97282482f4ae307) C:\Windows\system32\DRIVERS\EMSC.SYS
16:48:13.0877 5008 EMSC - ok
16:48:13.0967 5008 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:48:13.0967 5008 EraserUtilRebootDrv - ok
16:48:13.0977 5008 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:48:13.0977 5008 ErrDev - ok
16:48:14.0057 5008 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:48:14.0057 5008 EventSystem - ok
16:48:14.0187 5008 EvtEng (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:48:14.0217 5008 EvtEng - ok
16:48:14.0317 5008 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:48:14.0317 5008 exfat - ok
16:48:14.0327 5008 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:48:14.0337 5008 fastfat - ok
16:48:14.0397 5008 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:48:14.0417 5008 Fax - ok
16:48:14.0437 5008 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
16:48:14.0447 5008 fdc - ok
16:48:14.0467 5008 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:48:14.0467 5008 fdPHost - ok
16:48:14.0477 5008 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:48:14.0477 5008 FDResPub - ok
16:48:14.0537 5008 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:48:14.0547 5008 FileInfo - ok
16:48:14.0547 5008 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:48:14.0557 5008 Filetrace - ok
16:48:14.0677 5008 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
16:48:14.0717 5008 FLEXnet Licensing Service 64 - ok
16:48:14.0847 5008 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
16:48:14.0857 5008 flpydisk - ok
16:48:14.0897 5008 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:48:14.0907 5008 FltMgr - ok
16:48:14.0967 5008 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:48:14.0987 5008 FontCache - ok
16:48:15.0037 5008 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:48:15.0037 5008 FontCache3.0.0.0 - ok
16:48:15.0067 5008 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:48:15.0067 5008 FsDepends - ok
16:48:15.0107 5008 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:48:15.0107 5008 Fs_Rec - ok
16:48:15.0147 5008 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:48:15.0157 5008 fvevol - ok
16:48:15.0287 5008 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:48:15.0307 5008 gagp30kx - ok
16:48:15.0367 5008 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:48:15.0367 5008 GEARAspiWDM - ok
16:48:15.0447 5008 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:48:15.0467 5008 gpsvc - ok
16:48:15.0597 5008 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
16:48:15.0637 5008 hamachi - ok
16:48:15.0717 5008 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:48:15.0727 5008 hcw85cir - ok
16:48:15.0867 5008 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:48:15.0897 5008 HdAudAddService - ok
16:48:16.0077 5008 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:48:16.0092 5008 HDAudBus - ok
16:48:16.0170 5008 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
16:48:16.0202 5008 HidBatt - ok
16:48:16.0373 5008 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:48:16.0373 5008 HidBth - ok
16:48:16.0482 5008 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:48:16.0482 5008 HidIr - ok
16:48:16.0576 5008 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:48:16.0576 5008 hidserv - ok
16:48:16.0670 5008 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:48:16.0701 5008 HidUsb - ok
16:48:16.0982 5008 HiPatchService (5a457c3d00c1c701230a12aa1580114d) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
16:48:16.0982 5008 HiPatchService - ok
16:48:17.0184 5008 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:48:17.0184 5008 hkmsvc - ok
16:48:17.0574 5008 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:48:17.0574 5008 HomeGroupListener - ok
16:48:17.0840 5008 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:48:17.0855 5008 HomeGroupProvider - ok
16:48:18.0105 5008 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:48:18.0105 5008 HpSAMD - ok
16:48:19.0079 5008 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:48:19.0089 5008 HTTP - ok
16:48:19.0139 5008 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:48:19.0139 5008 hwpolicy - ok
16:48:19.0189 5008 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:48:19.0199 5008 i8042prt - ok
16:48:19.0259 5008 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
16:48:19.0259 5008 iaStor - ok
16:48:19.0349 5008 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
16:48:19.0349 5008 IAStorDataMgrSvc - ok
16:48:19.0409 5008 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:48:19.0409 5008 iaStorV - ok
16:48:19.0469 5008 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:48:19.0479 5008 IDriverT - ok
16:48:19.0549 5008 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:48:19.0579 5008 idsvc - ok
16:48:19.0719 5008 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\IPSDefs\20120722.001\IDSvia64.sys
16:48:19.0729 5008 IDSVia64 - ok
16:48:20.0419 5008 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:48:20.0599 5008 igfx - ok
16:48:20.0759 5008 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:48:20.0759 5008 iirsp - ok
16:48:20.0819 5008 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:48:20.0829 5008 IKEEXT - ok
16:48:20.0849 5008 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
16:48:20.0859 5008 Impcd - ok
16:48:21.0009 5008 IntcAzAudAddService (976bea339c5305ca7711436ef96d1d0e) C:\Windows\system32\drivers\RTKVHD64.sys
16:48:21.0029 5008 IntcAzAudAddService - ok
16:48:21.0759 5008 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
16:48:21.0789 5008 IntcDAud - ok
16:48:21.0839 5008 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:48:21.0839 5008 intelide - ok
16:48:21.0869 5008 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:48:21.0869 5008 intelppm - ok
16:48:22.0009 5008 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:48:22.0009 5008 IPBusEnum - ok
16:48:22.0129 5008 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:48:22.0129 5008 IpFilterDriver - ok
16:48:22.0349 5008 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:48:22.0359 5008 iphlpsvc - ok
16:48:22.0499 5008 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:48:22.0529 5008 IPMIDRV - ok
16:48:22.0649 5008 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:48:22.0659 5008 IPNAT - ok
16:48:23.0379 5008 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
16:48:23.0399 5008 iPod Service - ok
16:48:23.0449 5008 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:48:23.0449 5008 IRENUM - ok
16:48:23.0459 5008 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:48:23.0459 5008 isapnp - ok
16:48:23.0479 5008 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:48:23.0489 5008 iScsiPrt - ok
16:48:23.0529 5008 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:48:23.0529 5008 kbdclass - ok
16:48:23.0579 5008 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:48:23.0599 5008 kbdhid - ok
16:48:23.0699 5008 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:48:23.0699 5008 KeyIso - ok
16:48:23.0829 5008 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
16:48:23.0829 5008 KSecDD - ok
16:48:24.0019 5008 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
16:48:24.0019 5008 KSecPkg - ok
16:48:24.0079 5008 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:48:24.0119 5008 ksthunk - ok
16:48:24.0209 5008 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:48:24.0219 5008 KtmRm - ok
16:48:24.0259 5008 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\Windows\system32\DRIVERS\L1C62x64.sys
16:48:24.0259 5008 L1C - ok
16:48:24.0319 5008 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:48:24.0329 5008 LanmanServer - ok
16:48:24.0379 5008 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:48:24.0389 5008 LanmanWorkstation - ok
16:48:24.0419 5008 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:48:24.0419 5008 lltdio - ok
16:48:24.0459 5008 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:48:24.0459 5008 lltdsvc - ok
16:48:24.0479 5008 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:48:24.0479 5008 lmhosts - ok
16:48:24.0529 5008 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:48:24.0539 5008 LSI_FC - ok
16:48:24.0549 5008 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:48:24.0549 5008 LSI_SAS - ok
16:48:24.0559 5008 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:48:24.0559 5008 LSI_SAS2 - ok
16:48:24.0569 5008 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:48:24.0569 5008 LSI_SCSI - ok
16:48:24.0589 5008 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:48:24.0589 5008 luafv - ok
16:48:24.0619 5008 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:48:24.0639 5008 Mcx2Svc - ok
16:48:24.0649 5008 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:48:24.0649 5008 megasas - ok
16:48:24.0669 5008 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:48:24.0679 5008 MegaSR - ok
16:48:24.0709 5008 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
16:48:24.0709 5008 MEIx64 - ok
16:48:24.0999 5008 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:48:25.0009 5008 MMCSS - ok
16:48:25.0009 5008 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:48:25.0009 5008 Modem - ok
16:48:25.0129 5008 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:48:25.0129 5008 monitor - ok
16:48:25.0169 5008 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:48:25.0169 5008 mouclass - ok
16:48:25.0199 5008 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:48:25.0209 5008 mouhid - ok
16:48:25.0219 5008 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:48:25.0229 5008 mountmgr - ok
16:48:25.0239 5008 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:48:25.0249 5008 mpio - ok
16:48:25.0259 5008 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:48:25.0259 5008 mpsdrv - ok
16:48:25.0319 5008 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:48:25.0329 5008 MpsSvc - ok
16:48:25.0349 5008 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:48:25.0359 5008 MRxDAV - ok
16:48:25.0379 5008 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:48:25.0389 5008 mrxsmb - ok
16:48:25.0419 5008 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:48:25.0419 5008 mrxsmb10 - ok
16:48:25.0439 5008 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:48:25.0439 5008 mrxsmb20 - ok
16:48:25.0459 5008 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:48:25.0459 5008 msahci - ok
16:48:25.0489 5008 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:48:25.0489 5008 msdsm - ok
16:48:25.0519 5008 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:48:25.0519 5008 MSDTC - ok
16:48:25.0539 5008 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:48:25.0539 5008 Msfs - ok
16:48:25.0589 5008 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:48:25.0589 5008 mshidkmdf - ok
16:48:25.0599 5008 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:48:25.0599 5008 msisadrv - ok
16:48:25.0629 5008 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:48:25.0639 5008 MSiSCSI - ok
16:48:25.0639 5008 msiserver - ok
16:48:25.0679 5008 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:48:25.0679 5008 MSKSSRV - ok
16:48:25.0689 5008 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:48:25.0689 5008 MSPCLOCK - ok
16:48:25.0689 5008 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:48:25.0689 5008 MSPQM - ok
16:48:25.0719 5008 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:48:25.0719 5008 MsRPC - ok
16:48:25.0729 5008 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:48:25.0729 5008 mssmbios - ok
16:48:25.0729 5008 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:48:25.0729 5008 MSTEE - ok
16:48:25.0739 5008 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:48:25.0739 5008 MTConfig - ok
16:48:25.0759 5008 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:48:25.0759 5008 Mup - ok
16:48:25.0869 5008 MyWiFiDHCPDNS (6ed8935257672f4cd04a88a0f3de093d) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:48:25.0879 5008 MyWiFiDHCPDNS - ok
16:48:25.0919 5008 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:48:25.0949 5008 napagent - ok
16:48:26.0019 5008 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:48:26.0019 5008 NativeWifiP - ok
16:48:26.0279 5008 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
16:48:26.0279 5008 NAV - ok
16:48:26.0682 5008 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\VirusDefs\20120724.002\ENG64.SYS
16:48:26.0682 5008 NAVENG - ok
16:48:27.0431 5008 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\VirusDefs\20120724.002\EX64.SYS
16:48:27.0446 5008 NAVEX15 - ok
16:48:28.0460 5008 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
16:48:28.0523 5008 NDIS - ok
16:48:28.0601 5008 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:48:28.0616 5008 NdisCap - ok
16:48:28.0679 5008 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:48:28.0679 5008 NdisTapi - ok
16:48:28.0850 5008 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:48:28.0881 5008 Ndisuio - ok
16:48:29.0147 5008 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:48:29.0147 5008 NdisWan - ok
16:48:29.0162 5008 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:48:29.0162 5008 NDProxy - ok
16:48:29.0193 5008 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:48:29.0193 5008 NetBIOS - ok
16:48:29.0225 5008 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:48:29.0225 5008 NetBT - ok
16:48:29.0240 5008 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:48:29.0240 5008 Netlogon - ok
16:48:29.0311 5008 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:48:29.0311 5008 Netman - ok
16:48:29.0381 5008 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:48:29.0381 5008 NetMsmqActivator - ok
16:48:29.0381 5008 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:48:29.0381 5008 NetPipeActivator - ok
16:48:29.0411 5008 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:48:29.0421 5008 netprofm - ok
16:48:29.0421 5008 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:48:29.0421 5008 NetTcpActivator - ok
16:48:29.0421 5008 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:48:29.0421 5008 NetTcpPortSharing - ok
16:48:29.0721 5008 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
16:48:29.0851 5008 NETwNs64 - ok
16:48:29.0971 5008 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:48:29.0981 5008 nfrd960 - ok
16:48:30.0031 5008 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:48:30.0031 5008 NlaSvc - ok
16:48:30.0061 5008 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:48:30.0061 5008 Npfs - ok
16:48:30.0071 5008 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:48:30.0071 5008 nsi - ok
16:48:30.0071 5008 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:48:30.0081 5008 nsiproxy - ok
16:48:30.0171 5008 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:48:30.0221 5008 Ntfs - ok
16:48:30.0301 5008 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:48:30.0301 5008 Null - ok
16:48:30.0351 5008 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
16:48:30.0351 5008 nusb3hub - ok
16:48:30.0401 5008 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
16:48:30.0401 5008 nusb3xhc - ok
16:48:31.0097 5008 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:48:31.0160 5008 nvlddmkm - ok
16:48:31.0550 5008 nvpciflt (5ef70f7714c664bcf50edfc141dea9b8) C:\Windows\system32\DRIVERS\nvpciflt.sys
16:48:31.0550 5008 nvpciflt - ok
16:48:31.0628 5008 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:48:31.0628 5008 nvraid - ok
16:48:31.0675 5008 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:48:31.0675 5008 nvstor - ok
16:48:31.0893 5008 NVSvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
16:48:31.0940 5008 NVSvc - ok
16:48:32.0402 5008 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
16:48:32.0433 5008 nvUpdatusService - ok
16:48:32.0543 5008 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:48:32.0543 5008 nv_agp - ok
16:48:32.0558 5008 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:48:32.0558 5008 ohci1394 - ok
16:48:32.0636 5008 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:48:32.0636 5008 ose - ok
16:48:33.0089 5008 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:48:33.0151 5008 osppsvc - ok
16:48:33.0978 5008 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:48:33.0993 5008 p2pimsvc - ok
16:48:34.0040 5008 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:48:34.0056 5008 p2psvc - ok
16:48:34.0103 5008 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
16:48:34.0118 5008 Parport - ok
16:48:34.0149 5008 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:48:34.0149 5008 partmgr - ok
16:48:34.0181 5008 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:48:34.0181 5008 PcaSvc - ok
16:48:34.0212 5008 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:48:34.0212 5008 pci - ok
16:48:34.0227 5008 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:48:34.0227 5008 pciide - ok
16:48:34.0321 5008 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:48:34.0337 5008 pcmcia - ok
16:48:34.0352 5008 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:48:34.0368 5008 pcw - ok
16:48:34.0446 5008 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:48:34.0461 5008 PEAUTH - ok
16:48:34.0680 5008 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:48:34.0695 5008 PerfHost - ok
16:48:35.0023 5008 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:48:35.0101 5008 pla - ok
16:48:35.0319 5008 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:48:35.0319 5008 PlugPlay - ok
16:48:35.0351 5008 PnkBstrA - ok
16:48:35.0382 5008 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:48:35.0382 5008 PNRPAutoReg - ok
16:48:35.0413 5008 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:48:35.0413 5008 PNRPsvc - ok
16:48:35.0444 5008 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:48:35.0460 5008 PolicyAgent - ok
16:48:35.0475 5008 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:48:35.0475 5008 Power - ok
16:48:35.0553 5008 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:48:35.0569 5008 PptpMiniport - ok
16:48:35.0569 5008 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:48:35.0585 5008 Processor - ok
16:48:35.0631 5008 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
16:48:35.0631 5008 ProfSvc - ok
16:48:35.0663 5008 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:48:35.0663 5008 ProtectedStorage - ok
16:48:35.0678 5008 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:48:35.0678 5008 Psched - ok
16:48:35.0741 5008 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:48:35.0741 5008 PxHlpa64 - ok
16:48:35.0834 5008 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:48:35.0865 5008 ql2300 - ok
16:48:35.0975 5008 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:48:35.0975 5008 ql40xx - ok
16:48:36.0006 5008 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:48:36.0006 5008 QWAVE - ok
16:48:36.0021 5008 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:48:36.0021 5008 QWAVEdrv - ok
16:48:36.0037 5008 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:48:36.0037 5008 RasAcd - ok
16:48:36.0131 5008 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:48:36.0146 5008 RasAgileVpn - ok
16:48:36.0209 5008 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:48:36.0224 5008 RasAuto - ok
16:48:36.0255 5008 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:48:36.0255 5008 Rasl2tp - ok
16:48:36.0287 5008 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:48:36.0287 5008 RasMan - ok
16:48:36.0443 5008 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:48:36.0458 5008 RasPppoe - ok
16:48:36.0567 5008 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:48:36.0567 5008 RasSstp - ok
16:48:36.0630 5008 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:48:36.0645 5008 rdbss - ok
16:48:36.0692 5008 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
16:48:36.0708 5008 rdpbus - ok
16:48:36.0864 5008 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:48:36.0957 5008 RDPCDD - ok
16:48:37.0020 5008 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:48:37.0020 5008 RDPENCDD - ok
16:48:37.0051 5008 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:48:37.0051 5008 RDPREFMP - ok
16:48:37.0347 5008 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
16:48:37.0379 5008 RDPWD - ok
16:48:37.0769 5008 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:48:37.0769 5008 rdyboost - ok
16:48:38.0783 5008 RegSrvc (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:48:38.0923 5008 RegSrvc - ok
16:48:39.0235 5008 Remote Solver for Flow Simulation 2011 (bc0db8ae78ada06e54eb442932af6cfd) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
16:48:39.0235 5008 Remote Solver for Flow Simulation 2011 - ok
16:48:39.0360 5008 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:48:39.0391 5008 RemoteAccess - ok
16:48:39.0625 5008 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:48:39.0625 5008 RemoteRegistry - ok
16:48:41.0029 5008 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
16:48:41.0076 5008 RoxMediaDB12OEM - ok
16:48:41.0497 5008 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
16:48:41.0528 5008 RoxWatch12 - ok
16:48:42.0495 5008 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:48:42.0495 5008 RpcEptMapper - ok
16:48:42.0542 5008 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:48:42.0542 5008 RpcLocator - ok
16:48:43.0275 5008 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:48:43.0275 5008 RpcSs - ok
16:48:43.0915 5008 RSPCIESTOR (19a89badcaabe246f877c4a05233c335) C:\Windows\system32\DRIVERS\RtsPStor.sys
16:48:43.0915 5008 RSPCIESTOR - ok
16:48:44.0071 5008 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:48:44.0087 5008 rspndr - ok
16:48:44.0180 5008 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:48:44.0180 5008 SamSs - ok
16:48:44.0383 5008 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:48:44.0383 5008 sbp2port - ok
16:48:44.0679 5008 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:48:44.0711 5008 SCardSvr - ok
16:48:44.0820 5008 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:48:44.0867 5008 scfilter - ok
16:48:46.0676 5008 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:48:46.0723 5008 Schedule - ok
16:48:46.0832 5008 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:48:46.0832 5008 SCPolicySvc - ok
16:48:47.0004 5008 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
16:48:47.0004 5008 sdbus - ok
16:48:47.0222 5008 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:48:47.0253 5008 SDRSVC - ok
16:48:47.0331 5008 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:48:47.0347 5008 secdrv - ok
16:48:47.0388 5008 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:48:47.0398 5008 seclogon - ok
16:48:47.0508 5008 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:48:47.0508 5008 SENS - ok
16:48:47.0608 5008 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:48:47.0608 5008 SensrSvc - ok
16:48:47.0698 5008 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
16:48:47.0708 5008 Serenum - ok
16:48:47.0868 5008 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
16:48:47.0878 5008 Serial - ok
16:48:47.0938 5008 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:48:47.0938 5008 sermouse - ok
16:48:48.0118 5008 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:48:48.0118 5008 SessionEnv - ok
16:48:48.0128 5008 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:48:48.0128 5008 sffdisk - ok
16:48:48.0138 5008 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:48:48.0138 5008 sffp_mmc - ok
16:48:48.0168 5008 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:48:48.0168 5008 sffp_sd - ok
16:48:48.0188 5008 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:48:48.0204 5008 sfloppy - ok
16:48:48.0578 5008 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\AlienRespawn\sftservice.EXE
16:48:48.0609 5008 SftService - ok
16:48:48.0719 5008 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:48:48.0719 5008 SharedAccess - ok
16:48:48.0750 5008 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:48:48.0750 5008 ShellHWDetection - ok
16:48:48.0906 5008 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:48:48.0921 5008 SiSRaid2 - ok
16:48:49.0046 5008 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:48:49.0062 5008 SiSRaid4 - ok
16:48:49.0202 5008 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:48:49.0202 5008 Smb - ok
16:48:49.0296 5008 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:48:49.0296 5008 SNMPTRAP - ok
16:48:49.0577 5008 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
16:48:49.0577 5008 SolidWorks Licensing Service - ok
16:48:49.0623 5008 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:48:49.0623 5008 spldr - ok
16:48:49.0733 5008 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:48:49.0748 5008 Spooler - ok
16:48:49.0967 5008 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:48:50.0013 5008 sppsvc - ok
16:48:50.0981 5008 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:48:50.0981 5008 sppuinotify - ok
16:48:51.0105 5008 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NAVx64\1307010.005\SRTSP64.SYS
16:48:51.0137 5008 SRTSP - ok
16:48:51.0152 5008 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NAVx64\1307010.005\SRTSPX64.SYS
16:48:51.0168 5008 SRTSPX - ok
16:48:51.0199 5008 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:48:51.0215 5008 srv - ok
16:48:51.0246 5008 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:48:51.0261 5008 srv2 - ok
16:48:51.0277 5008 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:48:51.0293 5008 srvnet - ok
16:48:51.0339 5008 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:48:51.0355 5008 SSDPSRV - ok
16:48:51.0371 5008 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:48:51.0371 5008 SstpSvc - ok
16:48:51.0417 5008 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
16:48:51.0417 5008 stdcfltn - ok
16:48:51.0511 5008 Steam Client Service - ok
16:48:51.0620 5008 Stereo Service (6086b60f2e36d06a063cb07ed0524332) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:48:51.0620 5008 Stereo Service - ok
16:48:51.0636 5008 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:48:51.0651 5008 stexstor - ok
16:48:51.0698 5008 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:48:51.0714 5008 stisvc - ok
16:48:51.0745 5008 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
16:48:51.0745 5008 stllssvr - ok
16:48:51.0761 5008 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:48:51.0761 5008 swenum - ok
16:48:51.0792 5008 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:48:51.0823 5008 swprv - ok
16:48:51.0901 5008 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS
16:48:51.0917 5008 SymDS - ok
16:48:52.0057 5008 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS
16:48:52.0088 5008 SymEFA - ok
16:48:52.0135 5008 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:48:52.0135 5008 SymEvent - ok
16:48:52.0213 5008 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS
16:48:52.0213 5008 SymIRON - ok
16:48:52.0244 5008 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS
16:48:52.0244 5008 SymNetS - ok
16:48:52.0322 5008 SynTP (d8205430cfd64fdb7d691d3bb74fd18f) C:\Windows\system32\DRIVERS\SynTP.sys
16:48:52.0338 5008 SynTP - ok
16:48:52.0509 5008 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:48:52.0541 5008 SysMain - ok
16:48:52.0603 5008 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:48:52.0603 5008 TabletInputService - ok
16:48:52.0619 5008 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:48:52.0619 5008 TapiSrv - ok
16:48:52.0634 5008 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:48:52.0634 5008 TBS - ok
16:48:52.0743 5008 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:48:53.0071 5008 Tcpip - ok
16:48:53.0227 5008 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:48:53.0243 5008 TCPIP6 - ok
16:48:53.0305 5008 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:48:53.0305 5008 tcpipreg - ok
16:48:53.0321 5008 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:48:53.0321 5008 TDPIPE - ok
16:48:53.0336 5008 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:48:53.0336 5008 TDTCP - ok
16:48:53.0383 5008 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:48:53.0383 5008 tdx - ok
16:48:53.0399 5008 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
16:48:53.0399 5008 TermDD - ok
16:48:53.0445 5008 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:48:53.0461 5008 TermService - ok
16:48:53.0461 5008 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:48:53.0461 5008 Themes - ok
16:48:53.0492 5008 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:48:53.0492 5008 THREADORDER - ok
16:48:53.0508 5008 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:48:53.0508 5008 TrkWks - ok
16:48:53.0555 5008 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:48:53.0555 5008 TrustedInstaller - ok
16:48:53.0586 5008 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:48:53.0586 5008 tssecsrv - ok
16:48:53.0617 5008 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:48:53.0633 5008 TsUsbFlt - ok
16:48:53.0633 5008 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
16:48:53.0633 5008 TsUsbGD - ok
16:48:53.0648 5008 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:48:53.0648 5008 tunnel - ok
16:48:53.0664 5008 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:48:53.0679 5008 uagp35 - ok
16:48:53.0711 5008 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:48:53.0711 5008 udfs - ok
16:48:53.0726 5008 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:48:53.0742 5008 UI0Detect - ok
16:48:53.0742 5008 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:48:53.0742 5008 uliagpkx - ok
16:48:53.0789 5008 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:48:53.0789 5008 umbus - ok
16:48:53.0835 5008 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
16:48:53.0835 5008 UmPass - ok
16:48:53.0851 5008 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:48:53.0867 5008 upnphost - ok
16:48:53.0913 5008 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
16:48:53.0913 5008 USBAAPL64 - ok
16:48:53.0945 5008 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
16:48:53.0945 5008 usbccgp - ok
16:48:53.0960 5008 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:48:53.0960 5008 usbcir - ok
16:48:53.0960 5008 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:48:53.0976 5008 usbehci - ok
16:48:54.0007 5008 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:48:54.0007 5008 usbhub - ok
16:48:54.0023 5008 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:48:54.0038 5008 usbohci - ok
16:48:54.0069 5008 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:48:54.0069 5008 usbprint - ok
16:48:54.0116 5008 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:48:54.0132 5008 usbscan - ok
16:48:54.0194 5008 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\DRIVERS\usbser.sys
16:48:54.0210 5008 usbser - ok
16:48:54.0241 5008 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:48:54.0241 5008 USBSTOR - ok
16:48:54.0257 5008 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:48:54.0272 5008 usbuhci - ok
16:48:54.0350 5008 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:48:54.0350 5008 usbvideo - ok
16:48:54.0381 5008 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:48:54.0381 5008 UxSms - ok
16:48:54.0475 5008 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:48:54.0475 5008 VaultSvc - ok
16:48:54.0569 5008 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:48:54.0569 5008 vdrvroot - ok
16:48:54.0600 5008 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:48:54.0615 5008 vds - ok
16:48:54.0678 5008 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:48:54.0709 5008 vga - ok
16:48:54.0740 5008 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:48:54.0756 5008 VgaSave - ok
16:48:55.0052 5008 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:48:55.0083 5008 vhdmp - ok
16:48:55.0099 5008 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:48:55.0099 5008 viaide - ok
16:48:55.0239 5008 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:48:55.0239 5008 volmgr - ok
16:48:55.0551 5008 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:48:55.0567 5008 volmgrx - ok
16:48:55.0598 5008 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:48:55.0598 5008 volsnap - ok
16:48:55.0629 5008 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:48:55.0645 5008 vsmraid - ok
16:48:55.0707 5008 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:48:55.0739 5008 VSS - ok
16:48:55.0832 5008 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:48:55.0832 5008 vwifibus - ok
16:48:55.0879 5008 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:48:55.0879 5008 vwififlt - ok
16:48:55.0957 5008 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:48:55.0957 5008 vwifimp - ok
16:48:56.0004 5008 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:48:56.0004 5008 W32Time - ok
16:48:56.0019 5008 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:48:56.0019 5008 WacomPen - ok
16:48:56.0066 5008 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:48:56.0066 5008 WANARP - ok
16:48:56.0082 5008 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:48:56.0082 5008 Wanarpv6 - ok
16:48:56.0175 5008 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:48:56.0207 5008 WatAdminSvc - ok
16:48:56.0316 5008 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:48:56.0344 5008 wbengine - ok
16:48:56.0443 5008 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:48:56.0448 5008 WbioSrvc - ok
16:48:56.0470 5008 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:48:56.0476 5008 wcncsvc - ok
16:48:56.0484 5008 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:48:56.0487 5008 WcsPlugInService - ok
16:48:56.0510 5008 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:48:56.0512 5008 Wd - ok
16:48:56.0541 5008 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:48:56.0558 5008 Wdf01000 - ok
16:48:56.0575 5008 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:48:56.0576 5008 WdiServiceHost - ok
16:48:56.0579 5008 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:48:56.0581 5008 WdiSystemHost - ok
16:48:56.0620 5008 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\Windows\system32\DRIVERS\WDKMD.sys
16:48:56.0620 5008 wdkmd - ok
16:48:56.0636 5008 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:48:56.0642 5008 WebClient - ok
16:48:56.0662 5008 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:48:56.0668 5008 Wecsvc - ok
16:48:56.0682 5008 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:48:56.0685 5008 wercplsupport - ok
16:48:56.0756 5008 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:48:56.0760 5008 WerSvc - ok
16:48:57.0030 5008 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:48:57.0032 5008 WfpLwf - ok
16:48:57.0140 5008 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
16:48:57.0143 5008 WimFltr - ok
16:48:57.0159 5008 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:48:57.0162 5008 WIMMount - ok
16:48:57.0184 5008 WinDefend - ok
16:48:57.0190 5008 WinHttpAutoProxySvc - ok
16:48:57.0237 5008 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:48:57.0240 5008 Winmgmt - ok
16:48:57.0319 5008 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:48:57.0382 5008 WinRM - ok
16:48:57.0520 5008 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:48:57.0522 5008 WinUsb - ok
16:48:57.0569 5008 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:48:57.0585 5008 Wlansvc - ok
16:48:57.0791 5008 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:48:57.0824 5008 wlidsvc - ok
16:48:58.0021 5008 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:48:58.0023 5008 WmiAcpi - ok
16:48:58.0065 5008 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:48:58.0069 5008 wmiApSrv - ok
16:48:58.0119 5008 WMPNetworkSvc - ok
16:48:58.0164 5008 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:48:58.0167 5008 WPCSvc - ok
16:48:58.0184 5008 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:48:58.0186 5008 WPDBusEnum - ok
16:48:58.0194 5008 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:48:58.0195 5008 ws2ifsl - ok
16:48:58.0203 5008 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:48:58.0206 5008 wscsvc - ok
16:48:58.0208 5008 WSearch - ok
16:48:58.0316 5008 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
16:48:58.0366 5008 wuauserv - ok
16:48:58.0464 5008 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:48:58.0467 5008 WudfPf - ok
16:48:58.0511 5008 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:48:58.0515 5008 WUDFRd - ok
16:48:58.0536 5008 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:48:58.0538 5008 wudfsvc - ok
16:48:58.0561 5008 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:48:58.0566 5008 WwanSvc - ok
16:48:58.0623 5008 MBR (0x1B8) (e9f67288208d53ef770f82e186904857) \Device\Harddisk0\DR0
16:48:58.0680 5008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:48:58.0680 5008 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:48:58.0688 5008 Boot (0x1200) (05be9aae8d01f4a80b87d74a03f8d97d) \Device\Harddisk0\DR0\Partition0
16:48:58.0690 5008 \Device\Harddisk0\DR0\Partition0 - ok
16:48:58.0703 5008 Boot (0x1200) (5b3d55baf22b9b48e314d81e5cdfac80) \Device\Harddisk0\DR0\Partition1
16:48:58.0705 5008 \Device\Harddisk0\DR0\Partition1 - ok
16:48:58.0706 5008 ============================================================
16:48:58.0706 5008 Scan finished
16:48:58.0706 5008 ============================================================
16:48:58.0713 2476 Detected object count: 1
16:48:58.0713 2476 Actual detected object count: 1
16:50:21.0086 2476 \Device\Harddisk0\DR0\# - copied to quarantine
16:50:21.0087 2476 \Device\Harddisk0\DR0 - copied to quarantine
16:50:21.0206 2476 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
16:50:21.0210 2476 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
16:50:21.0241 2476 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
16:50:21.0260 2476 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
16:50:21.0261 2476 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
16:50:21.0263 2476 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
16:50:21.0265 2476 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
16:50:21.0269 2476 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
16:50:21.0274 2476 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
16:50:21.0276 2476 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
16:50:21.0278 2476 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
16:50:21.0279 2476 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
16:50:21.0303 2476 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
16:50:21.0329 2476 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:50:21.0336 2476 \Device\Harddisk0\DR0 - ok
16:50:21.0342 2476 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
16:50:25.0639 7556 Deinitialize success

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 25 July 2012 - 05:23 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 donchawunder

donchawunder
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 25 July 2012 - 06:10 PM

I ran combofix as requested. After running, the same error arose as in the "note" I have since restarted, and all seems well. The computer seems to be running smoothly. When I Ctrl-Alt-Del. under processes I no longer see the "scvhost.exe*32 Descriprion winrscmde" process. The Combofix ran smoothly and the log is below as per request. Am i finally rid of that nasty virus?


ComboFix Log:



ComboFix 12-07-25.04 - Justin 07/25/2012 17:48:23.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4212 [GMT -5:00]
Running from: c:\users\Justin\Desktop\ComboFix.exe
Command switches used :: c:\users\Justin\Desktop\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 22:55 . 2012-07-25 22:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-25 22:55 . 2012-07-25 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-25 21:50 . 2012-07-25 21:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-17 19:55 . 2012-07-17 19:55 -------- d-----w- c:\users\Justin\AppData\Roaming\Malwarebytes
2012-07-17 19:54 . 2012-07-17 19:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-17 19:54 . 2012-07-17 19:54 -------- d-----w- c:\programdata\Malwarebytes
2012-07-17 19:54 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-17 00:22 . 2012-07-17 00:22 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-17 00:22 . 2012-07-17 00:22 -------- d-----w- c:\windows\system32\Macromed
2012-07-11 08:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 19:23 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-01 02:33 . 2012-07-01 02:33 -------- d-----w- c:\program files\iPod
2012-07-01 02:33 . 2012-07-01 02:33 -------- d-----w- c:\program files\iTunes
2012-07-01 02:33 . 2012-07-01 02:33 -------- d-----w- c:\program files (x86)\iTunes
2012-07-01 02:28 . 2012-07-01 02:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-01 02:28 . 2012-07-01 02:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-01 02:28 . 2012-07-01 02:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-01 02:28 . 2012-07-01 02:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-01 02:28 . 2012-07-01 02:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-01 02:28 . 2012-07-01 02:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-01 02:28 . 2012-07-01 02:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-01 02:28 . 2012-07-01 02:28 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 00:22 . 2011-07-28 11:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-22 16:51 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 16:51 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 16:51 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 16:51 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 16:51 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 16:51 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 16:51 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-22 16:51 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-22 16:51 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-14 19:37 . 2012-05-14 17:30 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-14 19:37 . 2012-05-14 17:26 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-14 17:31 . 2012-05-14 17:26 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-05-14 17:30 . 2012-05-14 17:26 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-14 16:50 . 2012-05-14 17:26 3360624 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-05-14 02:49 . 2012-05-14 02:49 532480 ----a-w- c:\windows\SysWow64\alienwareScreensaverDemo.scr
2012-05-01 05:40 . 2012-06-14 18:48 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 18:48 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-24_18.44.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-04-22 00:34 . 2012-07-17 20:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-04-22 00:34 . 2012-07-25 21:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2010-11-21 03:09 . 2012-07-24 19:14 41858 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-25 22:43 39154 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-04 21:19 . 2012-07-25 22:43 13122 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2109389839-2492613602-1281669699-1002_UserData.bin
+ 2012-07-25 22:56 . 2012-07-25 22:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-24 18:42 . 2012-07-24 18:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-25 22:56 . 2012-07-25 22:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-24 18:42 . 2012-07-24 18:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-22 00:32 . 2012-07-25 21:43 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-04-22 00:32 . 2012-07-24 18:43 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-07-24 18:43 589824 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-24 19:10 589824 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-22 00:34 . 2012-07-24 18:03 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-04-22 00:34 . 2012-07-25 21:43 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-08-05 01:35 . 2012-07-25 21:43 287360 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-21 16:32 660530 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-24 18:49 660530 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-24 18:49 121426 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-21 16:32 121426 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-25 22:55 372700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-24 18:41 372700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-07-24 18:43 9125888 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-24 19:10 9125888 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-04 04:09 . 2012-07-25 22:55 7735092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2109389839-2492613602-1281669699-1002-8192.dat
+ 2012-05-13 23:42 . 2012-07-25 21:50 9246504 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2012-05-13 23:42 . 2012-07-24 18:41 9246504 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-07-24 19:10 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-24 18:43 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-03 1242448]
"Spotify"="c:\users\Justin\AppData\Roaming\Spotify\Spotify.exe" [2012-07-22 7601880]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-01-10 1545584]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-09-05 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-10-01 640376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Integrated Webcam Live! Central"="c:\program files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" [2011-08-12 520330]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks Background Downloader.lnk - c:\program files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe [2011-12-1 1834280]
Windchill ProductPoint Client Manager.lnk - c:\windows\Installer\{371E8B48-2AF1-491B-8F35-BD60D18CB927}\PPS.ico [2011-12-1 7782]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-01-13 15296]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-17 250056]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-07 35840]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-01-08 87336]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-02 1431888]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-05-04 158976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Remote Solver for Flow Simulation 2011;Remote Solver for Flow Simulation 2011;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2010-12-01 110344]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-05 1255736]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-11 25960]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS [2012-01-17 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\IPSDefs\20120722.001\IDSvia64.sys [2012-06-14 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2011-02-01 98208]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-08-18 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-27 27760]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-06-16 176000]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-07 138912]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-05-04 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-12-26 76912]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2011-03-03 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-02-03 8505856]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-03-04 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-03-04 181760]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-03 333928]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-17 00:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-01 6602856]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-02-01 2186856]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 703088]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2011-01-13 13256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1692264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://AlienwareArena.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:0a,5a,b3,2f,0f,2e,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\AlienRespawn\TOASTER.EXE
c:\program files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2012-07-25 18:02:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-25 23:02
ComboFix2.txt 2012-07-24 18:51
.
Pre-Run: 314,498,891,776 bytes free
Post-Run: 314,404,253,696 bytes free
.
- - End Of File - - 05B1EBD41396ABF6F80180D7DFF8EF68

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 25 July 2012 - 08:58 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 24 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 donchawunder

donchawunder
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 27 July 2012 - 12:50 PM

Greetings, All scans have been run as directed. Java was uninstalled as direcred. I will indeed keep the ccleaner and run it as instructed. The logs from MBAM and Hijack this are below. MBAM stated it did not find any malicious software so it did not prompt me to delete anything. the log simply popped up. Both logs are below. MBAM is first, Hijack this log is after.


MBAM log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.27.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Justin :: JUSTIN-PC [administrator]

7/27/2012 12:38:57 PM
mbam-log-2012-07-27 (12-38-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221048
Time elapsed: 2 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)







Hijack this Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:47:32 PM, on 7/27/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Justin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://AlienwareArena.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Spotify] "C:\Users\Justin\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-2109389839-2492613602-1281669699-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2109389839-2492613602-1281669699-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: SolidWorks Background Downloader.lnk = ?
O4 - Global Startup: Windchill ProductPoint Client Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Solver for Flow Simulation 2011 - Mentor Graphics Corporation - C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\AlienRespawn\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13635 bytes

Edited by donchawunder, 27 July 2012 - 12:50 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 27 July 2012 - 04:03 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
      O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
      O4 - HKCU\..\Run: [Spotify] "C:\Users\Justin\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKUS\S-1-5-21-2109389839-2492613602-1281669699-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-2109389839-2492613602-1281669699-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
      O4 - Global Startup: SolidWorks Background Downloader.lnk = ?
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 donchawunder

donchawunder
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 27 July 2012 - 05:35 PM

I did remove several start up entries such as steam, spotify, and such. Thankyou for that help. The log of ESET scan is below as per request!

ESET Log:

C:\Program Files (x86)\AlienRespawn\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\TDSSKiller_Quarantine\25.07.2012_16.47.34\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\25.07.2012_16.47.34\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\25.07.2012_16.47.34\mbr0000\tdlfs0000\tsk0012.dta a variant of Win32/Olmarik.AYI trojan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users