Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many Symptoms, computer rewrites over my files, changes my settings on every reboot, have about 12 SvcHost's running


  • This topic is locked This topic is locked
14 replies to this topic

#1 BigComputerProblems

BigComputerProblems

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Heights
  • Local time:06:55 PM

Posted 19 July 2012 - 03:57 AM

Here are my symptoms followed by my DDS.text. I ran Defogger to disable my CD/DVD Drive prior to running it. I am running a Windows 7, 64 Bit, Home Premium. I have the reinstallation disk. My symptoms are many.

1) I cannot download anything on my initial administrator account. I created a second administrator account to be able to do this.
2) My system settings change, i.e. position of windows, start-up programs, MS Word positions and fonts, etc., every time I reboot.
3) When I look at logs in my operating system files there are tons of weird characters, sometimes foreign letters, and at the end they usually say “gÄ.wDIRTÿ”
4) Here is an example of a log entitled “NTUSER.DAT.LOG” (Verbatim)

regf6 6 FᐟL‰Ë  r e m i u m \ U s e r s \ D e f a u l t \ N T U S E R . D A T ¼ˆholލ Íã켈holލ Íãì ½ˆholލ Íãìrmtm gÄ.wDIRTÿ

5) Every time I reboot, Touchpad settings reset.
6) Sometimes left click only does the right click action
7) Everytime I get to a new site, I am always and instantly hit with a survey. (that must be indicative of a problem.)
8) Almost always when I try to access or delete a file, I am told it is in use.
9) Attached are JPEGs of 3 strange files. I have many more and I think it’s indicative of a problem. One is entitled “consumer-lop.css” , “isolate.ini”, and “StructuredQuery.Log”. They show what seems to be the computer rewriting things to my hard drive, deceptively
10) Most of my System restore points just disappear.
11) In MS Office I have a lot of strange fonts that I didn’t have initially.
12) Some logs refer to something called “W3C” (Sorry if irrelevant)
13) Under “Administrative settings”, I no longer have access to any of my logs. That just started today. When I did have access, there would be about two or three warnings or errors every second, literally.
14) I have no control over virtually any security settings, as I am told that I do not have access.
15) I have Norton installed but it never alerts me of anything.
16) I have Norton Safe-Web enabled in my browser, but every time I open a new window it says “Norton Safe-Web” is disabled. I then re-enable it but the next internet explorer window I open it is disabled again.
17) I always hear my hard-drive racing when I am not on it
18) When I look at my computer connections there are always about 10 servers or computers attached to my computer

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Otis at 3:18:15 on 2012-07-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.5755 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Otis\AppData\Local\Autobahn\nexdef.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\dllhost.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
uDefault_Page_URL = hxxp://www.dell.com
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\coIEPlg.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Otis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEXDEF~1.LNK - C:\Users\Otis\AppData\Local\Autobahn\nexdef.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{CBFFE1AB-93BE-4AF4-8557-55E941AAE3F1} : DhcpNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\coIEPlg.dll
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-11 1161376]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120718.001\IDSviA64.sys [2012-7-18 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-7-13 98208]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-19 655944]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\ccsvchst.exe [2012-7-13 138232]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-7-13 138912]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\Netwsw00.sys --> C:\Windows\system32\DRIVERS\Netwsw00.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-13 250056]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2012-7-13 401920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-19 05:50:41 -------- d-----w- C:\Windows\System32\%LOCALAPPDATA%
2012-07-19 05:29:26 -------- d-----w- C:\Users\Otis\AppData\Roaming\Malwarebytes
2012-07-19 05:29:21 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-19 05:29:21 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-19 05:29:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-19 04:34:50 -------- d-----w- C:\Program Files (x86)\Belarc
2012-07-19 01:00:36 -------- d-----w- C:\Users\Otis\.autobahn
2012-07-19 01:00:29 -------- d-----w- C:\Users\Otis\AppData\Local\Autobahn
2012-07-15 07:04:18 -------- d-----w- C:\Windows\pss
2012-07-15 00:36:01 -------- d-----w- C:\Users\Otis\AppData\Local\Apple
2012-07-14 21:22:01 -------- d-----w- C:\Users\Otis\AppData\Local\CrashDumps
2012-07-14 09:27:56 43640 ----a-r- C:\Windows\System32\drivers\SymIMV.sys
2012-07-13 21:09:47 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-07-13 21:09:39 -------- d-----w- C:\Windows\SHELLNEW
2012-07-13 21:00:32 -------- d-----w- C:\Program Files (x86)\Amazon
2012-07-13 20:06:58 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2012-07-13 19:00:08 -------- d-----w- C:\Windows\SysWow64\Wat
2012-07-13 19:00:08 -------- d-----w- C:\Windows\System32\Wat
2012-07-13 18:17:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-13 18:17:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-13 18:17:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-13 18:17:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-13 18:17:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-13 18:17:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-13 18:17:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-13 18:12:56 -------- d-----w- C:\Users\Otis\AppData\Local\Apple Computer
2012-07-13 18:12:34 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-07-13 18:12:34 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-07-13 18:12:34 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-07-13 18:12:08 -------- d-----w- C:\Program Files\iPod
2012-07-13 18:12:07 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-07-13 18:12:07 -------- d-----w- C:\Program Files\iTunes
2012-07-13 18:12:07 -------- d-----w- C:\Program Files (x86)\iTunes
2012-07-13 18:11:06 -------- d-----w- C:\Program Files\Bonjour
2012-07-13 18:11:06 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-07-13 18:07:16 -------- d-----w- C:\Users\Otis\AppData\Local\VirtualStore
2012-07-13 17:19:36 -------- d-----w- C:\Windows\Panther
2012-07-13 17:19:21 -------- d-sh--w- C:\Boot
2012-07-13 17:19:01 -------- d-----w- C:\Windows\System32\OEM
2012-07-13 15:21:05 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-07-13 15:17:45 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 15:17:45 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-13 14:53:06 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-13 14:53:06 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-07-13 14:53:05 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-07-13 14:53:05 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-07-13 14:53:05 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-07-13 14:40:34 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-07-13 14:34:29 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-07-13 14:31:03 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-13 14:17:32 737912 ----a-w- C:\Windows\System32\drivers\N360x64\0602010.005\srtsp64.sys
2012-07-13 14:17:32 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\symds64.sys
2012-07-13 14:17:32 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\symnets.sys
2012-07-13 14:17:32 37496 ----a-w- C:\Windows\System32\drivers\N360x64\0602010.005\srtspx64.sys
2012-07-13 14:17:32 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\ironx64.sys
2012-07-13 14:17:32 167048 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\ccsetx64.sys
2012-07-13 14:17:32 1092728 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\symefa64.sys
2012-07-13 14:17:20 -------- d-----w- C:\Windows\System32\drivers\N360x64\0602010.005
2012-07-13 14:15:28 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-07-13 14:15:28 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-07-13 14:15:28 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-07-13 14:15:28 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-07-13 14:15:28 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-07-13 14:15:28 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-07-13 14:15:28 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-07-13 14:06:07 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-07-13 14:06:07 -------- d-----w- C:\Program Files\Symantec
2012-07-13 14:06:07 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-07-13 14:05:46 -------- d-----w- C:\Windows\System32\drivers\N360x64
2012-07-13 14:05:45 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2012-07-13 14:05:39 -------- d-----w- C:\ProgramData\NortonInstaller
2012-07-13 14:05:39 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-07-13 14:03:58 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-13 14:02:59 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-07-13 13:56:59 -------- d-----w- C:\Windows\System32\SRSLabs
2012-07-13 13:52:19 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2012-07-13 13:52:07 -------- d-----w- C:\Windows\PCHEALTH
2012-07-13 13:52:02 -------- d-sh--w- C:\Windows\Installer
2012-07-13 13:49:43 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-13 13:49:39 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4948BFFD-0B06-4CFF-9E04-6A0CB988217B}\mpengine.dll
2012-07-13 13:49:09 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-07-13 13:49:09 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-07-13 13:49:09 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-07-13 13:45:19 -------- d-----w- C:\Program Files\Common Files\Intel
2012-07-13 13:45:19 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-07-13 13:43:39 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-07-13 13:43:29 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-07-13 13:43:21 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-07-13 13:43:21 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-07-13 13:42:23 -------- d-----w- C:\Windows\SysWow64\Atheros_L1e
2012-07-12 21:03:15 -------- d-----w- C:\Hotfix
2012-07-12 21:03:15 -------- d-----w- C:\Drivers
2012-07-12 17:45:41 -------- d-----w- C:\Intel
2012-07-12 17:16:17 76912 ----a-w- C:\Windows\System32\drivers\L1C62x64.sys
2012-07-12 17:13:51 -------- d-----w- C:\Dell
2012-07-12 17:11:25 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-25 16:11:36 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-04-25 16:11:36 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 3:18:30.19 ===============

Edited by BigComputerProblems, 19 July 2012 - 04:41 AM.


BC AdBot (Login to Remove)

 


#2 BigComputerProblems

BigComputerProblems
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Heights
  • Local time:06:55 PM

Posted 19 July 2012 - 04:40 AM

Strange files:

StructuredQuery.Log

SQL query built: SELECT TOP 3 "Microsoft.IE.TargetUrl", "System.ItemPathDisplay", "Microsoft.IE.Title", "Microsoft.IE.VisitCount", "System.ItemUrl" FROM SystemIndex..SCOPE() WHERE SCOPE='file:C:\Users\Otis\Favorites\' AND ((NOT CONTAINS("System.ItemType",'"Folder"') AND NOT CONTAINS("System.ItemType",'"Directory"'))) ORDER BY "Microsoft.IE.SelectionCount" DESC , "System.Search.Rank" DESC , "Microsoft.IE.VisitCount" DESC
SQL query built: SELECT TOP 4 "Microsoft.IE.TargetUrl", "System.ItemPathDisplay", "Microsoft.IE.Title", "Microsoft.IE.SelectionCount" FROM SystemIndex..SCOPE() WHERE SCOPE='iehistory://{S-1-5-21-1571818981-3847851277-3780908592-1001}/' AND ((NOT CONTAINS("System.ItemType",'"Folder"') AND NOT CONTAINS("System.ItemType",'"Directory"'))) AND (((CONTAINS("Microsoft.IE.TargetUrlHostName", '"ww*"',1033) RANK BY COERCION(Absolute, 250)) ) OR ((CONTAINS("Microsoft.IE.Title", '"ww*"',1033) RANK BY COERCION(Absolute, 150)) ) OR ((CONTAINS("Microsoft.IE.TargetUrlPath", '"ww*"',1033) RANK BY COERCION(Absolute, 100)) )) ORDER BY "Microsoft.IE.SelectionCount" DESC , "Microsoft.IE.VisitCount" DESC , "System.Search.Rank" DESC
SQL query built: SELECT TOP 4 "Microsoft.IE.TargetUrl", "System.ItemPathDisplay", "Microsoft.IE.Title", "Microsoft.IE.SelectionCount" FROM SystemIndex..SCOPE() WHERE SCOPE='iehistory://{S-1-5-21-1571818981-3847851277-3780908592-1001}/' AND ((NOT CONTAINS("System.ItemType",'"Folder"') AND NOT CONTAINS("System.ItemType",'"Directory"'))) AND (((CONTAINS("Microsoft.IE.TargetUrlHostName", '"ww*"',1033) RANK BY COERCION(Absolute, 250)) ) OR ((CONTAINS("Microsoft.IE.Title", '"ww*"',1033) RANK BY COERCION(Absolute, 150)) ) OR ((CONTAINS("Microsoft.IE.TargetUrlPath", '"ww*"',1033) RANK BY COERCION(Absolute, 100)) )) ORDER BY "Microsoft.IE.SelectionCount" DESC , "Microsoft.IE.VisitCount" DESC , "System.Search.Rank" DESC
SQL query built: SELECT TOP 3 "Microsoft.IE.TargetUrl", "System.ItemPathDisplay", "Microsoft.IE.Title", "Microsoft.IE.VisitCount", "System.ItemUrl" FROM SystemIndex..SCOPE() WHERE SCOPE='file:C:\Users\Otis\Favorites\' AND ((NOT CONTAINS("System.ItemType",'"Folder"') AND NOT CONTAINS("System.ItemType",'"Directory"'))) AND (((CONTAINS("Microsoft.IE.Title", '"www.*"',1033) RANK BY COERCION(Absolute, 500)) ) OR ((CONTAINS("System.ItemFolderNameDisplay", '"www.*"',1033) RANK BY COERCION(Absolute, 400)) ) OR ((CONTAINS("Microsoft.IE.TargetUrlHostName", '"www.*"',1033) RANK BY COERCION(Absolute, 150)) ) OR ((CONTAINS("Microsoft.IE.TargetUrlPath", '"www.*"',1033) RANK BY COERCION(Absolute, 75)) )) ORDER BY "Microsoft.IE.SelectionCount" DESC , "System.Search.Rank" DESC , "Microsoft.IE.VisitCount" DESC
SQL query built: SELECT TOP 3 "Microsoft.IE.TargetUrl", "System.ItemPathDisplay", "Microsoft.IE.Title", "Microsoft.IE.VisitCount", "System.ItemUrl" FROM SystemIndex..SCOPE() WHERE SCOPE='file:C:\Users\Otis\Favorites\' AND ((NOT CONTAINS("System.ItemType",'"Folder"') AND NOT CONTAINS("System.ItemType",'"Directory"'))) AND (((CONTAINS("Microsoft.IE.Title", '"http://www.dell.com/ww*"',1033) RANK BY COERCION(Absolute, 500)) ) OR ((CONTAINS("System.ItemFolderNameDisplay", '"http://www.dell.com/ww*"',1033) RANK BY COERCION(Absolute, 400)) ) OR ((CONTAINS("Microsoft.IE.TargetUrlHostName", '"http://www.dell.com/ww*"',1033) RANK BY COERCION(Absolute, 150)) ) OR ((CONTAINS("Microsoft.IE.TargetUrlPath", '"http://www.dell.com/ww*"',1033) RANK BY COERCION(Absolute, 75)) )) ORDER BY "Microsoft.IE.SelectionCount" DESC , "System.Search.Rank" DESC , "Microsoft.IE.VisitCount" DESC


isolate.ini



[isolation]
Silo={0C55C096-0F1D-4F28-AAA2-85EF591126E7}
reghive=Software\Norton



consumer-lop.css


/* === MASTER CSS UPDATES BEGIN === */
/* This section is for updates to styles in master-global.css that haven't made it to /sitewide yet */

/* MODULE: Cross Linking - Product Shopping */
.mod-cross-linking-product-shopping .mod-box-inner { height: auto; min-height: 0; background-image: url("/sitewide/pix/backgrounds/bg-mod-box-inner-short.jpg"); zoom: 1; }
.mod-cross-linking-product-shopping .mod-box-inner h2 { width: auto; margin: 0 0 5px; }
.mod-cross-linking-product-shopping .has-wide-item .mod-box-inner h2 { margin-left: 10px; }
.mod-cross-linking-product-shopping .mod-box-inner ul li h2 { margin-top: 20px; }
.mod-cross-linking-product-shopping .has-wide-item .mod-box-inner ul li h2 { margin-top: 20px; margin-left: 0; }
.mod-cross-linking-product-shopping .mod-box-inner ul li,
.mod-cross-linking-product-shopping .mod-box-inner ul li.first-child { width: 150px; }
.mod-cross-linking-product-shopping .mod-box-inner ul li div { float: left; width: auto; padding: 10px 5px 0 0; }
.mod-cross-linking-product-shopping .mod-box-inner ul li a { float: left; }
.mod-cross-linking-product-shopping .mod-box-inner ul li div a { float: none; display: inline-block; width: auto; margin-top: 0; }
.mod-cross-linking-product-shopping .has-wide-item .mod-box-inner { padding: 0; }
.mod-cross-linking-product-shopping .mod-box-inner ul li.wide-item { width: 190px; }
.mod-cross-linking-product-shopping .mod-box-inner ul li.wide-item a { width: auto; }

/* MODULE: Tabs */
.mod-tabs .floated-right { margin: 0 0 15px 15px; text-align: right; }
.mod-tabs table { background: white; }
.mod-tabs table .alt { background: #f0f0f0; }

/* MODULE: Community Blog Highlight */
.mod-community-blog-highlight p { padding-bottom: 9px; }
.mod-community-blog-highlight .button-box-title { padding-bottom: 3px; color: #8E949E; }

/* MODULE: Useful Info */
.mod-useful-info li { padding: 0 0 10px; }

/* MODULE: Featured Systems */
.mod-featured-systems .systems-container .system-first { width: 140px; padding-right: 15px; }
.mod-featured-systems .systems-container .system { padding: 0 15px !important; }
.mod-featured-systems .systems-container .system-last { width: 157px; padding-left: 15px !important; }
.mod-featured-systems .systems-container p { margin-bottom: 1em; }
.mod-featured-systems .systems-container li { margin-bottom: 0.5em;}
.mod-featured-systems .systems-wrapper .top { text-align: center; }

/* MODULE: Spotlight */
.mod-spotlight h2 { text-transform:none; }
.mod-spotlight .buckets-container-967 .info-bucket .content { width: 150px; }

/* MODULE: Spotlight Single */
.mod-spotlight-single .image { margin-right: 15px; float: left; }
.mod-spotlight-single .content { overflow: hidden; }
.mod-spotlight-single p { margin-bottom: 1em; }

/* MODULE: Processor Ratings Summary */
.mod-processor-ratings-summary .ratings { background: url("/en_US/Assets/Image/backgrounds/bg-spr-dotted.gif") repeat-y -4286px 0; }
.mod-processor-ratings-summary .rating { width: 121px; padding: 0 5px 0 15px; float: left; font-size: 91.67%; }
.mod-processor-ratings-summary .rating-first { padding-left: 0; }
.mod-processor-ratings-summary .rating-last { padding-right: 0; }
.mod-processor-ratings-summary .rating h3 { margin-left: 10px; }

/* MODULE: Mini Promo Long */
.mod-mini-promo-long .inner-mini-promo .mini-promo-graphic { margin-bottom: 0; }
.mod-mini-promo-long .inner-mini-promo .mini-promo-text .bd { padding-top: 20px; background-image: url("/en_US/Assets/Image/backgrounds/mod-box-220-mini-promo-long-inner-gradient.png"); }
.mod-mini-promo-long .inner-mini-promo .mini-promo-text .bd h2 { margin-top: 0; }

/* MODULE: Featured Product */
.mod-featured-product .content-medium-undivided { background: none; }
.mod-featured-product .content-medium-undivided .row-content .item { width: 338px; padding-left: 5px; padding-right: 5px; }
.mod-featured-product .content-medium-undivided .row-content-wide-right .no-left-padding { width: 290px; }
.mod-featured-product .content-medium-undivided .row-content-wide-right .no-right-padding { width: 386px; }
.mod-featured-product .content-medium-undivided .row-content-wide-left .no-left-padding { width: 386px; }
.mod-featured-product .content-medium-undivided .row-content-wide-left .no-right-padding { width: 290px; }
.mod-featured-product .content-medium .row-content .item-product-image { text-align: center; }
.mod-featured-product h3, .mod-featured-product p { margin-bottom: 10px; }
.mod-featured-product .content-medium { padding: 0; }
.mod-featured-product .content-medium .row-content .item { padding-bottom: 0; }

/* MODULE: Category Navigation */
.mod-category-navigation h3 { color: #0860A9; }
.mod-category-navigation-stylized-headers h2,
.mod-category-navigation-stylized-headers h3 { margin-bottom: 0.5em; line-height: 1; color: #666; font-family: "Arial Narrow", Arial, sans-serif; font-size: 30px; font-weight: normal; }
.mod-category-navigation-stylized-headers h3 { font-size: 20px; }

.mod-category-navigation .content-medium-undivided { background: none; }
.mod-category-navigation .content-medium-undivided .row-content .item { width: 338px; padding-left: 5px; padding-right: 5px; }
.mod-category-navigation .content-medium-undivided .divider { height: 1px; margin: 10px 0; background: url("/sites/sitewide/pix/backgrounds/bg-hr-separator-505.png") no-repeat center; }
.mod-category-navigation div.item-large-artwork .float-right { width: 168px; }
.mod-category-navigation .item-description-no-wrap .description { overflow: hidden; }
.mod-category-navigation .item .float-right-flush-edge { margin-right: -21px; position: relative; }
.mod-category-navigation .item-artwork-image { text-align: center; }

.mod-category-navigation .content-medium-three-col { background-position: -3457px; }
.mod-category-navigation .content-medium-three-col .row-content .item { width: 209px; padding: 0 15px; }
.mod-category-navigation .content-medium-three-col .row-content .item-first { padding-left: 0; }
.mod-category-navigation .content-medium-three-col .row-content .item-last { padding-right: 0; }

.mod-category-navigation table.three-col-stylized { width: 100%; }
.mod-category-navigation table.three-col-stylized th,
.mod-category-navigation table.three-col-stylized td { width: 182px; padding: 10px; vertical-align: top; }
.mod-category-navigation table.three-col-stylized th { color: white; background: url("/en_US/assets/Image/backgrounds/cell-tall-blue.jpg") top; font-size: 16px; font-weight: normal; }
.mod-category-navigation table.three-col-stylized td { background: url("/en_US/assets/Image/backgrounds/cell-background-tall.jpg") bottom; }
.mod-category-navigation table.three-col-stylized td.spacer { width: auto; background: none; }
.mod-category-navigation table.three-col-stylized .badges td { padding: 20px 10px 0; background-position: top; text-align: center; }

/* MODULE: Built-in Visuals, a specific instance of Category Navigation */
.mod-built-in-visuals h3 { font-size: 30px; }

/* MODULE: Comparison Chart Medium */
.mod-comparison-chart-medium table { width: 100%; border-collapse: separate; border-spacing: 1px; margin: 1em 0; background-color: white; }
.mod-comparison-chart-medium td,
.mod-comparison-chart-medium th { padding: 10px; background: #e6eaee; }
.mod-comparison-chart-medium tr.nth-1 td,
.mod-comparison-chart-medium tr.nth-1 th { padding: 20px; background: none; vertical-align: top; }
.mod-comparison-chart-medium tr.nth-1 td { width: 40%; padding-left: 0; text-align: left; font-size: 24px; color: #0860A8; }
.mod-comparison-chart-medium-two-products tr.nth-1 th { width: 30%; }
.mod-comparison-chart-medium-three-products tr.nth-1 th { width: 20%; }
.mod-comparison-chart-medium tr.nth-1 th,
.mod-comparison-chart-medium td { text-align: center; }
.mod-comparison-chart-medium tr.nth-1 th { background: url("/en_US/assets/image/backgrounds/table-corners.png") top; }
.mod-comparison-chart-medium tr.nth-1 th.nth-2 { background-position: left top; }
.mod-comparison-chart-medium tr.nth-1 th.nth-last { background-position: right top; }

/* MODULE: Processor Ratings Highlight */
.mod-processor-ratings-product-highlight .product-container { padding: 20px 0; }
.mod-processor-ratings-product-highlight .product { background: url("/sitewide/pix/backgrounds/bg-spr-dotted.gif") repeat-y -2218px 0; }
.mod-processor-ratings-product-highlight .product .badge,
.mod-processor-ratings-product-highlight .product .name,
.mod-processor-ratings-product-highlight .product .features,
.mod-processor-ratings-product-highlight .product .rating,
.mod-processor-ratings-product-highlight .product .shop { float: left; }
.mod-processor-ratings-product-highlight .product .badge { width: 97px; }
.mod-processor-ratings-product-highlight .product .name { width: 267px; }
.mod-processor-ratings-product-highlight .product .features { width: 228px; }
.mod-processor-ratings-product-highlight .product .rating { width: 95px; }
.mod-processor-ratings-product-highlight .product .features ul { margin-left: 2em; }
.mod-processor-ratings-product-highlight .product .features ul li { list-style: disc outside; }

/* MODULE: Processor Ratings Highlight Previous Generation, a variant of Processor Ratings Highlight */
.mod-processor-ratings-product-highlight-previous-generation .product .rating { width: 160px; text-align: center; }
.mod-processor-ratings-product-highlight-previous-generation .product .shop { width: 163px; }
.mod-processor-ratings-product-highlight-previous-generation .product .shop h4 { font-weight: bold; }

/* Link slider */
.link-slider-blue span { height: 25px; line-height: 25px; background-image: url("/en_US/Assets/Image/button/bg-slider.png"); }
.link-slider-blue span.button-close-blue { background-image: url("/en_US/Assets/Image/button/lnk-slider-cap.png"); }
.link-slider-blue:hover span,
.link-slider-blue:hover span.button-close-blue { background-position: 0 -25px; }
a.link-slider-blue { display: inline-block; text-decoration: none !important; }

.link-slider-yellow span { height: 25px; line-height: 25px; background-image: url("/en_US/Assets/Image/button/bg-slider-yellow.png"); }
.link-slider-yellow span.button-close-yellow { background-image: url("/en_US/Assets/Image/button/lnk-slider-cap-yellow.png"); }
.link-slider-yellow:hover span,
.link-slider-yellow:hover span.button-close-yellow { background-position: 0 -25px; }
a.link-slider-yellow { display: inline-block; text-decoration: none !important; }

.link-slider-yellow {
display: inline;
}
.link-slider-yellow span {
background-image: url("/en_US/Assets/Image/button/bg-slider-yellow.png");
background-position: 0 0;
background-repeat: repeat-x;
color: #FFFFFF;
cursor: pointer;
display: block;
float: left;
font-size: 0.9em;
font-weight: bold;
height: 25px;
line-height: 2.2em;
margin: 0;
overflow: hidden;
padding: 0 0 0 12px;
text-decoration: none;
white-space: nowrap;
}
.link-slider-yellow span.button-close-yellow {
background-image: url("/en_US/Assets/Image/button/lnk-slider-cap-yellow.png");
background-position: 0 0;
background-repeat: no-repeat;
cursor: pointer;
display: inline;
float: left;
margin: 0 !important;
padding: 0;
text-decoration: none;
width: 35px;
}
.link-slider-yellow:hover span.button-close-yellow {
background-position: 0 -25px;
text-decoration: none !important;
}
.link-slider-yellow:hover span {
background-position: 0 -25px;
text-decoration: none !important;
}
.button-slider-yellow {
cursor: pointer;
display: inline;
}
.button-slider-yellow span {
background-image: url("/en_US/Assets/Image/button/bg-slider-yellow.png");
background-position: 0 0;
background-repeat: repeat-x;
color: #FFFFFF;
cursor: pointer;
display: block;
float: left;
font-size: 0.9em;
font-weight: bold;
height: 23px;
line-height: 2.2em;
margin: 0;
overflow: hidden;
padding: 0 0 0 12px;
text-decoration: none;
white-space: nowrap;
}
.button-slider-yellow span.button-close-yellow {
background-image: url("/en_US/Assets/Image/button/lnk-slider-cap-yellow.png");
background-position: 0 0;
background-repeat: no-repeat;
cursor: pointer;
display: inline;
float: left;
margin: 0 !important;
padding: 0;
text-decoration: none;
width: 13px;
}
.button-slider-yellow:hover span {
background-position: 0 -24px;
text-decoration: none !important;
}
.button-slider-yellow:hover span.button-close-yellow {
background-position: 0 -24px;
text-decoration: none !important;
}




/* MODULE: Processor Ratings Highlight Dialog */
.mod-processor-ratings-product-highlight-dialog-container { zoom: 1; }
.mod-processor-ratings-product-highlight-dialog { padding: 6px 12px !important; }
.mod-processor-ratings-product-highlight-dialog .mod-box-737 { width: 727px; }
.mod-processor-ratings-product-highlight-dialog .mod-box-737-bottom { width: 737px; }
.ui-widget-content .mod-processor-ratings-product-highlight-dialog a { color: #0860A9; }

/* MODULE: Box 737 */
.mod-box-737 ul.links li, .mod-box-967 ul.links li { margin-bottom: 0.5em; }
.mod-box-737 h2.large { font-family: "intel-neo-sans-light-1", "Arial Narrow", sans-serif; font-size: 22px; font-weight: normal; }

/* MODULE: Brand Stage */
.mod-brand-stage-tall { height: 225px; }
.mod-brand-stage-x-tall { height: 250px; }
.mod-brand-stage-extra-tall { height: 280px; }
.mod-brand-stage h1 span.disclaimer { display:none; }
.mod-brand-stage .info-bucket p.white-txt a { color: #ffffff; }

/* Cleaner */
.cleaner { height: 1px; }

/* === MASTER CSS UPDATES END === */


/* === MASTER CSS OVERRIDES START === */

/* Page overflow overrides */
html, body, .main-outer { height: auto; overflow: visible; }
html { overflow: auto; }

/* MODULE: Brand Stage */
.mod-brand-stage h1 { color: #0860A9; font-family: "intel-neo-sans-light-1", "Arial Narrow", sans-serif; font-size: 34px; font-weight: normal; line-height: 1; letter-spacing: -1px; }
.mod-brand-stage h1.larger { font-size: 36px; }
.mod-brand-stage h1.white-txt { color: white; }

/* MODULE: Box 737 */
.mod-box-737 .separator { height: 30px; background: url("/sitewide/pix/backgrounds/bg-hr-separator-687.png") no-repeat center; }

/* MODULE: Box 220 */
.mod-box-220 h3 { margin: 0 10px 0.5em; color: #515357; font-size: 1em; }

/* MODULE: Mini Promo */
.mod-mini-promo .inner-mini-promo .mini-promo-text .bd h2 { color: #0860A9; font-size: 18px; font-weight: normal; }

/* MODULE: Campaign Showcase */
.mod-campaign-showcase { padding: 15px 0; }
.mod-campaign-showcase .campaign-alt-content div { float: left; width: 200px; padding: 15px 14px 0 0; }

/* MODULE: Category Navigation */
.mod-category-navigation .floated-right { width: 273px; padding: 5px 0 15px 5px; text-align: center; }
.mod-category-navigation .floated-right-wide { width: 344px; }
.mod-category-navigation .floated-right-narrow { width: 202px; }
.mod-category-navigation .item .float-right { width: 104px; padding: 5px 0 5px 5px; text-align: center; }
.mod-category-navigation .content-medium .row-content .item .description { padding: 0; }
.mod-category-navigation .content-medium .row-content .item .description p { margin-bottom: 1em; }

/* MODULE: SimpleModal */
.mod-simple-modal .body .right .top .user-desc { width:189px; }
.mod-simple-modal .body .right .top .user-desc .by-name { font-size:1.2em; }
.mod-simple-modal .body .left .bottom .processor-text { height: 60px; overflow: hidden; }

/* MODULE: Road To Tomorrow Tabs */
.mod-rtt-tabs .mod-rtt-tabs-wrapper .content-wrapper .bottom .bio-link { font-size: 11px;}

/* MODULE: Spotlight */
.mod-spotlight .buckets-container-967 .info-bucket .content {float: right; width:150px; }

/* MODULE: Three Column 967 */
.mod-three-col-967 .item-bucket-sm .right { padding-left: 5px;}

/* MODULE: Breadcrumb */
.con-nck .mod-breadcrumb { position: relative; }
.con-nck .mod-breadcrumb-bright li { color: #FFFFFF; }
.con-nck .mod-breadcrumb-bright a { color: #0b9ad6; }


/* === MASTER CSS OVERRIDES END === */


/* === CONSUMER LOP START === */

/* MODULE: Video Player Modal */
#video-modal-overlay {background-color:#000; cursor: wait;}
#video-modal-container {width:517px; height: 560px; overflow: hidden}
#video-modal-container a.modalCloseImg {background:url(/en_US/Assets/Image/button/mod-video-player-modal-close.png) no-repeat; width:14px; height:14px; display:inline; z-index:3200; position:absolute; top:20px; right:20px; cursor:pointer;}
#video-modal-container #basic-modal-content {padding:8px; overflow:hidden;}
#video-modal-container .simplemodal-wrap {overflow: hidden !important;}
.mod-video-player-modal {display:none;}
.mod-video-player-modal .mod-box-517 {padding: 15px 5px 0;}
.mod-video-player-modal .mod-box-inner {padding: 0 10px;}
.mod-video-player-modal .bottom { padding-left: 5px; padding-top: 15px;}
.mod-video-player-modal .bottom h4 { font-weight: bold; }
.mod-video-player-modal .bottom p { padding-top: 10px;}
.mod-video-player-modal .copy p { max-height: 125px; overflow:auto; padding-bottom: 10px;}
.mod-video-player-modal .footer {padding-left: 130px; padding-top: 10px;}

/* SOT RHC classes */
.lop-rhc-corexp-tout-copy {position: relative; background:url('/en_US/assets/image/backgrounds/sot-core-experience-rhc-tout-bg.png') no-repeat 0 0; margin-top: -6px; margin-left: -9px; padding-left: 10px; color:#FFFFFF; height:200px; width:191px;}
.lop-rhc-corexp-tout h2 {font-size:18px; color:#FFFFFF; padding-top: 20px; margin: 0px;}
.lop-rhc-corexp-tout-cta {position: absolute; bottom: 0px; left: 10px;}

.lop-rhc-comparison-tout h2 {font-size: 14px; margin: 0px 0px 0px 10px;}
.lop-rhc-comparison-tout p {margin: 5px 0px 0px 10px;}

.lop-rhc-inside-scoop-tout h2 {background:url('/en_US/assets/image/backgrounds/sot-inside-scoop-rhc-tout-banner.png') no-repeat 0 0; height: 17px;text-indent: -9999px;}
.lop-inside-scoop-title {font-size: 12px; font-weight: bold;}
.lop-inside-scoop-byline {font-size: 10px; display: block; padding-bottom: 7px;}

/* Disclaimer CSS */
.legal .disclaimer-toggle { font-size: 12px;}
.legal .disclaimer-text { display: none; padding: 1em 0; }
.legal .disclaimer-text-open { display: block; }

/* Default element styling */
.cssbase blockquote, .cssbase ul, .cssbase ol, .cssbase dl { margin: 1em; }
.cssbase ol, .cssbase ul, .cssbase dl { margin-left: 2em; }
.cssbase li { margin: 0.5em 0; }
.cssbase ol li { list-style: decimal outside; }
.cssbase ul li { list-style: disc outside; }
.cssbase dl dd { margin-left: 1em; }
.cssbase th { font-weight: bold; }
.cssbase p, .cssbase pre { margin-bottom: 1em; }

/* === CONSUMER LOP END === */


/* === CONSUMER TYPEKIT START === */

.wf-loading { visibility: hidden; }

.wf-active body { font-size: 81.25%; }
.wf-active em.regtitle { font-style: normal; }
.wf-active .disclaimer-text p { font-family: sans-serif; }

.wf-active h1,
.wf-active h2,
.wf-active strong,
.wf-active .link-slider-blue span,
.wf-active .link-slider-yellow span,
.wf-active .mod-cross-linking-product-shopping .mod-box-inner ul li a { font-weight: normal; }

/* === CONSUMER TYPEKIT END === */

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:55 PM

Posted 24 July 2012 - 04:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461376 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 BigComputerProblems

BigComputerProblems
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Heights
  • Local time:06:55 PM

Posted 26 July 2012 - 08:23 PM

Ignore

Edited by BigComputerProblems, 26 July 2012 - 08:32 PM.


#5 BigComputerProblems

BigComputerProblems
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Heights
  • Local time:06:55 PM

Posted 26 July 2012 - 08:28 PM

I am running Windows 7, 64-bit, I do have the original OS disk
Problems:

1. Computer has slowed down
2. When running programs I get literally 50,000 page faults per second
3. Disk activity summary (roughly)

Read: 3,000,000 B/Sec
Write: 10,000 B/Sec
This is on a system has 8 GB RAM and 8 GB Page File and only 1 GB is in use so memory is not being taxed but still getting all these page faults

4. About 12 to 14 Svchost.exe running all the time
5. Hard Disk has the first 101 MB listed as “unallocated”. Then Disk “C” starts. Picture Attached.
6. Hard Disk fails Dell ePSA Pre-Boot Assessment. DST Short Test fails.
7. Get about 100 errors/second in event viewer.
8. Here is an error to ignore certificates (I think)

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>81</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>80</Task>
<Opcode>2</Opcode>
<Keywords>0x4000000000000040</Keywords>
<TimeCreated SystemTime="2012-07-27T00:43:32.760939700Z" />
<EventRecordID>950288</EventRecordID>
<Correlation />
<Execution ProcessID="4740" ThreadID="5096" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>LaHermendad-PC</Computer>
<Security UserID="S-1-5-21-2557424838-3241792256-1132341974-1000" />
</System>
- <UserData>
- <WinVerifyTrust>
<ActionID>{F750E6C3-38EE-11D1-85E5-00C04FC295EE}</ActionID>
<UIChoice value="2">WTD_UI_NONE</UIChoice>
<RevocationCheck value="0" />
<StateAction value="1">WTD_STATEACTION_VERIFY</StateAction>
<Flags value="80001080" WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT="true" WTD_CACHE_ONLY_URL_RETRIEVAL="true" CPD_USE_NT5_CHAIN_FLAG="true" />
- <CatalogInfo filePath="C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-BusinessScanning-Feature-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat">
<Member tag="C:\Windows\system32\mmc.exe" hash="42C81F728621707A832901A3ABF6825DB1DB699B" hashFilePath="\Windows\System32\mmc.exe" />
</CatalogInfo>
<DigestInfo digestAlgorithm="SHA1" digest="42C81F728621707A832901A3ABF6825DB1DB699B" />
<RegPolicySetting value="23C00" WTPF_OFFLINEOK_IND="true" WTPF_OFFLINEOK_COM="true" WTPF_OFFLINEOKNBU_IND="true" WTPF_OFFLINEOKNBU_COM="true" WTPF_IGNOREREVOCATIONONTS="true" />
- <SignerInfo>
<DigestAlgorithm oid="1.3.14.3.2.26" hashName="SHA1" />
</SignerInfo>
<CertificateChain chainRef="{BAB07BCF-38E0-4CCA-AB5E-813141ADC37F}" />
- <TimestampInfo format="Authenticode">
<DigestAlgorithm oid="1.3.14.3.2.26" hashName="SHA1" />
<SignTime>2010-11-20T19:37:07Z</SignTime>
</TimestampInfo>
<TimestampChain chainRef="{685B17F6-D3AD-4C65-B73D-E8CCC43726B2}" />
<EventAuxInfo ProcessName="consent.exe" impersonateToken="S-1-5-21-2557424838-3241792256-1132341974-1000" />
<CorrelationAuxInfo TaskId="{72A2F9A2-801D-4C7D-8C77-AEC2E1A13505}" SeqNumber="18" />
<Result value="0" />
</WinVerifyTrust>
</UserData>
</Event>



9. Here is another one (I think)


- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>11</Task>
<Opcode>2</Opcode>
<Keywords>0x4000000000000003</Keywords>
<TimeCreated SystemTime="2012-07-26T23:56:21.972999800Z" />
<EventRecordID>950066</EventRecordID>
<Correlation />
<Execution ProcessID="4988" ThreadID="5048" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>LaHermendad-PC</Computer>
<Security UserID="S-1-5-21-2557424838-3241792256-1132341974-1003" />
</System>
- <UserData>
- <CertGetCertificateChain>
<Certificate fileRef="8FD99D63FB3AFBD534A4F6E31DACD27F59504021.cer" subjectName="Symantec Time Stamping Services Signer - G3" />
<ValidationTime>2012-06-20T13:24:07Z</ValidationTime>
- <AdditionalStore>
<Certificate fileRef="495847A93187CFB8C71F840CB7B41497AD95C64F.cer" subjectName="VeriSign Class 3 Code Signing 2010 CA" />
<Certificate fileRef="9572E410B5368B5FBB2BA73296EA6275AB10F92E.cer" subjectName="Bitdefender SRL" />
<Certificate fileRef="58455389CF1D0CD6A08E3CE216F65ADFF7A86408.cer" subjectName="Class 3 Public Primary Certification Authority" />
<Certificate fileRef="32F30882622B87CF8856C63DB873DF0853B4DD27.cer" subjectName="VeriSign Class 3 Public Primary Certification Authority - G5" />
<Certificate fileRef="F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D.cer" subjectName="VeriSign Time Stamping Services CA" />
<Certificate fileRef="8FD99D63FB3AFBD534A4F6E31DACD27F59504021.cer" subjectName="Symantec Time Stamping Services Signer - G3" />
</AdditionalStore>
- <ExtendedKeyUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ExtendedKeyUsage>
<Flags value="C8000005" CERT_CHAIN_CACHE_END_CERT="true" CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL="true" CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT="true" CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY="true" CERT_CHAIN_REVOCATION_ACCUMULATIVE_TIMEOUT="true" />
<ChainEngineInfo context="user" />
- <CertificateChain chainRef="{D1279657-BA88-45EF-866C-4EDF348FC9E7}">
- <TrustStatus>
<ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="100" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
- <ChainElement>
<Certificate fileRef="8FD99D63FB3AFBD534A4F6E31DACD27F59504021.cer" subjectName="Symantec Time Stamping Services Signer - G3" />
<SignatureAlgorithm oid="1.2.840.113549.1.1.5" hashName="SHA1" publicKeyName="RSA" />
<PublicKeyAlgorithm oid="1.2.840.113549.1.1.1" publicKeyName="RSA" publicKeyLength="1024" />
- <TrustStatus>
<ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="104" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
- <ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage />
- <RevocationInfo>
<RevocationResult value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</RevocationResult>
</RevocationInfo>
</ChainElement>
- <ChainElement>
<Certificate fileRef="F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D.cer" subjectName="VeriSign Time Stamping Services CA" />
<SignatureAlgorithm oid="1.2.840.113549.1.1.5" hashName="SHA1" publicKeyName="RSA" />
<PublicKeyAlgorithm oid="1.2.840.113549.1.1.1" publicKeyName="RSA" publicKeyLength="2048" />
- <TrustStatus>
<ErrorStatus value="0" />
<InfoStatus value="104" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
- <ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage />
- <RevocationInfo freshnessTime="P3DT22H52M56S">
<RevocationResult value="0" />
<OCSPResponse location="UrlCache" url="http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQJ1TBLBrQ9OnPHXPVaWb87MxkNlgQUwu79F9f%2Btw%2FGciJ7fvbA4gIz7D4CEEe%2FGZXfjVJGQ%2FfbbUgNMaQ%3D" fileRef="BA47BDE19C68220E28DC3B5F93E0D1E8C82DC2CC.bin" issuerName="Thawte Timestamping CA" />
</RevocationInfo>
</ChainElement>
- <ChainElement>
<Certificate fileRef="BE36A4562FB2EE05DBB3D32323ADF445084ED656.cer" subjectName="Thawte Timestamping CA" />
<SignatureAlgorithm oid="1.2.840.113549.1.1.4" hashName="MD5" publicKeyName="RSA" />
<PublicKeyAlgorithm oid="1.2.840.113549.1.1.1" publicKeyName="RSA" publicKeyLength="1024" />
- <TrustStatus>
<ErrorStatus value="0" />
<InfoStatus value="10C" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_IS_SELF_SIGNED="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
- <ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage any="true" />
</ChainElement>
</CertificateChain>
<EventAuxInfo ProcessName="consent.exe" impersonateToken="S-1-5-21-2557424838-3241792256-1132341974-1003" />
<CorrelationAuxInfo TaskId="{5C1B93B9-C71F-4B87-A699-A8DB4347FAE6}" SeqNumber="25" />
<Result value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</Result>
</CertGetCertificateChain>
</UserData>
</Event>

10. I noticed in my certificate store I have under “trusted certificates” , certificates that expired years ago.
11. I have a BitDefender program that installed itself with this log. (attached)
Please Help.

Here are the DDS logs


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by La Hermendad at 21:02:58 on 2012-07-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.6438 [GMT -4:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\snmptrap.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
C:\Windows\System32\vds.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
uDefault_Page_URL = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{AAD6EB08-600B-46F9-AA36-6D949312E301} : DhcpNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
R0 gzflt;gzflt;C:\Windows\system32\DRIVERS\gzflt.sys --> C:\Windows\system32\DRIVERS\gzflt.sys [?]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-7-26 103504]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-7-26 68416]
R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]
R3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-20 250056]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-26 23:33:09 343810 ----a-w- C:\ProgramData\1343345412.bdinstall.bin
2012-07-26 23:32:14 -------- d-----w- C:\Users\La Hermendad\AppData\Roaming\Bitdefender
2012-07-26 23:30:57 -------- d-----w- C:\ProgramData\Bitdefender
2012-07-26 23:30:55 329800 ----a-w- C:\Windows\System32\drivers\trufos.sys
2012-07-26 23:30:53 138232 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2012-07-25 08:45:12 352520 ----a-w- C:\ProgramData\1343205560.bdinstall.bin
2012-07-25 08:44:11 -------- d-----w- C:\ProgramData\BDLogging
2012-07-25 08:43:47 79952 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
2012-07-25 08:43:47 511328 ----a-w- C:\Windows\capicom.dll
2012-07-25 08:43:16 691896 ----a-w- C:\Windows\System32\drivers\avc3.sys
2012-07-25 08:43:16 545064 ----a-w- C:\Windows\System32\drivers\avckf.sys
2012-07-25 08:43:16 258736 ----a-w- C:\Windows\System32\drivers\avchv.sys
2012-07-25 08:40:01 -------- d-----w- C:\Program Files\Bitdefender
2012-07-25 08:32:24 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2012-07-25 07:13:37 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-24 17:54:02 -------- d-----w- C:\Users\La Hermendad\AppData\Local\Symantec
2012-07-24 16:53:00 -------- d-----w- C:\Users\La Hermendad\AppData\Roaming\SPE
2012-07-24 12:24:37 1060864 ----a-w- C:\Windows\SysWow64\MFC71.DLL
2012-07-24 12:24:22 -------- d-----w- C:\ProgramData\Symantec
2012-07-24 12:24:22 -------- d-----w- C:\Program Files (x86)\Symantec
2012-07-24 12:24:22 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-07-21 11:57:20 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-07-21 11:57:20 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-07-21 11:57:20 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-07-21 11:57:10 -------- d-----w- C:\Program Files\iTunes
2012-07-21 03:28:59 -------- d-----w- C:\Users\La Hermendad\AppData\Local\Apple Computer
2012-07-21 03:28:06 -------- d-----w- C:\Program Files\iPod
2012-07-21 03:28:05 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}2012-07-21 03:28:05 -------- d-----w- C:\Program Files (x86)\iTunes
2012-07-21 03:27:42 -------- d-----w- C:\Users\La Hermendad\AppData\Local\Apple
2012-07-21 03:27:12 -------- d-----w- C:\Program Files\Bonjour
2012-07-21 03:27:12 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-07-20 22:16:26 -------- d-----w- C:\Users\La Hermendad\AppData\Local\Adobe
2012-07-20 17:15:31 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-07-20 17:15:16 -------- d-----w- C:\Users\La Hermendad\AppData\Local\Microsoft Help
2012-07-20 15:26:47 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-20 15:26:47 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-20 11:44:13 -------- d-----w- C:\Windows\Panther
2012-07-20 11:43:59 -------- d-sh--w- C:\Boot
2012-07-20 11:43:41 -------- d-----w- C:\Windows\System32\OEM
2012-07-20 11:43:41 -------- d-----w- C:\Hotfix
2012-07-20 11:43:41 -------- d-----w- C:\Drivers
2012-07-20 11:33:42 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-20 11:33:30 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-07-20 11:33:21 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-20 11:33:13 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-20 10:25:39 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-07-20 10:25:38 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-07-20 10:25:38 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-07-20 09:30:53 -------- d-----w- C:\Windows\SysWow64\Wat
2012-07-20 09:30:53 -------- d-----w- C:\Windows\System32\Wat
2012-07-20 09:20:25 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-20 09:16:43 -------- d-----w- C:\Intel
2012-07-20 09:07:49 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2012-07-20 09:07:42 -------- d-----w- C:\Windows\PCHEALTH
2012-07-20 09:06:00 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-07-20 09:06:00 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-07-20 09:06:00 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-07-20 09:05:59 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-07-20 09:05:59 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-07-20 09:05:59 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-07-20 09:05:59 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-07-20 09:04:20 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-20 09:04:20 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-07-20 08:57:58 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-07-20 08:56:58 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-07-20 08:56:58 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-07-20 08:56:57 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-07-20 08:56:56 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2012-07-20 08:56:56 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-07-20 08:56:56 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-07-20 08:56:56 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-07-20 08:56:56 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-07-20 08:56:56 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-07-20 08:52:40 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-07-20 08:52:40 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-07-20 08:51:57 77312 ----a-w- C:\Windows\System32\packager.dll
2012-07-20 08:51:57 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-07-20 08:46:08 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-07-20 08:46:08 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-07-20 08:46:08 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-07-20 08:43:57 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-07-20 08:43:48 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-07-20 08:43:32 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-07-20 08:43:32 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-07-20 08:42:24 -------- d-----w- C:\Windows\SysWow64\Atheros_L1e
2012-07-20 08:42:07 76912 ----a-w- C:\Windows\System32\drivers\L1C62x64.sys
2012-07-20 08:40:37 -------- d-----w- C:\Program Files (x86)\Dell
2012-07-20 08:40:21 -------- d-sh--w- C:\Windows\Installer
2012-07-20 08:40:19 -------- d-----w- C:\Dell
2012-07-20 08:38:03 -------- d-----w- C:\Users\La Hermendad\AppData\Local\Diagnostics
2012-07-20 08:13:15 -------- d-----w- C:\Users\La Hermendad\AppData\Local\ElevatedDiagnostics
2012-07-20 07:51:03 -------- d-----w- C:\Users\La Hermendad\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
============= FINISH: 21:03:16.75 ===============

Attached Files



#6 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:55 AM

Posted 27 July 2012 - 08:51 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, BigComputerProblems

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:55 AM

Posted 27 July 2012 - 08:52 AM

Hello,

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
aswMBR log
MBR.dat (attachment)
TDSS Killer log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#8 BigComputerProblems

BigComputerProblems
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Heights
  • Local time:06:55 PM

Posted 27 July 2012 - 10:42 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-27 10:22:16
-----------------------------
10:22:16.414 OS Version: Windows x64 6.1.7601 Service Pack 1
10:22:16.414 Number of processors: 4 586 0x2A07
10:22:16.414 ComputerName: LAHERMENDAD-PC UserName: La Hermendad
10:22:20.455 Initialize success
10:22:59.733 AVAST engine defs: 12072700
10:23:56.252 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:23:56.252 Disk 0 Vendor: WDC_WD7500BPKT-75PK4T0 01.01A01 Size: 715404MB BusType: 3
10:23:56.267 Disk 0 MBR read successfully
10:23:56.267 Disk 0 MBR scan
10:23:56.314 Disk 0 Windows 7 default MBR code
10:23:56.314 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 715302 MB offset 206848
10:23:56.330 Disk 0 scanning C:\Windows\system32\drivers
10:24:01.088 Service scanning
10:24:02.460 Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
10:24:12.023 Modules scanning
10:24:12.023 Disk 0 trace - called modules:
10:24:12.023 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
10:24:12.039 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80073b0060]
10:24:12.538 3 CLASSPNP.SYS[fffff88001bb643f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80070c4060]
10:24:14.550 AVAST engine scan C:\Windows
10:24:16.360 AVAST engine scan C:\Windows\system32
10:25:59.696 AVAST engine scan C:\Windows\system32\drivers
10:26:12.144 AVAST engine scan C:\Users\La Hermendad
10:29:14.353 AVAST engine scan C:\ProgramData
10:29:39.143 Scan finished successfully
10:30:10.468 Disk 0 MBR has been saved successfully to "C:\Users\La Hermendad\Desktop\MBR.dat"
10:30:10.530 The log file has been saved successfully to "C:\Users\La Hermendad\Desktop\aswMBR.txt"


10:43:12.0866 1320 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
10:43:13.0147 1320 ============================================================
10:43:13.0147 1320 Current date / time: 2012/07/27 10:43:13.0147
10:43:13.0147 1320 SystemInfo:
10:43:13.0147 1320
10:43:13.0147 1320 OS Version: 6.1.7601 ServicePack: 1.0
10:43:13.0147 1320 Product type: Workstation
10:43:13.0147 1320 ComputerName: LAHERMENDAD-PC
10:43:13.0147 1320 UserName: La Hermendad
10:43:13.0147 1320 Windows directory: C:\Windows
10:43:13.0147 1320 System windows directory: C:\Windows
10:43:13.0147 1320 Running under WOW64
10:43:13.0147 1320 Processor architecture: Intel x64
10:43:13.0147 1320 Number of processors: 4
10:43:13.0147 1320 Page size: 0x1000
10:43:13.0147 1320 Boot type: Normal boot
10:43:13.0147 1320 ============================================================
10:43:14.0753 1320 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:43:14.0816 1320 ============================================================
10:43:14.0816 1320 \Device\Harddisk0\DR0:
10:43:14.0816 1320 MBR partitions:
10:43:14.0816 1320 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000
10:43:14.0816 1320 ============================================================
10:43:14.0816 1320 C: <-> \Device\Harddisk0\DR0\Partition0
10:43:14.0816 1320 ============================================================
10:43:14.0816 1320 Initialize success
10:43:14.0816 1320 ============================================================
10:43:38.0684 4240 ============================================================
10:43:38.0684 4240 Scan started
10:43:38.0684 4240 Mode: Manual;
10:43:38.0684 4240 ============================================================
10:43:41.0648 4240 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:43:41.0648 4240 1394ohci - ok
10:43:41.0710 4240 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:43:41.0710 4240 ACPI - ok
10:43:41.0710 4240 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:43:41.0710 4240 AcpiPmi - ok
10:43:42.0100 4240 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:43:42.0100 4240 AdobeARMservice - ok
10:43:42.0210 4240 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:43:42.0210 4240 AdobeFlashPlayerUpdateSvc - ok
10:43:42.0256 4240 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
10:43:42.0256 4240 adp94xx - ok
10:43:42.0272 4240 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
10:43:42.0272 4240 adpahci - ok
10:43:42.0288 4240 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
10:43:42.0288 4240 adpu320 - ok
10:43:42.0319 4240 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:43:42.0319 4240 AeLookupSvc - ok
10:43:42.0397 4240 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:43:42.0397 4240 AFD - ok
10:43:42.0412 4240 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:43:42.0412 4240 agp440 - ok
10:43:42.0428 4240 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:43:42.0428 4240 ALG - ok
10:43:42.0444 4240 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:43:42.0444 4240 aliide - ok
10:43:42.0444 4240 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:43:42.0444 4240 amdide - ok
10:43:42.0444 4240 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
10:43:42.0459 4240 AmdK8 - ok
10:43:42.0459 4240 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
10:43:42.0459 4240 AmdPPM - ok
10:43:42.0506 4240 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:43:42.0506 4240 amdsata - ok
10:43:42.0568 4240 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
10:43:42.0568 4240 amdsbs - ok
10:43:42.0584 4240 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:43:42.0584 4240 amdxata - ok
10:43:42.0600 4240 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:43:42.0615 4240 AppID - ok
10:43:42.0615 4240 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:43:42.0615 4240 AppIDSvc - ok
10:43:42.0646 4240 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:43:42.0646 4240 Appinfo - ok
10:43:42.0678 4240 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:43:42.0678 4240 Apple Mobile Device - ok
10:43:42.0693 4240 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
10:43:42.0693 4240 arc - ok
10:43:42.0693 4240 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
10:43:42.0693 4240 arcsas - ok
10:43:42.0740 4240 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:43:42.0740 4240 AsyncMac - ok
10:43:42.0740 4240 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:43:42.0740 4240 atapi - ok
10:43:42.0818 4240 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:43:42.0818 4240 AudioEndpointBuilder - ok
10:43:42.0818 4240 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:43:42.0818 4240 AudioSrv - ok
10:43:42.0912 4240 avc3 (f57de310bf3bd9df0f7d301c1d7f5432) C:\Windows\system32\DRIVERS\avc3.sys
10:43:42.0912 4240 avc3 - ok
10:43:42.0958 4240 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
10:43:42.0958 4240 avchv - ok
10:43:43.0005 4240 avckf (6dc4cca415bbf2fc629beb532aa0e6cd) C:\Windows\system32\DRIVERS\avckf.sys
10:43:43.0005 4240 avckf - ok
10:43:43.0052 4240 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:43:43.0052 4240 AxInstSV - ok
10:43:43.0099 4240 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
10:43:43.0099 4240 b06bdrv - ok
10:43:43.0114 4240 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:43:43.0114 4240 b57nd60a - ok
10:43:43.0161 4240 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:43:43.0161 4240 BDESVC - ok
10:43:43.0255 4240 bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
10:43:43.0255 4240 bdfwfpf - ok
10:43:43.0302 4240 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:43:43.0302 4240 Beep - ok
10:43:43.0411 4240 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:43:43.0426 4240 BFE - ok
10:43:43.0473 4240 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:43:43.0489 4240 BITS - ok
10:43:43.0536 4240 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:43:43.0536 4240 blbdrive - ok
10:43:43.0614 4240 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:43:43.0629 4240 Bonjour Service - ok
10:43:43.0676 4240 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:43:43.0676 4240 bowser - ok
10:43:43.0676 4240 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
10:43:43.0676 4240 BrFiltLo - ok
10:43:43.0676 4240 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
10:43:43.0676 4240 BrFiltUp - ok
10:43:43.0707 4240 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:43:43.0707 4240 Browser - ok
10:43:43.0723 4240 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:43:43.0723 4240 Brserid - ok
10:43:43.0738 4240 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:43:43.0738 4240 BrSerWdm - ok
10:43:43.0738 4240 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:43:43.0738 4240 BrUsbMdm - ok
10:43:43.0738 4240 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:43:43.0754 4240 BrUsbSer - ok
10:43:43.0894 4240 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
10:43:43.0894 4240 BthEnum - ok
10:43:43.0894 4240 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
10:43:43.0910 4240 BTHMODEM - ok
10:43:43.0941 4240 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
10:43:43.0941 4240 BthPan - ok
10:43:44.0004 4240 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
10:43:44.0004 4240 BTHPORT - ok
10:43:44.0019 4240 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:43:44.0035 4240 bthserv - ok
10:43:44.0035 4240 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
10:43:44.0035 4240 BTHUSB - ok
10:43:44.0082 4240 btmhsf (40c6fec49d1cc4d112368a2bcd2bcbb7) C:\Windows\system32\DRIVERS\btmhsf.sys
10:43:44.0082 4240 btmhsf - ok
10:43:44.0113 4240 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:43:44.0113 4240 cdfs - ok
10:43:44.0175 4240 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:43:44.0175 4240 cdrom - ok
10:43:44.0206 4240 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:43:44.0206 4240 CertPropSvc - ok
10:43:44.0206 4240 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
10:43:44.0206 4240 circlass - ok
10:43:44.0253 4240 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:43:44.0253 4240 CLFS - ok
10:43:44.0284 4240 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:43:44.0300 4240 clr_optimization_v2.0.50727_32 - ok
10:43:44.0316 4240 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:43:44.0331 4240 clr_optimization_v2.0.50727_64 - ok
10:43:44.0394 4240 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:43:44.0394 4240 clr_optimization_v4.0.30319_32 - ok
10:43:44.0409 4240 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:43:44.0409 4240 clr_optimization_v4.0.30319_64 - ok
10:43:44.0456 4240 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:43:44.0456 4240 CmBatt - ok
10:43:44.0472 4240 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:43:44.0472 4240 cmdide - ok
10:43:44.0503 4240 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
10:43:44.0518 4240 CNG - ok
10:43:44.0550 4240 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:43:44.0550 4240 Compbatt - ok
10:43:44.0596 4240 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:43:44.0596 4240 CompositeBus - ok
10:43:44.0596 4240 COMSysApp - ok
10:43:44.0706 4240 cphs (f08c6020e57f5e5bf2fd034db10bedfb) C:\Windows\SysWow64\IntelCpHeciSvc.exe
10:43:44.0706 4240 cphs - ok
10:43:44.0706 4240 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
10:43:44.0706 4240 crcdisk - ok
10:43:44.0784 4240 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
10:43:44.0784 4240 CryptSvc - ok
10:43:44.0830 4240 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
10:43:44.0830 4240 dc3d - ok
10:43:44.0893 4240 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:43:44.0893 4240 DcomLaunch - ok
10:43:44.0955 4240 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:43:44.0971 4240 defragsvc - ok
10:43:45.0018 4240 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:43:45.0018 4240 DfsC - ok
10:43:45.0064 4240 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:43:45.0064 4240 Dhcp - ok
10:43:45.0080 4240 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:43:45.0080 4240 discache - ok
10:43:45.0127 4240 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
10:43:45.0127 4240 Disk - ok
10:43:45.0174 4240 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:43:45.0174 4240 Dnscache - ok
10:43:45.0189 4240 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:43:45.0205 4240 dot3svc - ok
10:43:45.0205 4240 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:43:45.0205 4240 DPS - ok
10:43:45.0252 4240 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:43:45.0252 4240 drmkaud - ok
10:43:45.0330 4240 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:43:45.0345 4240 DXGKrnl - ok
10:43:45.0361 4240 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:43:45.0361 4240 EapHost - ok
10:43:45.0486 4240 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
10:43:45.0532 4240 ebdrv - ok
10:43:45.0642 4240 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:43:45.0642 4240 EFS - ok
10:43:45.0688 4240 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:43:45.0688 4240 ehRecvr - ok
10:43:45.0704 4240 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:43:45.0704 4240 ehSched - ok
10:43:45.0782 4240 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
10:43:45.0798 4240 elxstor - ok
10:43:45.0829 4240 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:43:45.0829 4240 ErrDev - ok
10:43:45.0876 4240 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:43:45.0876 4240 EventSystem - ok
10:43:45.0922 4240 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:43:45.0938 4240 exfat - ok
10:43:45.0938 4240 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:43:45.0954 4240 fastfat - ok
10:43:46.0032 4240 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:43:46.0032 4240 Fax - ok
10:43:46.0047 4240 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
10:43:46.0047 4240 fdc - ok
10:43:46.0078 4240 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:43:46.0094 4240 fdPHost - ok
10:43:46.0094 4240 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:43:46.0110 4240 FDResPub - ok
10:43:46.0110 4240 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:43:46.0110 4240 FileInfo - ok
10:43:46.0125 4240 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:43:46.0125 4240 Filetrace - ok
10:43:46.0125 4240 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
10:43:46.0125 4240 flpydisk - ok
10:43:46.0141 4240 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:43:46.0141 4240 FltMgr - ok
10:43:46.0203 4240 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:43:46.0219 4240 FontCache - ok
10:43:46.0266 4240 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:43:46.0266 4240 FontCache3.0.0.0 - ok
10:43:46.0281 4240 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:43:46.0281 4240 FsDepends - ok
10:43:46.0297 4240 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:43:46.0297 4240 Fs_Rec - ok
10:43:46.0328 4240 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:43:46.0328 4240 fvevol - ok
10:43:46.0359 4240 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
10:43:46.0359 4240 gagp30kx - ok
10:43:46.0406 4240 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:43:46.0406 4240 GEARAspiWDM - ok
10:43:46.0468 4240 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:43:46.0468 4240 gpsvc - ok
10:43:46.0546 4240 gzflt (07177b5a8c277074c30ac515febd4f37) C:\Windows\system32\DRIVERS\gzflt.sys
10:43:46.0546 4240 gzflt - ok
10:43:46.0562 4240 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:43:46.0562 4240 hcw85cir - ok
10:43:46.0624 4240 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:43:46.0624 4240 HdAudAddService - ok
10:43:46.0671 4240 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:43:46.0671 4240 HDAudBus - ok
10:43:46.0671 4240 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
10:43:46.0671 4240 HidBatt - ok
10:43:46.0687 4240 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
10:43:46.0687 4240 HidBth - ok
10:43:46.0718 4240 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
10:43:46.0718 4240 HidIr - ok
10:43:46.0734 4240 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:43:46.0734 4240 hidserv - ok
10:43:46.0780 4240 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:43:46.0780 4240 HidUsb - ok
10:43:46.0843 4240 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:43:46.0843 4240 hkmsvc - ok
10:43:46.0858 4240 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:43:46.0858 4240 HomeGroupListener - ok
10:43:46.0890 4240 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:43:46.0890 4240 HomeGroupProvider - ok
10:43:46.0936 4240 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:43:46.0936 4240 HpSAMD - ok
10:43:46.0968 4240 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:43:46.0968 4240 HTTP - ok
10:43:46.0983 4240 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:43:46.0983 4240 hwpolicy - ok
10:43:46.0983 4240 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:43:46.0983 4240 i8042prt - ok
10:43:47.0061 4240 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:43:47.0061 4240 iaStorV - ok
10:43:47.0155 4240 iBtFltCoex (fc47f5cf561bf0fd897efd1a9604dccf) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
10:43:47.0155 4240 iBtFltCoex - ok
10:43:47.0233 4240 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:43:47.0248 4240 idsvc - ok
10:43:47.0779 4240 igfx (371d7f91c0d2314eb984a4a6cbeabc92) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:43:47.0966 4240 igfx - ok
10:43:48.0060 4240 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
10:43:48.0060 4240 iirsp - ok
10:43:48.0122 4240 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:43:48.0138 4240 IKEEXT - ok
10:43:48.0138 4240 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:43:48.0138 4240 intelide - ok
10:43:48.0169 4240 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:43:48.0169 4240 intelppm - ok
10:43:48.0200 4240 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:43:48.0200 4240 IPBusEnum - ok
10:43:48.0231 4240 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:43:48.0231 4240 IpFilterDriver - ok
10:43:48.0309 4240 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:43:48.0309 4240 iphlpsvc - ok
10:43:48.0325 4240 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:43:48.0325 4240 IPMIDRV - ok
10:43:48.0325 4240 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:43:48.0325 4240 IPNAT - ok
10:43:48.0434 4240 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
10:43:48.0434 4240 iPod Service - ok
10:43:48.0465 4240 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:43:48.0481 4240 IRENUM - ok
10:43:48.0481 4240 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:43:48.0481 4240 isapnp - ok
10:43:48.0512 4240 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:43:48.0512 4240 iScsiPrt - ok
10:43:48.0528 4240 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:43:48.0528 4240 kbdclass - ok
10:43:48.0543 4240 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:43:48.0543 4240 kbdhid - ok
10:43:48.0574 4240 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:43:48.0574 4240 KeyIso - ok
10:43:48.0590 4240 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
10:43:48.0590 4240 KSecDD - ok
10:43:48.0621 4240 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
10:43:48.0621 4240 KSecPkg - ok
10:43:48.0621 4240 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:43:48.0621 4240 ksthunk - ok
10:43:48.0652 4240 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:43:48.0668 4240 KtmRm - ok
10:43:48.0715 4240 L1C (0219f13ab1664005adcba884c0eb975e) C:\Windows\system32\DRIVERS\L1C62x64.sys
10:43:48.0715 4240 L1C - ok
10:43:48.0746 4240 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:43:48.0746 4240 LanmanServer - ok
10:43:48.0777 4240 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:43:48.0777 4240 LanmanWorkstation - ok
10:43:48.0824 4240 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:43:48.0824 4240 lltdio - ok
10:43:48.0855 4240 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:43:48.0855 4240 lltdsvc - ok
10:43:48.0902 4240 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:43:48.0902 4240 lmhosts - ok
10:43:48.0918 4240 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
10:43:48.0918 4240 LSI_FC - ok
10:43:48.0918 4240 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
10:43:48.0933 4240 LSI_SAS - ok
10:43:48.0933 4240 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
10:43:48.0933 4240 LSI_SAS2 - ok
10:43:48.0933 4240 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
10:43:48.0933 4240 LSI_SCSI - ok
10:43:48.0949 4240 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:43:48.0949 4240 luafv - ok
10:43:48.0980 4240 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
10:43:48.0980 4240 MBAMProtector - ok
10:43:49.0089 4240 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:43:49.0089 4240 MBAMService - ok
10:43:49.0120 4240 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:43:49.0120 4240 Mcx2Svc - ok
10:43:49.0120 4240 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
10:43:49.0120 4240 megasas - ok
10:43:49.0152 4240 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
10:43:49.0152 4240 MegaSR - ok
10:43:49.0198 4240 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
10:43:49.0198 4240 MEIx64 - ok
10:43:49.0245 4240 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:43:49.0245 4240 MMCSS - ok
10:43:49.0245 4240 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:43:49.0261 4240 Modem - ok
10:43:49.0276 4240 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:43:49.0276 4240 monitor - ok
10:43:49.0276 4240 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:43:49.0276 4240 mouclass - ok
10:43:49.0292 4240 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:43:49.0292 4240 mouhid - ok
10:43:49.0308 4240 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:43:49.0308 4240 mountmgr - ok
10:43:49.0323 4240 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:43:49.0339 4240 mpio - ok
10:43:49.0339 4240 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:43:49.0339 4240 mpsdrv - ok
10:43:49.0401 4240 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:43:49.0401 4240 MpsSvc - ok
10:43:49.0417 4240 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:43:49.0432 4240 MRxDAV - ok
10:43:49.0448 4240 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:43:49.0448 4240 mrxsmb - ok
10:43:49.0479 4240 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:43:49.0479 4240 mrxsmb10 - ok
10:43:49.0495 4240 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:43:49.0495 4240 mrxsmb20 - ok
10:43:49.0510 4240 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:43:49.0510 4240 msahci - ok
10:43:49.0510 4240 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:43:49.0510 4240 msdsm - ok
10:43:49.0526 4240 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:43:49.0526 4240 MSDTC - ok
10:43:49.0542 4240 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:43:49.0557 4240 Msfs - ok
10:43:49.0557 4240 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:43:49.0557 4240 mshidkmdf - ok
10:43:49.0557 4240 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:43:49.0557 4240 msisadrv - ok
10:43:49.0588 4240 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:43:49.0604 4240 MSiSCSI - ok
10:43:49.0604 4240 msiserver - ok
10:43:49.0635 4240 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:43:49.0635 4240 MSKSSRV - ok
10:43:49.0666 4240 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:43:49.0666 4240 MSPCLOCK - ok
10:43:49.0666 4240 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:43:49.0666 4240 MSPQM - ok
10:43:49.0682 4240 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:43:49.0682 4240 MsRPC - ok
10:43:49.0682 4240 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
10:43:49.0698 4240 mssmbios - ok
10:43:49.0713 4240 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:43:49.0713 4240 MSTEE - ok
10:43:49.0713 4240 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
10:43:49.0713 4240 MTConfig - ok
10:43:49.0713 4240 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:43:49.0713 4240 Mup - ok
10:43:49.0760 4240 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:43:49.0760 4240 napagent - ok
10:43:49.0838 4240 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:43:49.0838 4240 NativeWifiP - ok
10:43:49.0900 4240 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:43:49.0900 4240 NDIS - ok
10:43:49.0932 4240 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:43:49.0932 4240 NdisCap - ok
10:43:49.0978 4240 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:43:49.0978 4240 NdisTapi - ok
10:43:50.0010 4240 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:43:50.0010 4240 Ndisuio - ok
10:43:50.0010 4240 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:43:50.0010 4240 NdisWan - ok
10:43:50.0025 4240 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:43:50.0025 4240 NDProxy - ok
10:43:50.0025 4240 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:43:50.0025 4240 NetBIOS - ok
10:43:50.0041 4240 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:43:50.0041 4240 NetBT - ok
10:43:50.0072 4240 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:43:50.0072 4240 Netlogon - ok
10:43:50.0119 4240 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:43:50.0119 4240 Netman - ok
10:43:50.0134 4240 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:43:50.0134 4240 netprofm - ok
10:43:50.0197 4240 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:43:50.0197 4240 NetTcpPortSharing - ok
10:43:50.0212 4240 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
10:43:50.0212 4240 nfrd960 - ok
10:43:50.0259 4240 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:43:50.0259 4240 NlaSvc - ok
10:43:50.0259 4240 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:43:50.0259 4240 Npfs - ok
10:43:50.0275 4240 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:43:50.0275 4240 nsi - ok
10:43:50.0275 4240 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:43:50.0275 4240 nsiproxy - ok
10:43:50.0384 4240 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:43:50.0415 4240 Ntfs - ok
10:43:50.0478 4240 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:43:50.0478 4240 Null - ok
10:43:50.0509 4240 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
10:43:50.0509 4240 nusb3hub - ok
10:43:50.0571 4240 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:43:50.0571 4240 nusb3xhc - ok
10:43:50.0602 4240 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:43:50.0602 4240 nvraid - ok
10:43:50.0618 4240 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:43:50.0618 4240 nvstor - ok
10:43:50.0634 4240 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:43:50.0649 4240 nv_agp - ok
10:43:50.0649 4240 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:43:50.0649 4240 ohci1394 - ok
10:43:50.0727 4240 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:43:50.0758 4240 ose - ok
10:43:50.0977 4240 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:43:51.0133 4240 osppsvc - ok
10:43:51.0226 4240 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:43:51.0226 4240 p2pimsvc - ok
10:43:51.0258 4240 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:43:51.0258 4240 p2psvc - ok
10:43:51.0289 4240 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
10:43:51.0289 4240 Parport - ok
10:43:51.0304 4240 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:43:51.0304 4240 partmgr - ok
10:43:51.0336 4240 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:43:51.0336 4240 PcaSvc - ok
10:43:51.0351 4240 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:43:51.0367 4240 pci - ok
10:43:51.0367 4240 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:43:51.0367 4240 pciide - ok
10:43:51.0398 4240 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
10:43:51.0398 4240 pcmcia - ok
10:43:51.0398 4240 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:43:51.0398 4240 pcw - ok
10:43:51.0429 4240 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:43:51.0445 4240 PEAUTH - ok
10:43:51.0492 4240 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:43:51.0492 4240 PerfHost - ok
10:43:51.0570 4240 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:43:51.0585 4240 pla - ok
10:43:51.0663 4240 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:43:51.0663 4240 PlugPlay - ok
10:43:51.0679 4240 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:43:51.0679 4240 PNRPAutoReg - ok
10:43:51.0694 4240 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:43:51.0710 4240 PNRPsvc - ok
10:43:51.0757 4240 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
10:43:51.0757 4240 Point64 - ok
10:43:51.0835 4240 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:43:51.0850 4240 PolicyAgent - ok
10:43:51.0882 4240 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:43:51.0882 4240 Power - ok
10:43:51.0928 4240 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:43:51.0928 4240 PptpMiniport - ok
10:43:51.0928 4240 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
10:43:51.0928 4240 Processor - ok
10:43:51.0960 4240 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
10:43:51.0960 4240 ProfSvc - ok
10:43:51.0975 4240 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:43:51.0975 4240 ProtectedStorage - ok
10:43:52.0022 4240 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:43:52.0022 4240 Psched - ok
10:43:52.0131 4240 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
10:43:52.0147 4240 ql2300 - ok
10:43:52.0490 4240 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
10:43:52.0490 4240 ql40xx - ok
10:43:52.0506 4240 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:43:52.0521 4240 QWAVE - ok
10:43:52.0521 4240 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:43:52.0521 4240 QWAVEdrv - ok
10:43:52.0521 4240 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:43:52.0521 4240 RasAcd - ok
10:43:52.0568 4240 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:43:52.0568 4240 RasAgileVpn - ok
10:43:52.0584 4240 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:43:52.0584 4240 RasAuto - ok
10:43:52.0599 4240 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:43:52.0599 4240 Rasl2tp - ok
10:43:52.0630 4240 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:43:52.0630 4240 RasMan - ok
10:43:52.0630 4240 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:43:52.0630 4240 RasPppoe - ok
10:43:52.0662 4240 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:43:52.0662 4240 RasSstp - ok
10:43:52.0677 4240 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:43:52.0677 4240 rdbss - ok
10:43:52.0693 4240 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
10:43:52.0693 4240 rdpbus - ok
10:43:52.0708 4240 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:43:52.0708 4240 RDPCDD - ok
10:43:52.0708 4240 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:43:52.0708 4240 RDPENCDD - ok
10:43:52.0724 4240 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:43:52.0724 4240 RDPREFMP - ok
10:43:52.0755 4240 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
10:43:52.0771 4240 RDPWD - ok
10:43:52.0802 4240 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:43:52.0802 4240 rdyboost - ok
10:43:52.0849 4240 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:43:52.0849 4240 RemoteAccess - ok
10:43:52.0880 4240 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:43:52.0880 4240 RemoteRegistry - ok
10:43:52.0927 4240 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
10:43:52.0927 4240 RFCOMM - ok
10:43:52.0958 4240 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:43:52.0958 4240 RpcEptMapper - ok
10:43:52.0958 4240 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:43:52.0974 4240 RpcLocator - ok
10:43:53.0005 4240 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:43:53.0005 4240 RpcSs - ok
10:43:53.0020 4240 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:43:53.0020 4240 rspndr - ok
10:43:53.0036 4240 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:43:53.0036 4240 SamSs - ok
10:43:53.0036 4240 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:43:53.0036 4240 sbp2port - ok
10:43:53.0052 4240 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:43:53.0052 4240 SCardSvr - ok
10:43:53.0052 4240 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:43:53.0052 4240 scfilter - ok
10:43:53.0114 4240 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:43:53.0130 4240 Schedule - ok
10:43:53.0161 4240 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:43:53.0161 4240 SCPolicySvc - ok
10:43:53.0176 4240 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:43:53.0176 4240 SDRSVC - ok
10:43:53.0364 4240 SDScannerService (43d29ecb8137eeae30b0970bbc7a5500) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
10:43:53.0379 4240 SDScannerService - ok
10:43:53.0473 4240 SDUpdateService (6b859b122e85c2c833e6d8c5dc4b07f3) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
10:43:53.0473 4240 SDUpdateService - ok
10:43:53.0504 4240 SDWSCService (59dce6783f9ed27eb72c81466e363bf8) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
10:43:53.0504 4240 SDWSCService - ok
10:43:53.0582 4240 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:43:53.0582 4240 secdrv - ok
10:43:53.0598 4240 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:43:53.0598 4240 seclogon - ok
10:43:53.0613 4240 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:43:53.0613 4240 SENS - ok
10:43:53.0629 4240 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:43:53.0629 4240 SensrSvc - ok
10:43:53.0660 4240 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
10:43:53.0660 4240 Serenum - ok
10:43:53.0707 4240 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
10:43:53.0707 4240 Serial - ok
10:43:53.0707 4240 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
10:43:53.0707 4240 sermouse - ok
10:43:53.0738 4240 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:43:53.0738 4240 SessionEnv - ok
10:43:53.0738 4240 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:43:53.0738 4240 sffdisk - ok
10:43:53.0738 4240 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:43:53.0738 4240 sffp_mmc - ok
10:43:53.0738 4240 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:43:53.0738 4240 sffp_sd - ok
10:43:53.0738 4240 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
10:43:53.0738 4240 sfloppy - ok
10:43:53.0769 4240 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:43:53.0785 4240 SharedAccess - ok
10:43:53.0832 4240 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:43:53.0832 4240 ShellHWDetection - ok
10:43:53.0847 4240 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
10:43:53.0847 4240 SiSRaid2 - ok
10:43:53.0863 4240 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
10:43:53.0863 4240 SiSRaid4 - ok
10:43:53.0878 4240 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:43:53.0894 4240 Smb - ok
10:43:53.0894 4240 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:43:53.0894 4240 SNMPTRAP - ok
10:43:53.0910 4240 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:43:53.0910 4240 spldr - ok
10:43:53.0956 4240 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:43:53.0956 4240 Spooler - ok
10:43:54.0112 4240 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:43:54.0144 4240 sppsvc - ok
10:43:54.0190 4240 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:43:54.0190 4240 sppuinotify - ok
10:43:54.0237 4240 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:43:54.0237 4240 srv - ok
10:43:54.0253 4240 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:43:54.0253 4240 srv2 - ok
10:43:54.0268 4240 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:43:54.0284 4240 srvnet - ok
10:43:54.0315 4240 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:43:54.0315 4240 SSDPSRV - ok
10:43:54.0346 4240 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:43:54.0346 4240 SstpSvc - ok
10:43:54.0362 4240 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
10:43:54.0362 4240 stexstor - ok
10:43:54.0424 4240 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:43:54.0440 4240 stisvc - ok
10:43:54.0440 4240 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
10:43:54.0440 4240 swenum - ok
10:43:54.0471 4240 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:43:54.0487 4240 swprv - ok
10:43:54.0580 4240 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:43:54.0596 4240 SysMain - ok
10:43:54.0783 4240 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:43:54.0783 4240 TabletInputService - ok
10:43:54.0799 4240 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:43:54.0799 4240 TapiSrv - ok
10:43:54.0814 4240 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:43:54.0814 4240 TBS - ok
10:43:54.0955 4240 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:43:54.0986 4240 Tcpip - ok
10:43:55.0126 4240 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:43:55.0142 4240 TCPIP6 - ok
10:43:55.0173 4240 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:43:55.0173 4240 tcpipreg - ok
10:43:55.0189 4240 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:43:55.0189 4240 TDPIPE - ok
10:43:55.0189 4240 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:43:55.0189 4240 TDTCP - ok
10:43:55.0220 4240 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:43:55.0220 4240 tdx - ok
10:43:55.0236 4240 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
10:43:55.0236 4240 TermDD - ok
10:43:55.0282 4240 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:43:55.0298 4240 TermService - ok
10:43:55.0298 4240 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:43:55.0298 4240 Themes - ok
10:43:55.0314 4240 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:43:55.0329 4240 THREADORDER - ok
10:43:55.0345 4240 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:43:55.0345 4240 TrkWks - ok
10:43:55.0407 4240 trufos (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
10:43:55.0423 4240 trufos - ok
10:43:55.0454 4240 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:43:55.0454 4240 TrustedInstaller - ok
10:43:55.0470 4240 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:43:55.0470 4240 tssecsrv - ok
10:43:55.0501 4240 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:43:55.0501 4240 TsUsbFlt - ok
10:43:55.0516 4240 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
10:43:55.0516 4240 TsUsbGD - ok
10:43:55.0548 4240 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:43:55.0548 4240 tunnel - ok
10:43:55.0548 4240 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
10:43:55.0548 4240 uagp35 - ok
10:43:55.0563 4240 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:43:55.0563 4240 udfs - ok
10:43:55.0594 4240 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:43:55.0594 4240 UI0Detect - ok
10:43:55.0594 4240 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:43:55.0594 4240 uliagpkx - ok
10:43:55.0657 4240 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:43:55.0657 4240 umbus - ok
10:43:55.0657 4240 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
10:43:55.0657 4240 UmPass - ok
10:43:56.0078 4240 UPDATESRV (059eac23109a381c4b18b7e2f02a0cf3) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
10:43:56.0078 4240 UPDATESRV - ok
10:43:56.0109 4240 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:43:56.0125 4240 upnphost - ok
10:43:56.0187 4240 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
10:43:56.0187 4240 USBAAPL64 - ok
10:43:56.0218 4240 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:43:56.0218 4240 usbccgp - ok
10:43:56.0234 4240 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:43:56.0234 4240 usbcir - ok
10:43:56.0265 4240 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:43:56.0265 4240 usbehci - ok
10:43:56.0296 4240 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:43:56.0312 4240 usbhub - ok
10:43:56.0328 4240 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:43:56.0328 4240 usbohci - ok
10:43:56.0359 4240 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
10:43:56.0359 4240 usbprint - ok
10:43:56.0390 4240 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:43:56.0390 4240 USBSTOR - ok
10:43:56.0390 4240 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:43:56.0390 4240 usbuhci - ok
10:43:56.0437 4240 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
10:43:56.0437 4240 usbvideo - ok
10:43:56.0452 4240 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:43:56.0452 4240 UxSms - ok
10:43:56.0515 4240 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:43:56.0515 4240 VaultSvc - ok
10:43:56.0562 4240 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:43:56.0562 4240 vdrvroot - ok
10:43:56.0593 4240 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:43:56.0593 4240 vds - ok
10:43:56.0593 4240 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:43:56.0593 4240 vga - ok
10:43:56.0593 4240 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:43:56.0608 4240 VgaSave - ok
10:43:56.0624 4240 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:43:56.0624 4240 vhdmp - ok
10:43:56.0640 4240 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:43:56.0640 4240 viaide - ok
10:43:56.0640 4240 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:43:56.0640 4240 volmgr - ok
10:43:56.0671 4240 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:43:56.0671 4240 volmgrx - ok
10:43:56.0686 4240 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:43:56.0702 4240 volsnap - ok
10:43:56.0749 4240 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
10:43:56.0749 4240 vsmraid - ok
10:43:56.0827 4240 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:43:56.0842 4240 VSS - ok
10:43:57.0154 4240 VSSERV (046441737f3f558e4a4c0311f6d7b6b7) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
10:43:57.0154 4240 VSSERV - ok
10:43:57.0326 4240 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:43:57.0326 4240 vwifibus - ok
10:43:57.0373 4240 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:43:57.0388 4240 W32Time - ok
10:43:57.0388 4240 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
10:43:57.0388 4240 WacomPen - ok
10:43:57.0435 4240 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:43:57.0435 4240 WANARP - ok
10:43:57.0451 4240 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:43:57.0451 4240 Wanarpv6 - ok
10:43:57.0794 4240 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:43:57.0810 4240 WatAdminSvc - ok
10:43:57.0934 4240 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:43:57.0934 4240 wbengine - ok
10:43:57.0981 4240 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:43:57.0981 4240 WbioSrvc - ok
10:43:58.0012 4240 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:43:58.0028 4240 wcncsvc - ok
10:43:58.0044 4240 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:43:58.0044 4240 WcsPlugInService - ok
10:43:58.0044 4240 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
10:43:58.0044 4240 Wd - ok
10:43:58.0090 4240 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:43:58.0090 4240 Wdf01000 - ok
10:43:58.0106 4240 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:43:58.0106 4240 WdiServiceHost - ok
10:43:58.0106 4240 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:43:58.0106 4240 WdiSystemHost - ok
10:43:58.0137 4240 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:43:58.0153 4240 WebClient - ok
10:43:58.0200 4240 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:43:58.0200 4240 Wecsvc - ok
10:43:58.0200 4240 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:43:58.0200 4240 wercplsupport - ok
10:43:58.0215 4240 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:43:58.0215 4240 WerSvc - ok
10:43:58.0262 4240 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:43:58.0262 4240 WfpLwf - ok
10:43:58.0293 4240 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:43:58.0293 4240 WIMMount - ok
10:43:58.0309 4240 WinDefend - ok
10:43:58.0324 4240 WinHttpAutoProxySvc - ok
10:43:58.0371 4240 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:43:58.0387 4240 Winmgmt - ok
10:43:58.0512 4240 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:43:58.0527 4240 WinRM - ok
10:43:58.0636 4240 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:43:58.0652 4240 Wlansvc - ok
10:43:58.0668 4240 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:43:58.0668 4240 WmiAcpi - ok
10:43:58.0683 4240 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:43:58.0683 4240 wmiApSrv - ok
10:43:58.0714 4240 WMPNetworkSvc - ok
10:43:58.0730 4240 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:43:58.0730 4240 WPCSvc - ok
10:43:58.0746 4240 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:43:58.0746 4240 WPDBusEnum - ok
10:43:58.0761 4240 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:43:58.0761 4240 ws2ifsl - ok
10:43:58.0777 4240 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:43:58.0777 4240 wscsvc - ok
10:43:58.0777 4240 WSearch - ok
10:43:58.0886 4240 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:43:58.0917 4240 wuauserv - ok
10:43:58.0964 4240 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:43:58.0980 4240 WudfPf - ok
10:43:58.0980 4240 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:43:58.0980 4240 WUDFRd - ok
10:43:58.0995 4240 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:43:58.0995 4240 wudfsvc - ok
10:43:59.0011 4240 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:43:59.0026 4240 WwanSvc - ok
10:43:59.0058 4240 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:43:59.0276 4240 \Device\Harddisk0\DR0 - ok
10:43:59.0276 4240 Boot (0x1200) (062520f5fcf3430d524021de6ec0cfd3) \Device\Harddisk0\DR0\Partition0
10:43:59.0276 4240 \Device\Harddisk0\DR0\Partition0 - ok
10:43:59.0276 4240 ============================================================
10:43:59.0276 4240 Scan finished
10:43:59.0276 4240 ============================================================
10:43:59.0276 2784 Detected object count: 0
10:43:59.0276 2784 Actual detected object count: 0
10:44:23.0971 3600 Deinitialize success

Attached Files

  • Attached File  MBR.zip   546bytes   0 downloads


#9 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:55 AM

Posted 27 July 2012 - 12:23 PM

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#10 BigComputerProblems

BigComputerProblems
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Heights
  • Local time:06:55 PM

Posted 27 July 2012 - 01:33 PM

ComboFix 12-07-27.03 - La Hermendad 07/27/2012 14:09:22.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.5820 [GMT -4:00]
Running from: c:\users\La Hermendad\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
SP: Bitdefender Antispyware *Disabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
SP: Spybot - Search and Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1343205560.bdinstall.bin
c:\programdata\1343345412.bdinstall.bin
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 18:11 . 2012-07-27 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 17:10 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C38A210A-B866-4C07-B128-57AA60FFD25A}\mpengine.dll
2012-07-27 12:27 . 2012-07-27 12:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-27 12:26 . 2009-01-25 17:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2012-07-27 12:26 . 2012-07-27 12:27 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-07-27 09:09 . 2012-07-27 09:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-27 09:09 . 2012-07-27 09:09 -------- d-----w- c:\programdata\Malwarebytes
2012-07-27 09:09 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-27 01:32 . 2012-07-27 01:32 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2012-07-26 23:30 . 2012-07-26 23:33 -------- d-----w- c:\programdata\Bitdefender
2012-07-26 23:30 . 2012-04-24 19:28 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-07-26 23:30 . 2012-04-11 21:03 138232 ----a-w- c:\windows\system32\drivers\gzflt.sys
2012-07-25 08:44 . 2012-07-25 08:44 -------- d-----w- c:\programdata\BDLogging
2012-07-25 08:43 . 2011-11-17 21:38 79952 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2012-07-25 08:43 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll
2012-07-25 08:43 . 2012-03-21 00:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-07-25 08:43 . 2012-02-17 20:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-07-25 08:43 . 2011-11-25 19:00 258736 ----a-w- c:\windows\system32\drivers\avchv.sys
2012-07-25 08:40 . 2012-07-25 08:40 -------- d-----w- c:\program files\Bitdefender
2012-07-25 08:32 . 2012-07-26 23:30 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-07-24 12:24 . 2007-03-22 00:39 1060864 ----a-w- c:\windows\SysWow64\MFC71.DLL
2012-07-24 12:24 . 2012-07-25 07:05 -------- d-----w- c:\program files (x86)\Symantec
2012-07-24 12:24 . 2012-07-25 07:05 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-07-24 12:24 . 2012-07-25 07:04 -------- d-----w- c:\programdata\Symantec
2012-07-24 12:19 . 2012-07-27 00:07 -------- d-----w- c:\users\StandardMan
2012-07-21 11:57 . 2012-07-21 11:57 -------- dc----w- c:\windows\system32\DRVSTORE
2012-07-21 11:57 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-21 11:57 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-07-21 11:57 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-21 11:57 . 2012-07-21 11:57 -------- d-----w- c:\program files\iTunes
2012-07-21 03:28 . 2012-07-21 11:57 -------- d-----w- c:\program files\iPod
2012-07-21 03:28 . 2012-07-21 11:57 -------- d-----w- c:\program files (x86)\iTunes
2012-07-21 03:28 . 2012-07-21 11:57 -------- d-----w- c:\programdata\Apple Computer
2012-07-21 03:28 . 2012-07-21 03:28 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-07-21 03:27 . 2012-07-21 03:27 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-07-21 03:27 . 2012-07-21 03:27 -------- d-----w- c:\program files\Common Files\Apple
2012-07-21 03:27 . 2012-07-21 03:27 -------- d-----w- c:\program files\Bonjour
2012-07-21 03:27 . 2012-07-21 03:27 -------- d-----w- c:\program files (x86)\Bonjour
2012-07-21 03:26 . 2012-07-21 03:27 -------- d-----w- c:\programdata\Apple
2012-07-21 03:26 . 2012-07-21 03:27 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-07-20 18:09 . 2012-07-20 18:09 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-07-20 17:15 . 2012-07-20 17:15 -------- d-----w- c:\program files\Microsoft Office
2012-07-20 17:15 . 2012-07-20 17:15 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-07-20 17:15 . 2012-07-20 18:11 -------- d-----w- c:\programdata\Microsoft Help
2012-07-20 17:15 . 2012-07-20 17:15 -------- d-----r- C:\MSOCache
2012-07-20 15:29 . 2012-07-20 15:29 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-07-20 15:26 . 2012-07-26 23:58 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-20 15:26 . 2012-07-26 23:58 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-20 15:26 . 2012-07-20 15:26 -------- d-----w- c:\windows\SysWow64\Macromed
2012-07-20 15:26 . 2012-07-20 15:26 -------- d-----w- c:\windows\system32\Macromed
2012-07-20 11:44 . 2012-07-20 07:50 -------- d-----w- c:\windows\Panther
2012-07-20 11:43 . 2012-07-20 11:44 -------- d-----w- C:\Boot
2012-07-20 11:43 . 2012-07-20 11:43 -------- d-----w- C:\Hotfix
2012-07-20 11:43 . 2012-07-20 11:43 -------- d-----w- C:\Drivers
2012-07-20 11:43 . 2012-07-20 10:48 -------- d-----w- c:\windows\system32\OEM
2012-07-20 11:33 . 2012-07-20 11:33 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-20 11:33 . 2012-07-20 11:33 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-07-20 11:33 . 2012-07-20 11:33 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-20 11:33 . 2012-07-20 11:33 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-20 10:25 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-07-20 10:25 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-07-20 10:25 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-07-20 09:50 . 2012-07-20 17:18 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-07-20 09:30 . 2012-07-20 09:30 -------- d-----w- c:\windows\SysWow64\Wat
2012-07-20 09:30 . 2012-07-20 09:30 -------- d-----w- c:\windows\system32\Wat
2012-07-20 09:20 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-20 09:16 . 2012-07-20 09:16 -------- d-----w- c:\program files (x86)\Intel
2012-07-20 09:16 . 2012-07-20 09:16 -------- d-----w- C:\Intel
2012-07-20 09:09 . 2012-07-03 07:19 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-20 09:07 . 2012-07-20 09:07 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-07-20 09:07 . 2012-07-20 09:07 -------- d-----w- c:\windows\PCHEALTH
2012-07-20 09:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-20 09:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-20 09:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-07-20 09:05 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-07-20 09:05 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-20 09:05 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-07-20 09:05 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-07-20 09:04 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-20 09:04 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-20 08:57 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-20 08:56 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-07-20 08:56 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-07-20 08:56 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-07-20 08:56 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-07-20 08:56 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-07-20 08:56 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-07-20 08:56 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-07-20 08:56 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-07-20 08:56 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-07-20 08:52 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-07-20 08:52 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-07-20 08:51 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-07-20 08:51 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-07-20 08:46 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-07-20 08:46 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-07-20 08:46 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-07-20 08:43 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-20 08:43 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe2012-07-20 08:43 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-20 08:43 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-20 08:43 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-20 08:43 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-20 08:43 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-20 08:43 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-20 08:43 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-20 08:42 . 2012-07-20 08:42 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2012-07-20 08:42 . 2012-07-20 08:42 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-07-20 08:42 . 2010-12-28 15:15 76912 ----a-w- c:\windows\system32\drivers\L1C62x64.sys
2012-07-20 08:40 . 2012-07-20 08:40 -------- d-----w- c:\program files (x86)\Dell
2012-07-20 08:40 . 2012-07-20 08:40 -------- d-----w- c:\programdata\Dell
2012-07-20 08:40 . 2012-07-27 14:11 -------- d-sh--w- c:\windows\Installer
2012-07-20 08:40 . 2012-07-20 08:40 -------- d-----w- C:\Dell
2012-07-20 07:50 . 2012-07-27 00:26 -------- d-----w- c:\users\La Hermendad
2012-07-20 07:50 . 2012-07-20 07:50 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-07-04 3921432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 250056]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 545064]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-21 691896]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-04-11 138232]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 258736]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-12-28 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 40629424
*NewlyCreated* - 63015484
*NewlyCreated* - 84775026
*NewlyCreated* - ASWMBR
*Deregistered* - 40629424
*Deregistered* - 63015484
*Deregistered* - 84775026
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 23:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-07-27 1425944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-27 14:13:57
ComboFix-quarantined-files.txt 2012-07-27 18:13
.
Pre-Run: 593,809,195,008 bytes free
Post-Run: 594,193,018,880 bytes free
.
- - End Of File - - B221D0B8251ADCF8E8F4267476CB510D

#11 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:55 AM

Posted 27 July 2012 - 10:09 PM

Follow these steps to display hidden files and folders.

  • Open Folder Options by clicking the Start button Posted Image, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
  • Click the View tab.
  • Under Advanced settings, click Show hidden files and folders
  • Click OK. (Remember to Hide files and folders once done)

Please go to one of the below sites to scan the following files:
Virus Total (Recommended)
jotti.org
VirScan


click on Browse, and upload the following file for analysis:
c:\windows\system32\sdnclean64.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link(for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#12 BigComputerProblems

BigComputerProblems
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Heights
  • Local time:06:55 PM

Posted 29 July 2012 - 06:05 PM

Conspire,
Sorry for the delayed response. Listen, Sdnclean64.exe is a file originally named sdnclean.exe. It is part of Spybot search and destroy. Because it’s a 64-bit file in “system 32” it never shows up when I go to those sites to upload it. However, if I browse the folders on my computer I can see that it’s clearly there. For some reason, when I go to upload it, it won’t show up. I tried renaming it and I was able to do that, but I still could not upload it. What should I do now?

#13 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:55 AM

Posted 29 July 2012 - 10:35 PM

Hello,

It seems that you were right that this file belongs to Spybot. We will skip that for now. However, as far as the log is concern, nothing shows up as malicious and therefore, I suspect that there might be some sort of corrupted settings or some sort. I see that you have previously installed Norton, and did you use their removal tool for uninstallation process?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#14 BigComputerProblems

BigComputerProblems
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Heights
  • Local time:06:55 PM

Posted 31 July 2012 - 07:02 PM

no i did not. I did not know if I was suppossed to. Listen, I have noticed some strange files and behavior since using combofix. I think I have several versions of internet explorer (to be explained later). My computer is always connected between ports on my own computer and to other random ports in cyberspace. I will demonstrate that later. This was all occuring before I used combofix. But right now I just want to know if these viruses are legitimate or false positives from combofix? If so, how should I get rid of them. I ran some tools and I think I can help you help me. But first, have I been infected. I ran the report below at virustools.com. What do you think? I tried to make it as clear as possible, but when I ran combofix.exe at virustools.com, it told me I was infected with the six viruses below.

SHA256: 403ce1cf95dc6ba08ed34c8298be03962b0300236c30e5d61f875317e22a3fb8
SHA1: 76837e3ba731ca13fcbfcfb78b04b578c34ed491
MD5: c96f4157b8303c33c68a5c54eb7bc1b6
File size: 4.5 MB ( 4719842 bytes )
File name: ComboFix.exe
File type: Win32 EXE
Detection ratio: 6 / 40
Analysis date: 2012-07-31 22:51:58 UTC ( 1 minute ago )

0
0
More details

Antivirus Result Update

AhnLab-V3 - 20120731
AntiVir - 20120731
Antiy-AVL - 20120727
Avast - 20120731
AVG - 20120731
BitDefender - 20120731
ByteHero - 20120723
CAT-QuickHeal - 20120731
ClamAV - 20120801
Commtouch - 20120731
Comodo - 20120731
DrWeb----------- SCRIPT.Virus -------------- 20120801
Emsisoft - 20120731
eSafe----------- Win32.Trojan -------------- 20120731
ESET-NOD32 - 20120731
F-Prot - 20120731
F-Secure - 20120731
Fortinet - 20120731
GData - 20120731
Ikarus - 20120731
Jiangmin-------------- Backdoor/RBot.oqm -------------- 20120731
Kaspersky - 20120731
McAfee - 20120801
McAfee-GW-Edi - 20120731
Microsoft - 20120731
Norman - 20120731
nProtect - 20120731
Panda - 20120731
Rising - 20120731
Sophos-------------- NirCmd ---------------- 20120801
SUPERAntiSpy - 20120731
Symantec------------ WS.Reputation.1 ----------------- 20120731
TheHacker - 20120730
TotalDefense - 20120731
TrendMicro - 20120801
TMHouseCall---------- TROJ_GEN.F47V0727 ------------------- 20120801
VBA32 - 20120731
VIPRE - 20120731
ViRobot - 20120731
VirusBuster - 20120731

Edited by BigComputerProblems, 31 July 2012 - 07:16 PM.


#15 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:55 AM

Posted 31 July 2012 - 10:36 PM

These are legitimate files dropped by CF and as long as you downloaded it from the official link which I have given you earlier, I can assure you that this is not something to be suspicious upon.

Going forward, the logs don't appear be infected as I mentioned earlier. I'd like to know what are the tools you intend to use?

What I think you can do at this point is to do a reinstall and reformat because that is the way to set things back to normal.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users