Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.Agent, Smitfraud-c.generic


  • This topic is locked This topic is locked
31 replies to this topic

#1 mjporp70

mjporp70

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 24 July 2012 - 09:46 PM

Recently began experiencing problems with search engine redirects (only within Firefox, IE was fine) which prompted me to download and run Spybot S&D which indicated I was infected with Smitfraud-c.generic. Attempted to remove but was told didn't have admin access (I am admin equivalent) so I had to run in Safe Mode & scan and fix. Restarted computer and everything seemed to be fine until the next day when I started to receive pop-ups and Norton Antivirus started to indicate there were issues (I haven't been able to locate the logs yet) and the laptop actually restarted itself at some point while I was working. Downloaded Malewarebytes and ran which was finding Trojan.Agent. Removed with Malwarebytes, restarted and rescanned and reappears. Attempted to run both Malewarebytes and Spybot S&D in Safe Mode and the culprits return again when I reboot. Have had a few occasions when I received blue screen errors when restarting, however, I did not capture that information at the time haven't been able to recreate just recently. After successfully loading Windows this last time, Norton Autofix displayed Norton Internet Security
19.7.1.5
Error: 5013, 3
Windows 7 Home Premium
7601.17803.amd64fre.win7sp1_gdr.120330-1504
Norton Autofix Results: 1 item(s)
Product Service Dependency :: Failed

Looking for next steps on what I can do. Per request, DDS log below and attach.txt attached.

Thanks.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Mike at 23:26:45 on 2012-07-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2559 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe
C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\Sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
uRun: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MusicManager] "C:\Users\Mike\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [FAStartup]
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: societylink.org\www
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - hxxps://www.topproduceronline.com/downloads/msjavx86.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/68.16/uploader2.cab
DPF: {3DC87637-DE84-4C2C-A75F-7F5398F15670} - hxxps://crm.cancer.org/acs/18393/applets/SiebelAx_HI_Client.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CC49479E-93A8-455E-959A-C49BE895D87C} - hxxp://206.159.163.41/webportal/plugins/VMPlayer.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://ptproxy01ea.societylink.org/dwa7W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{195AF9D7-EEBB-4DB9-8129-FD24F9882C6B} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{348A5F8A-AC78-4F34-9AFC-6ACD9A58D3B4} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{348A5F8A-AC78-4F34-9AFC-6ACD9A58D3B4}\4656661657C647 : DhcpNameServer = 192.168.0.1
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [FAStartup]
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun-x64: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\8xilcv1p.default\
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_3_6\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npxsciter.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-12 1161376]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120722.001\IDSviA64.sys [2012-7-23 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-4-4 2409800]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-5-1 181544]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-7-4 138232]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-1-29 689472]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-15 138912]
R3 HpGmb001;USB Mobile Packet Filter Driver;C:\Windows\system32\DRIVERS\HpGmb001.SYS --> C:\Windows\system32\DRIVERS\HpGmb001.SYS [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-22 1153368]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-15 113120]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-24 05:01:12 20480 ----a-w- C:\Windows\svchost.exe
2012-07-24 03:21:07 -------- d-----w- C:\Users\Mike\AppData\Local\NPE
2012-07-24 02:13:03 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-24 01:55:03 36168 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2012-07-23 20:58:06 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes
2012-07-23 20:57:53 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-23 20:57:53 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-23 20:57:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-22 18:22:44 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-22 18:22:44 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-04 21:06:34 737912 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\srtsp64.sys
2012-07-04 21:06:34 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\SymDS64.sys
2012-07-04 21:06:34 405624 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\symnets.sys
2012-07-04 21:06:34 37496 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\srtspx64.sys
2012-07-04 21:06:34 190072 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\Ironx64.sys
2012-07-04 21:06:34 167048 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\ccSetx64.sys
2012-07-04 21:06:34 1092728 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\SymEFA64.sys
2012-07-04 21:06:28 -------- d-----w- C:\Windows\System32\drivers\NISx64\1307010.005
2012-07-04 14:26:48 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-04 14:26:48 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-07-04 21:07:05 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-06-15 12:24:14 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 12:24:14 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
.
============= FINISH: 23:27:43.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 mjporp70

mjporp70
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 29 July 2012 - 06:33 PM

Just wondering if anyone has had a chance to look at this. I would appreciate any assitance at all. Trying not to use the laptop until the problem is resolved. Thanks for the help!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,626 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:48 PM

Posted 29 July 2012 - 09:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462343 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 mjporp70

mjporp70
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 30 July 2012 - 06:22 AM

I am still having issues. I am running Windows 7 Premium Home Service Pack 1 on a 64-bit Operating System. I do not have origianl CD/DVD (I believe there is a disk image). Latest DDS below and attached.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Mike at 7:05:50 on 2012-07-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2825 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe
C:\Program Files\Windows Sidebar\Sidebar.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
uRun: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MusicManager] "C:\Users\Mike\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [FAStartup]
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: societylink.org\www
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - hxxps://www.topproduceronline.com/downloads/msjavx86.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/68.16/uploader2.cab
DPF: {3DC87637-DE84-4C2C-A75F-7F5398F15670} - hxxps://crm.cancer.org/acs/18393/applets/SiebelAx_HI_Client.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CC49479E-93A8-455E-959A-C49BE895D87C} - hxxp://206.159.163.41/webportal/plugins/VMPlayer.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://ptproxy01ea.societylink.org/dwa7W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{195AF9D7-EEBB-4DB9-8129-FD24F9882C6B} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{348A5F8A-AC78-4F34-9AFC-6ACD9A58D3B4} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{348A5F8A-AC78-4F34-9AFC-6ACD9A58D3B4}\4656661657C647 : DhcpNameServer = 192.168.0.1
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [FAStartup]
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun-x64: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\8xilcv1p.default\
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_3_6\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npxsciter.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-12 1161376]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120727.001\IDSviA64.sys [2012-7-29 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-4-4 2409800]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-5-1 181544]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-7-4 138232]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-1-29 689472]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-15 138912]
R3 HpGmb001;USB Mobile Packet Filter Driver;C:\Windows\system32\DRIVERS\HpGmb001.SYS --> C:\Windows\system32\DRIVERS\HpGmb001.SYS [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-22 1153368]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-15 113120]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-24 05:01:12 20480 ----a-w- C:\Windows\svchost.exe
2012-07-24 03:21:07 -------- d-----w- C:\Users\Mike\AppData\Local\NPE
2012-07-24 02:13:03 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-24 01:55:03 36168 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2012-07-23 20:58:06 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes
2012-07-23 20:57:53 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-23 20:57:53 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-23 20:57:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-22 18:22:44 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-22 18:22:44 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-04 21:06:34 737912 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\srtsp64.sys
2012-07-04 21:06:34 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\SymDS64.sys
2012-07-04 21:06:34 405624 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\symnets.sys
2012-07-04 21:06:34 37496 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\srtspx64.sys
2012-07-04 21:06:34 190072 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\Ironx64.sys
2012-07-04 21:06:34 167048 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\ccSetx64.sys
2012-07-04 21:06:34 1092728 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\SymEFA64.sys
2012-07-04 21:06:28 -------- d-----w- C:\Windows\System32\drivers\NISx64\1307010.005
2012-07-04 14:26:48 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-04 14:26:48 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-07-04 21:07:05 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-06-15 12:24:14 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 12:24:14 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
.
============= FINISH: 7:07:53.27 ===============

Attached Files



#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:48 PM

Posted 30 July 2012 - 11:38 AM

very sorry for the wait, the forum has been very busy lately,

please run the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 mjporp70

mjporp70
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 30 July 2012 - 09:12 PM

Thanks for the response CatByte. Below are the logs as requested.

FRST.txt

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 30-07-2012 22:54:48
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808680 2009-06-25] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-06-30] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [385560 2009-06-30] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365080 2009-06-30] (Intel Corporation)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [HP Input Device Main Program] C:\Program Files\HP\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe [530432 2008-09-19] ()
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [FAStartup] [x]
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95560 2010-04-04] (Sensible Vision )
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [141608 2010-07-21] (Apple Inc.)
HKLM-x32\...\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [185640 2009-05-01] (Seagate LLC)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-10-26] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Mike\...\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-06-22] (Google Inc.)
HKU\Mike\...\Run: [MusicManager] "C:\Users\Mike\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [13806080 2012-05-14] (Google Inc.)
HKU\Mike\...\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545" [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKLM\...\Runonce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue [x]
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-07-21] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Lsa: [Notification Packages] scecli
FAPassSync
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Judy\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mike\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 ABBYY.Licensing.FineReader.Sprint.9.0; "C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service [759048 2009-05-14] (ABBYY)
2 FreeAgentGoNext Service; "C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe" [181544 2009-05-01] (Seagate Technology LLC)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)

========================== Drivers (Whitelisted) =============

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [1161376 2012-06-19] (Symantec Corporation)
1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [167048 2011-11-29] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-05-31] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-05-31] (Symantec Corporation)
3 HpGmb001; C:\Windows\System32\Drivers\HpGmb001.sys [14336 2008-08-26] (Primax Electronics Ltd.)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120727.001\IDSvia64.sys [509088 2012-07-03] (Symantec Corporation)
3 mbamchameleon; C:\Windows\System32\Drivers\mbamchameleon.sys [36168 2012-07-23] ()
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120729.006\ENG64.SYS [120440 2012-07-29] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120729.006\EX64.SYS [2068600 2012-07-29] (Symantec Corporation)
1 SRTSP; C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS [737912 2012-03-29] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS [37496 2012-03-29] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1307010.005\SYMDS64.SYS [451192 2012-03-29] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1307010.005\SYMEFA64.SYS [1092728 2012-03-29] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-07-04] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [190072 2012-03-29] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [405624 2012-03-29] (Symantec Corporation)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
3 SYMFW; C:\Windows\System32\Drivers\NISx64\1008000.029\SYMFW.SYS [x]
3 SYMNDISV; C:\Windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-30 22:54 - 2012-07-30 22:54 - 00000000 ____D C:\FRST
2012-07-30 07:08 - 2012-07-30 07:08 - 00015568 ____A C:\Users\Mike\Desktop\Attach.txt
2012-07-29 19:05 - 2012-07-29 20:02 - 00000000 ____D C:\Users\Mike\Desktop\Phone SD Card Backup Personal 20120729
2012-07-24 23:09 - 2012-07-24 23:09 - 00000194 ____A C:\Users\Mike\Desktop\Norton Error.txt
2012-07-24 22:53 - 2012-07-24 22:53 - 00607260 ____R (Swearware) C:\Users\Mike\Desktop\dds.scr
2012-07-24 22:49 - 2012-07-24 23:28 - 00023237 ____A C:\Users\Mike\Desktop\DDS_orig.txt
2012-07-24 22:49 - 2012-07-24 23:28 - 00014547 ____A C:\Users\Mike\Desktop\Attach_orig.txt
2012-07-24 22:48 - 2012-07-24 22:48 - 00607260 ____R (Swearware) C:\Users\Mike\Downloads\dds.scr
2012-07-24 22:01 - 2012-07-24 22:01 - 00278664 ____A C:\Windows\Minidump\072412-29796-01.dmp
2012-07-24 01:01 - 2009-07-13 21:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-07-24 00:59 - 2012-07-24 01:00 - 00278672 ____A C:\Windows\Minidump\072412-54553-01.dmp
2012-07-24 00:44 - 2012-07-24 00:44 - 00278600 ____A C:\Windows\Minidump\072412-42432-01.dmp
2012-07-23 23:21 - 2012-07-24 00:53 - 00000000 ____D C:\Users\Mike\Local Settings\NPE
2012-07-23 23:21 - 2012-07-24 00:53 - 00000000 ____D C:\Users\Mike\Local Settings\Application Data\NPE
2012-07-23 23:21 - 2012-07-24 00:53 - 00000000 ____D C:\Users\Mike\AppData\Local\NPE
2012-07-23 22:13 - 2012-07-23 22:13 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-23 21:55 - 2012-07-23 21:55 - 00036168 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2012-07-23 21:47 - 2012-07-23 21:47 - 00278664 ____A C:\Windows\Minidump\072312-40560-01.dmp
2012-07-23 21:19 - 2012-07-23 21:19 - 00278664 ____A C:\Windows\Minidump\072312-31090-01.dmp
2012-07-23 16:58 - 2012-07-23 16:58 - 00000000 ____D C:\Users\Mike\Application Data\Malwarebytes
2012-07-23 16:58 - 2012-07-23 16:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes
2012-07-23 16:57 - 2012-07-23 16:57 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Mike\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-23 16:57 - 2012-07-23 16:57 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-23 16:57 - 2012-07-23 16:57 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-07-23 16:57 - 2012-07-23 16:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-23 16:57 - 2012-07-03 13:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-23 13:30 - 2012-07-23 22:44 - 00000133 ____A C:\Windows\wininit.ini
2012-07-22 14:22 - 2012-07-22 14:52 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-07-22 14:22 - 2012-07-22 14:52 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2012-07-22 14:22 - 2012-07-22 14:29 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-22 14:21 - 2012-07-22 14:21 - 16409960 ____A (Safer Networking Limited ) C:\Users\Mike\Downloads\spybotsd162.exe
2012-07-11 20:05 - 2012-07-11 20:05 - 00281736 ____A C:\Windows\Minidump\071112-28189-01.dmp
2012-07-09 18:32 - 2012-07-09 18:41 - 74036373 ____A C:\Users\Mike\Downloads\_ORDER_4019396_12405097.zip
2012-06-30 16:52 - 2012-06-30 16:52 - 00002205 ____A C:\Users\Mike\Desktop\CVCS 25th Reunion - Shortcut.lnk
2012-06-30 14:06 - 2012-06-30 14:09 - 00000000 ____D C:\Users\Judy\My Documents\Fax
2012-06-30 14:06 - 2012-06-30 14:09 - 00000000 ____D C:\Users\Judy\Documents\Fax

============ 3 Months Modified Files ========================

2012-07-30 21:44 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-30 21:44 - 2009-07-14 00:51 - 00052737 ____A C:\Windows\setupact.log
2012-07-30 09:50 - 2010-06-22 09:19 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3588040424-1623155414-4118458052-1000UA.job
2012-07-30 08:34 - 2009-07-14 00:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-30 08:34 - 2009-07-14 00:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-30 08:29 - 2009-07-14 01:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-30 07:08 - 2012-07-30 07:08 - 00015568 ____A C:\Users\Mike\Desktop\Attach.txt
2012-07-30 07:03 - 2012-04-19 06:46 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-07-30 06:50 - 2010-06-22 09:19 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3588040424-1623155414-4118458052-1000Core.job
2012-07-24 23:28 - 2012-07-24 22:49 - 00023237 ____A C:\Users\Mike\Desktop\DDS_orig.txt
2012-07-24 23:28 - 2012-07-24 22:49 - 00014547 ____A C:\Users\Mike\Desktop\Attach_orig.txt
2012-07-24 23:09 - 2012-07-24 23:09 - 00000194 ____A C:\Users\Mike\Desktop\Norton Error.txt
2012-07-24 22:53 - 2012-07-24 22:53 - 00607260 ____R (Swearware) C:\Users\Mike\Desktop\dds.scr
2012-07-24 22:48 - 2012-07-24 22:48 - 00607260 ____R (Swearware) C:\Users\Mike\Downloads\dds.scr
2012-07-24 22:01 - 2012-07-24 22:01 - 00278664 ____A C:\Windows\Minidump\072412-29796-01.dmp
2012-07-24 22:01 - 2011-03-18 06:47 - 438968755 ____A C:\Windows\MEMORY.DMP
2012-07-24 01:00 - 2012-07-24 00:59 - 00278672 ____A C:\Windows\Minidump\072412-54553-01.dmp
2012-07-24 00:44 - 2012-07-24 00:44 - 00278600 ____A C:\Windows\Minidump\072412-42432-01.dmp
2012-07-24 00:44 - 2010-01-29 09:13 - 00492656 ____A C:\Windows\PFRO.log
2012-07-23 22:44 - 2012-07-23 13:30 - 00000133 ____A C:\Windows\wininit.ini
2012-07-23 22:05 - 2009-07-14 01:10 - 01269219 ____A C:\Windows\WindowsUpdate.log
2012-07-23 21:55 - 2012-07-23 21:55 - 00036168 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2012-07-23 21:47 - 2012-07-23 21:47 - 00278664 ____A C:\Windows\Minidump\072312-40560-01.dmp
2012-07-23 21:19 - 2012-07-23 21:19 - 00278664 ____A C:\Windows\Minidump\072312-31090-01.dmp
2012-07-23 16:57 - 2012-07-23 16:57 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Mike\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-22 14:21 - 2012-07-22 14:21 - 16409960 ____A (Safer Networking Limited ) C:\Users\Mike\Downloads\spybotsd162.exe
2012-07-11 22:41 - 2009-07-14 01:08 - 00032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-11 20:10 - 2012-02-18 23:10 - 00002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-07-11 20:10 - 2012-02-18 23:10 - 00002016 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2012-07-11 20:05 - 2012-07-11 20:05 - 00281736 ____A C:\Windows\Minidump\071112-28189-01.dmp
2012-07-09 18:41 - 2012-07-09 18:32 - 74036373 ____A C:\Users\Mike\Downloads\_ORDER_4019396_12405097.zip
2012-07-04 17:09 - 2012-02-16 04:28 - 00002494 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-07-04 17:09 - 2012-02-16 04:28 - 00002494 ____A C:\Users\All Users\Desktop\Norton Internet Security.lnk
2012-07-04 17:08 - 2012-04-19 06:46 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-07-04 17:07 - 2010-02-05 20:30 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-07-04 17:07 - 2010-02-05 20:30 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-07-03 13:46 - 2012-07-23 16:57 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-30 16:52 - 2012-06-30 16:52 - 00002205 ____A C:\Users\Mike\Desktop\CVCS 25th Reunion - Shortcut.lnk
2012-06-28 07:49 - 2012-06-28 07:49 - 00001448 ____A C:\Users\Mike\Desktop\pics - Shortcut.lnk
2012-06-15 08:25 - 2012-06-15 08:25 - 39483256 ____A (Apple Inc.) C:\Users\Mike\Downloads\QuickTimeInstaller.exe
2012-06-15 08:24 - 2012-06-15 08:24 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-15 08:24 - 2011-12-19 09:44 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-11 21:43 - 2012-02-26 21:42 - 00001626 ____A C:\Users\Judy\Desktop\CVCS Class of 87 Addresses - Shortcut.lnk
2012-06-08 21:28 - 2012-06-08 20:55 - 00000079 ____A C:\Windows\EWF545.ini
2012-06-08 21:19 - 2012-06-08 21:19 - 00002074 ____A C:\Users\Public\Desktop\WorkForce 545_645 User's Guide.lnk
2012-06-08 21:19 - 2012-06-08 21:19 - 00002074 ____A C:\Users\All Users\Desktop\WorkForce 545_645 User's Guide.lnk
2012-06-08 20:58 - 2012-06-08 20:58 - 00000936 ____A C:\Users\Public\Desktop\EPSON Scan.lnk
2012-06-08 20:58 - 2012-06-08 20:58 - 00000936 ____A C:\Users\All Users\Desktop\EPSON Scan.lnk
2012-06-03 17:51 - 2012-06-03 17:51 - 00739808 ____A (Google Inc.) C:\Users\Mike\Downloads\musicmanagerinstaller.exe
2012-06-03 17:09 - 2011-11-27 11:54 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-03 17:09 - 2011-11-27 11:54 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-03 17:07 - 2012-06-03 17:07 - 00892360 ____A (Oracle Corporation) C:\Users\Mike\Downloads\chromeinstall-7u4.exe
2012-06-02 18:19 - 2012-06-21 05:31 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 18:19 - 2012-06-21 05:31 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 18:19 - 2012-06-21 05:31 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 18:19 - 2012-06-21 05:30 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 18:19 - 2012-06-21 05:30 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 18:15 - 2012-06-21 05:31 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 18:15 - 2012-06-21 05:30 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-06-21 05:30 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-06-21 05:30 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-12 04:08 - 2009-07-14 00:45 - 00383072 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-12 03:16 - 2010-02-04 22:49 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe


ZeroAccess:
C:\Windows\Installer\{6f17c38f-690a-058e-09e0-3cc98c00d8ff}
C:\Windows\Installer\{6f17c38f-690a-058e-09e0-3cc98c00d8ff}\L
C:\Windows\Installer\{6f17c38f-690a-058e-09e0-3cc98c00d8ff}\U
C:\Windows\Installer\{6f17c38f-690a-058e-09e0-3cc98c00d8ff}\L\00000004.@
C:\Windows\Installer\{6f17c38f-690a-058e-09e0-3cc98c00d8ff}\L\201d3dde

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Possible partition infection:
C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4056.36 MB
Available physical RAM: 3466.19 MB
Total Pagefile: 4054.51 MB
Available Pagefile: 3469.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:386.13 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (HP v125w) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 1912 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 451 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1911 MB 4096 B

==================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G HP v125w FAT32 Removable 1911 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-29 20:35

======================= End Of Log ==========================


Search.txt

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-30 22:56:35
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 19:19] - [2009-07-13 21:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 19:19] - [2009-07-13 21:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:48 PM

Posted 30 July 2012 - 09:26 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2012-07-24 01:01 - 2009-07-13 21:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
C:\Windows\Installer\{6f17c38f-690a-058e-09e0-3cc98c00d8ff}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\svchost.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 mjporp70

mjporp70
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 30 July 2012 - 09:49 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-30 23:44:08 Run:1
Running from E:\

==============================================

C:\Windows\svchost.exe moved successfully.
C:\Windows\Installer\{6f17c38f-690a-058e-09e0-3cc98c00d8ff} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\svchost.exe not found.

==== End of Fixlog ====

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:48 PM

Posted 30 July 2012 - 10:07 PM

:thumbup2: please move on to the ComboFix scan

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 mjporp70

mjporp70
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 30 July 2012 - 10:39 PM

Here is the log...

ComboFix 12-07-30.01 - Mike 07/31/2012 0:12.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2735 [GMT -4:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
c:\users\Mike\AppData\Local\.#
c:\users\Mike\AppData\Local\.#\MBX@14AC@2381C60.###
c:\users\Mike\AppData\Local\.#\MBX@14AC@2381C70.###
c:\users\Mike\AppData\Local\.#\MBX@14AC@2381C80.###
c:\users\Mike\AppData\Local\.#\MBX@14AC@2381C90.###
c:\users\Mike\AppData\Local\.#\MBX@19D0@2401C00.###
c:\users\Mike\AppData\Local\.#\MBX@19D0@2401C10.###
c:\users\Mike\AppData\Local\.#\MBX@19D0@2401C20.###
c:\users\Mike\AppData\Local\.#\MBX@19D0@2401C30.###
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-31 04:19 . 2012-07-31 04:19 -------- d-----w- c:\users\Judy\AppData\Local\temp
2012-07-31 04:19 . 2012-07-31 04:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 02:54 . 2012-07-31 02:54 -------- d-----w- C:\FRST
2012-07-24 03:21 . 2012-07-24 04:53 -------- d-----w- c:\users\Mike\AppData\Local\NPE
2012-07-24 02:13 . 2012-07-24 02:13 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-24 01:55 . 2012-07-24 01:55 36168 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-07-23 20:58 . 2012-07-23 20:58 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2012-07-23 20:57 . 2012-07-23 20:57 -------- d-----w- c:\programdata\Malwarebytes
2012-07-23 20:57 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-23 20:57 . 2012-07-23 20:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-22 18:22 . 2012-07-22 18:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-22 18:22 . 2012-07-22 18:29 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-04 21:06 . 2012-07-04 21:32 -------- d-----w- c:\windows\system32\drivers\NISx64\1307010.005
2012-07-04 14:26 . 2012-07-04 14:26 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-04 14:26 . 2012-07-04 14:26 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-04 21:07 . 2010-02-06 00:30 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-15 12:24 . 2012-06-15 12:24 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-15 12:24 . 2011-12-19 13:44 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 09:30 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 09:31 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 09:31 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 09:31 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 09:30 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 09:31 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 09:30 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 09:30 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 09:30 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-12 07:16 . 2010-02-05 02:49 57848688 ----a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MusicManager"="c:\users\Mike\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-05-14 13806080]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE" [2011-04-24 239488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-04-04 95560]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-07-21 165184]
.
c:\users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 15:43 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-07-24 36168]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-22 113120]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-31 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2012-03-29 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120728.001\IDSvia64.sys [2012-07-03 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-04-04 2409800]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe [2010-08-20 689472]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 HpGmb001;USB Mobile Packet Filter Driver;c:\windows\system32\DRIVERS\HpGmb001.SYS [2008-08-26 14336]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3588040424-1623155414-4118458052-1000Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-22 13:19]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3588040424-1623155414-4118458052-1000UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-22 13:19]
.
2012-07-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-07-31 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HP Input Device Main Program"="c:\program files\HP\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe" [2008-09-19 530432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 360448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: societylink.org\www
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab
DPF: {3DC87637-DE84-4C2C-A75F-7F5398F15670} - hxxps://crm.cancer.org/acs/18393/applets/SiebelAx_HI_Client.cab
DPF: {CC49479E-93A8-455E-959A-C49BE895D87C} - hxxp://206.159.163.41/webportal/plugins/VMPlayer.cab
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\8xilcv1p.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
.
**************************************************************************
.
Completion time: 2012-07-31 00:32:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-31 04:32
.
Pre-Run: 414,454,669,312 bytes free
Post-Run: 414,385,930,240 bytes free
.
- - End Of File - - A95C61F832DCE2D237EA122649A88388

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:48 PM

Posted 31 July 2012 - 08:27 AM

we still have a little more work to do,

please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT

For 64bit systems please download Listparts64

Run the tool,
check the "list BCD" box
click "Scan" and post the log (Result.txt) it makes.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 mjporp70

mjporp70
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 31 July 2012 - 07:56 PM

20:51:04.0449 0940 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:51:05.0260 0940 ============================================================
20:51:05.0260 0940 Current date / time: 2012/07/31 20:51:05.0260
20:51:05.0260 0940 SystemInfo:
20:51:05.0260 0940
20:51:05.0260 0940 OS Version: 6.1.7601 ServicePack: 1.0
20:51:05.0260 0940 Product type: Workstation
20:51:05.0260 0940 ComputerName: MJ-LAPTOP
20:51:05.0260 0940 UserName: Mike
20:51:05.0260 0940 Windows directory: C:\Windows
20:51:05.0260 0940 System windows directory: C:\Windows
20:51:05.0260 0940 Running under WOW64
20:51:05.0260 0940 Processor architecture: Intel x64
20:51:05.0260 0940 Number of processors: 2
20:51:05.0260 0940 Page size: 0x1000
20:51:05.0260 0940 Boot type: Normal boot
20:51:05.0260 0940 ============================================================
20:51:06.0149 0940 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:51:06.0149 0940 Drive \Device\Harddisk1\DR1 - Size: 0x77800000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:51:06.0165 0940 ============================================================
20:51:06.0165 0940 \Device\Harddisk0\DR0:
20:51:06.0165 0940 MBR partitions:
20:51:06.0165 0940 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
20:51:06.0165 0940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
20:51:06.0165 0940 \Device\Harddisk1\DR1:
20:51:06.0165 0940 MBR partitions:
20:51:06.0165 0940 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x8, BlocksNum 0x3BBFF8
20:51:06.0165 0940 ============================================================
20:51:06.0180 0940 C: <-> \Device\Harddisk0\DR0\Partition1
20:51:06.0180 0940 ============================================================
20:51:06.0180 0940 Initialize success
20:51:06.0180 0940 ============================================================
20:51:27.0568 5324 ============================================================
20:51:27.0568 5324 Scan started
20:51:27.0568 5324 Mode: Manual; TDLFS;
20:51:27.0568 5324 ============================================================
20:51:28.0629 5324 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:51:28.0863 5324 1394ohci - ok
20:51:29.0003 5324 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
20:51:29.0019 5324 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
20:51:29.0112 5324 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:51:29.0112 5324 ACPI - ok
20:51:29.0159 5324 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:51:29.0159 5324 AcpiPmi - ok
20:51:29.0268 5324 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:51:29.0331 5324 adp94xx - ok
20:51:29.0409 5324 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:51:29.0424 5324 adpahci - ok
20:51:29.0471 5324 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:51:29.0518 5324 adpu320 - ok
20:51:29.0611 5324 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:51:29.0611 5324 AeLookupSvc - ok
20:51:29.0705 5324 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:51:29.0705 5324 AFD - ok
20:51:29.0783 5324 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:51:29.0783 5324 agp440 - ok
20:51:29.0814 5324 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:51:29.0830 5324 ALG - ok
20:51:29.0861 5324 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:51:29.0861 5324 aliide - ok
20:51:29.0908 5324 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:51:29.0908 5324 amdide - ok
20:51:29.0955 5324 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:51:29.0955 5324 AmdK8 - ok
20:51:29.0970 5324 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:51:29.0970 5324 AmdPPM - ok
20:51:30.0033 5324 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:51:30.0064 5324 amdsata - ok
20:51:30.0126 5324 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:51:30.0126 5324 amdsbs - ok
20:51:30.0142 5324 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:51:30.0142 5324 amdxata - ok
20:51:30.0189 5324 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:51:30.0220 5324 AppID - ok
20:51:30.0251 5324 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:51:30.0267 5324 AppIDSvc - ok
20:51:30.0313 5324 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:51:30.0313 5324 Appinfo - ok
20:51:30.0516 5324 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:51:30.0516 5324 Apple Mobile Device - ok
20:51:30.0672 5324 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:51:30.0672 5324 arc - ok
20:51:30.0719 5324 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:51:30.0719 5324 arcsas - ok
20:51:30.0766 5324 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:51:30.0766 5324 AsyncMac - ok
20:51:30.0859 5324 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:51:30.0891 5324 atapi - ok
20:51:31.0078 5324 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:51:31.0109 5324 AudioEndpointBuilder - ok
20:51:31.0109 5324 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:51:31.0125 5324 AudioSrv - ok
20:51:31.0187 5324 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:51:31.0203 5324 AxInstSV - ok
20:51:31.0530 5324 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:51:31.0639 5324 b06bdrv - ok
20:51:31.0702 5324 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:51:31.0749 5324 b57nd60a - ok
20:51:31.0811 5324 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:51:31.0858 5324 BDESVC - ok
20:51:31.0905 5324 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:51:31.0920 5324 Beep - ok
20:51:32.0076 5324 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:51:32.0092 5324 BFE - ok
20:51:32.0435 5324 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
20:51:32.0451 5324 BHDrvx64 - ok
20:51:32.0638 5324 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:51:32.0638 5324 blbdrive - ok
20:51:32.0763 5324 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
20:51:32.0778 5324 Bonjour Service - ok
20:51:32.0841 5324 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:51:32.0872 5324 bowser - ok
20:51:32.0903 5324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:51:32.0919 5324 BrFiltLo - ok
20:51:32.0950 5324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:51:32.0950 5324 BrFiltUp - ok
20:51:33.0012 5324 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:51:33.0059 5324 BridgeMP - ok
20:51:33.0121 5324 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:51:33.0121 5324 Browser - ok
20:51:33.0168 5324 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:51:33.0184 5324 Brserid - ok
20:51:33.0246 5324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:51:33.0246 5324 BrSerWdm - ok
20:51:33.0262 5324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:51:33.0262 5324 BrUsbMdm - ok
20:51:33.0277 5324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:51:33.0277 5324 BrUsbSer - ok
20:51:33.0324 5324 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:51:33.0324 5324 BTHMODEM - ok
20:51:33.0371 5324 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:51:33.0387 5324 bthserv - ok
20:51:33.0449 5324 catchme - ok
20:51:33.0558 5324 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys
20:51:33.0558 5324 ccSet_NIS - ok
20:51:33.0621 5324 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:51:33.0636 5324 cdfs - ok
20:51:33.0699 5324 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:51:33.0730 5324 cdrom - ok
20:51:33.0792 5324 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:51:33.0808 5324 CertPropSvc - ok
20:51:33.0855 5324 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:51:33.0855 5324 circlass - ok
20:51:33.0917 5324 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:51:33.0917 5324 CLFS - ok
20:51:34.0026 5324 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:51:34.0042 5324 clr_optimization_v2.0.50727_32 - ok
20:51:34.0089 5324 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:51:34.0104 5324 clr_optimization_v2.0.50727_64 - ok
20:51:34.0167 5324 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:51:34.0213 5324 clr_optimization_v4.0.30319_32 - ok
20:51:34.0291 5324 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:51:34.0291 5324 clr_optimization_v4.0.30319_64 - ok
20:51:34.0323 5324 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:51:34.0338 5324 CmBatt - ok
20:51:34.0369 5324 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:51:34.0369 5324 cmdide - ok
20:51:34.0447 5324 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:51:34.0479 5324 CNG - ok
20:51:34.0494 5324 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:51:34.0494 5324 Compbatt - ok
20:51:34.0541 5324 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:51:34.0541 5324 CompositeBus - ok
20:51:34.0557 5324 COMSysApp - ok
20:51:34.0588 5324 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:51:34.0588 5324 crcdisk - ok
20:51:34.0650 5324 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:51:34.0666 5324 CryptSvc - ok
20:51:34.0713 5324 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
20:51:34.0744 5324 CtClsFlt - ok
20:51:34.0837 5324 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:51:34.0853 5324 DcomLaunch - ok
20:51:34.0915 5324 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:51:34.0947 5324 defragsvc - ok
20:51:34.0993 5324 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:51:34.0993 5324 DfsC - ok
20:51:35.0103 5324 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:51:35.0103 5324 Dhcp - ok
20:51:35.0134 5324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:51:35.0134 5324 discache - ok
20:51:35.0181 5324 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:51:35.0181 5324 Disk - ok
20:51:35.0243 5324 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:51:35.0243 5324 Dnscache - ok
20:51:35.0352 5324 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
20:51:35.0352 5324 DockLoginService - ok
20:51:35.0415 5324 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:51:35.0430 5324 dot3svc - ok
20:51:35.0477 5324 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:51:35.0493 5324 DPS - ok
20:51:35.0524 5324 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:51:35.0524 5324 drmkaud - ok
20:51:35.0664 5324 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:51:35.0680 5324 DXGKrnl - ok
20:51:35.0711 5324 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:51:35.0711 5324 EapHost - ok
20:51:36.0117 5324 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:51:36.0226 5324 ebdrv - ok
20:51:36.0382 5324 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:51:36.0397 5324 eeCtrl - ok
20:51:36.0522 5324 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:51:36.0538 5324 EFS - ok
20:51:36.0663 5324 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:51:36.0678 5324 ehRecvr - ok
20:51:36.0709 5324 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:51:36.0741 5324 ehSched - ok
20:51:36.0865 5324 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:51:36.0897 5324 elxstor - ok
20:51:37.0037 5324 EpsonCustomerParticipation (757305c7ad34222f4a46d86fe0bee241) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
20:51:37.0068 5324 EpsonCustomerParticipation - ok
20:51:37.0177 5324 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:51:37.0193 5324 EraserUtilRebootDrv - ok
20:51:37.0255 5324 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:51:37.0287 5324 ErrDev - ok
20:51:37.0443 5324 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:51:37.0474 5324 EventSystem - ok
20:51:37.0583 5324 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:51:37.0583 5324 exfat - ok
20:51:37.0708 5324 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
20:51:37.0723 5324 FACAP - ok
20:51:38.0082 5324 FAService (53e30a6e86aa93c0ffc0bc0439e3e636) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
20:51:38.0098 5324 FAService - ok
20:51:38.0269 5324 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:51:38.0301 5324 fastfat - ok
20:51:38.0425 5324 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:51:38.0457 5324 Fax - ok
20:51:38.0488 5324 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:51:38.0488 5324 fdc - ok
20:51:38.0519 5324 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:51:38.0535 5324 fdPHost - ok
20:51:38.0550 5324 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:51:38.0550 5324 FDResPub - ok
20:51:38.0566 5324 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:51:38.0597 5324 FileInfo - ok
20:51:38.0628 5324 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:51:38.0628 5324 Filetrace - ok
20:51:38.0659 5324 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:51:38.0659 5324 flpydisk - ok
20:51:38.0722 5324 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:51:38.0753 5324 FltMgr - ok
20:51:38.0909 5324 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:51:38.0925 5324 FontCache - ok
20:51:39.0003 5324 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:51:39.0018 5324 FontCache3.0.0.0 - ok
20:51:39.0174 5324 FreeAgentGoNext Service (07af7870abf051ebbae8a8a92ff34abe) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
20:51:39.0190 5324 FreeAgentGoNext Service - ok
20:51:39.0315 5324 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:51:39.0315 5324 FsDepends - ok
20:51:39.0346 5324 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:51:39.0361 5324 Fs_Rec - ok
20:51:39.0439 5324 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:51:39.0439 5324 fvevol - ok
20:51:39.0486 5324 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:51:39.0486 5324 gagp30kx - ok
20:51:39.0533 5324 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:51:39.0549 5324 GEARAspiWDM - ok
20:51:39.0580 5324 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
20:51:39.0595 5324 GoToAssist - ok
20:51:39.0720 5324 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:51:39.0720 5324 gpsvc - ok
20:51:39.0736 5324 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:51:39.0751 5324 hcw85cir - ok
20:51:39.0829 5324 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:51:39.0829 5324 HDAudBus - ok
20:51:39.0845 5324 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:51:39.0845 5324 HidBatt - ok
20:51:39.0876 5324 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:51:39.0876 5324 HidBth - ok
20:51:39.0892 5324 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:51:39.0892 5324 HidIr - ok
20:51:39.0923 5324 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:51:39.0954 5324 hidserv - ok
20:51:40.0001 5324 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:51:40.0001 5324 HidUsb - ok
20:51:40.0063 5324 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:51:40.0063 5324 hkmsvc - ok
20:51:40.0126 5324 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:51:40.0126 5324 HomeGroupListener - ok
20:51:40.0188 5324 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:51:40.0188 5324 HomeGroupProvider - ok
20:51:40.0219 5324 HpGmb001 (207bc26127847b912054985dda5614b2) C:\Windows\system32\DRIVERS\HpGmb001.SYS
20:51:40.0235 5324 HpGmb001 - ok
20:51:40.0266 5324 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:51:40.0266 5324 HpSAMD - ok
20:51:40.0391 5324 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:51:40.0407 5324 HTTP - ok
20:51:40.0453 5324 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:51:40.0453 5324 hwpolicy - ok
20:51:40.0516 5324 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:51:40.0531 5324 i8042prt - ok
20:51:40.0656 5324 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:51:40.0656 5324 IAANTMON - ok
20:51:40.0765 5324 iaStor (4f6fb2cdbdeefc47e7d2066e78254580) C:\Windows\system32\DRIVERS\iaStor.sys
20:51:40.0765 5324 iaStor - ok
20:51:40.0859 5324 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:51:40.0875 5324 iaStorV - ok
20:51:41.0046 5324 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:51:41.0077 5324 idsvc - ok
20:51:41.0343 5324 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120728.001\IDSvia64.sys
20:51:41.0343 5324 IDSVia64 - ok
20:51:42.0466 5324 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:51:42.0622 5324 igfx - ok
20:51:42.0903 5324 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:51:42.0918 5324 iirsp - ok
20:51:43.0074 5324 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:51:43.0090 5324 IKEEXT - ok
20:51:43.0137 5324 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:51:43.0152 5324 intelide - ok
20:51:43.0199 5324 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:51:43.0199 5324 intelppm - ok
20:51:43.0246 5324 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:51:43.0261 5324 IPBusEnum - ok
20:51:43.0324 5324 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:51:43.0324 5324 IpFilterDriver - ok
20:51:43.0464 5324 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:51:43.0464 5324 iphlpsvc - ok
20:51:43.0620 5324 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:51:43.0651 5324 IPMIDRV - ok
20:51:43.0885 5324 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:51:43.0932 5324 IPNAT - ok
20:51:44.0197 5324 iPod Service (056ab99a00e2023a24ab4f067880cc3e) C:\Program Files\iPod\bin\iPodService.exe
20:51:44.0197 5324 iPod Service - ok
20:51:44.0244 5324 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:51:44.0275 5324 IRENUM - ok
20:51:44.0307 5324 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:51:44.0322 5324 isapnp - ok
20:51:44.0385 5324 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:51:44.0431 5324 iScsiPrt - ok
20:51:44.0509 5324 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:51:44.0509 5324 kbdclass - ok
20:51:44.0556 5324 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:51:44.0587 5324 kbdhid - ok
20:51:44.0634 5324 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:51:44.0634 5324 KeyIso - ok
20:51:44.0681 5324 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:51:44.0681 5324 KSecDD - ok
20:51:44.0743 5324 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:51:44.0743 5324 KSecPkg - ok
20:51:44.0775 5324 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:51:44.0775 5324 ksthunk - ok
20:51:44.0868 5324 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:51:44.0915 5324 KtmRm - ok
20:51:45.0009 5324 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:51:45.0009 5324 LanmanServer - ok
20:51:45.0071 5324 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:51:45.0071 5324 LanmanWorkstation - ok
20:51:45.0149 5324 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:51:45.0149 5324 lltdio - ok
20:51:45.0211 5324 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:51:45.0258 5324 lltdsvc - ok
20:51:45.0289 5324 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:51:45.0289 5324 lmhosts - ok
20:51:45.0321 5324 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:51:45.0336 5324 LSI_FC - ok
20:51:45.0414 5324 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:51:45.0430 5324 LSI_SAS - ok
20:51:45.0461 5324 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:51:45.0461 5324 LSI_SAS2 - ok
20:51:45.0492 5324 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:51:45.0508 5324 LSI_SCSI - ok
20:51:45.0539 5324 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:51:45.0555 5324 luafv - ok
20:51:45.0617 5324 mbamchameleon (4a0489f1cce69bb7371f8ea66efe78ec) C:\Windows\system32\drivers\mbamchameleon.sys
20:51:45.0633 5324 mbamchameleon - ok
20:51:45.0664 5324 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:51:45.0679 5324 Mcx2Svc - ok
20:51:45.0726 5324 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:51:45.0726 5324 megasas - ok
20:51:45.0773 5324 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:51:45.0804 5324 MegaSR - ok
20:51:45.0835 5324 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:51:45.0835 5324 MMCSS - ok
20:51:45.0851 5324 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:51:45.0851 5324 Modem - ok
20:51:45.0898 5324 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:51:45.0898 5324 monitor - ok
20:51:45.0945 5324 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:51:45.0945 5324 mouclass - ok
20:51:45.0991 5324 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:51:45.0991 5324 mouhid - ok
20:51:46.0038 5324 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:51:46.0038 5324 mountmgr - ok
20:51:46.0179 5324 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:51:46.0179 5324 MozillaMaintenance - ok
20:51:46.0225 5324 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:51:46.0241 5324 mpio - ok
20:51:46.0272 5324 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:51:46.0288 5324 mpsdrv - ok
20:51:46.0428 5324 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:51:46.0444 5324 MpsSvc - ok
20:51:46.0491 5324 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:51:46.0491 5324 MRxDAV - ok
20:51:46.0553 5324 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:51:46.0584 5324 mrxsmb - ok
20:51:46.0647 5324 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:51:46.0678 5324 mrxsmb10 - ok
20:51:46.0740 5324 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:51:46.0756 5324 mrxsmb20 - ok
20:51:46.0787 5324 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:51:46.0803 5324 msahci - ok
20:51:46.0849 5324 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:51:46.0865 5324 msdsm - ok
20:51:46.0896 5324 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:51:46.0912 5324 MSDTC - ok
20:51:46.0943 5324 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:51:46.0959 5324 Msfs - ok
20:51:46.0974 5324 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:51:46.0974 5324 mshidkmdf - ok
20:51:47.0005 5324 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:51:47.0037 5324 msisadrv - ok
20:51:47.0099 5324 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:51:47.0115 5324 MSiSCSI - ok
20:51:47.0115 5324 msiserver - ok
20:51:47.0146 5324 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:51:47.0146 5324 MSKSSRV - ok
20:51:47.0177 5324 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:51:47.0177 5324 MSPCLOCK - ok
20:51:47.0177 5324 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:51:47.0193 5324 MSPQM - ok
20:51:47.0255 5324 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:51:47.0255 5324 MsRPC - ok
20:51:47.0302 5324 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:51:47.0302 5324 mssmbios - ok
20:51:47.0317 5324 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:51:47.0333 5324 MSTEE - ok
20:51:47.0349 5324 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:51:47.0364 5324 MTConfig - ok
20:51:47.0395 5324 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:51:47.0395 5324 Mup - ok
20:51:47.0489 5324 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:51:47.0536 5324 napagent - ok
20:51:47.0629 5324 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:51:47.0645 5324 NativeWifiP - ok
20:51:47.0801 5324 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120730.017\ENG64.SYS
20:51:47.0817 5324 NAVENG - ok
20:51:48.0066 5324 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120730.017\EX64.SYS
20:51:48.0082 5324 NAVEX15 - ok
20:51:48.0394 5324 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:51:48.0409 5324 NDIS - ok
20:51:48.0472 5324 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:51:48.0472 5324 NdisCap - ok
20:51:48.0488 5324 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:51:48.0488 5324 NdisTapi - ok
20:51:48.0534 5324 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:51:48.0550 5324 Ndisuio - ok
20:51:48.0612 5324 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:51:48.0659 5324 NdisWan - ok
20:51:48.0706 5324 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:51:48.0706 5324 NDProxy - ok
20:51:48.0753 5324 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:51:48.0753 5324 NetBIOS - ok
20:51:48.0815 5324 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:51:48.0831 5324 NetBT - ok
20:51:48.0862 5324 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:51:48.0862 5324 Netlogon - ok
20:51:48.0940 5324 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:51:48.0956 5324 Netman - ok
20:51:49.0002 5324 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:51:49.0002 5324 netprofm - ok
20:51:49.0096 5324 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:51:49.0127 5324 NetTcpPortSharing - ok
20:51:49.0938 5324 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
20:51:50.0079 5324 NETw5s64 - ok
20:51:50.0235 5324 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:51:50.0235 5324 nfrd960 - ok
20:51:50.0484 5324 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
20:51:50.0484 5324 NIS - ok
20:51:50.0625 5324 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:51:50.0625 5324 NlaSvc - ok
20:51:50.0656 5324 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:51:50.0656 5324 Npfs - ok
20:51:50.0687 5324 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:51:50.0687 5324 nsi - ok
20:51:50.0734 5324 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:51:50.0734 5324 nsiproxy - ok
20:51:51.0077 5324 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:51:51.0171 5324 Ntfs - ok
20:51:51.0420 5324 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
20:51:51.0436 5324 NuidFltr - ok
20:51:51.0467 5324 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:51:51.0467 5324 Null - ok
20:51:51.0514 5324 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:51:51.0545 5324 nvraid - ok
20:51:51.0592 5324 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:51:51.0623 5324 nvstor - ok
20:51:51.0654 5324 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:51:51.0717 5324 nv_agp - ok
20:51:51.0748 5324 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:51:51.0764 5324 ohci1394 - ok
20:51:51.0857 5324 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:51:51.0873 5324 ose - ok
20:51:51.0920 5324 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:51:51.0920 5324 p2pimsvc - ok
20:51:51.0966 5324 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:51:51.0982 5324 p2psvc - ok
20:51:52.0013 5324 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:51:52.0013 5324 Parport - ok
20:51:52.0044 5324 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:51:52.0060 5324 partmgr - ok
20:51:52.0107 5324 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:51:52.0107 5324 PcaSvc - ok
20:51:52.0154 5324 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:51:52.0154 5324 pci - ok
20:51:52.0185 5324 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:51:52.0185 5324 pciide - ok
20:51:52.0232 5324 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:51:52.0247 5324 pcmcia - ok
20:51:52.0278 5324 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:51:52.0278 5324 pcw - ok
20:51:52.0466 5324 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:51:52.0528 5324 PEAUTH - ok
20:51:52.0731 5324 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:51:52.0731 5324 PerfHost - ok
20:51:53.0121 5324 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:51:53.0168 5324 pla - ok
20:51:53.0261 5324 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:51:53.0308 5324 PlugPlay - ok
20:51:53.0339 5324 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:51:53.0355 5324 PNRPAutoReg - ok
20:51:53.0402 5324 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:51:53.0417 5324 PNRPsvc - ok
20:51:53.0573 5324 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:51:53.0589 5324 PolicyAgent - ok
20:51:53.0651 5324 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:51:53.0667 5324 Power - ok
20:51:54.0228 5324 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:51:54.0244 5324 PptpMiniport - ok
20:51:54.0291 5324 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:51:54.0291 5324 Processor - ok
20:51:54.0369 5324 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:51:54.0384 5324 ProfSvc - ok
20:51:54.0431 5324 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:51:54.0447 5324 ProtectedStorage - ok
20:51:54.0556 5324 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:51:54.0556 5324 Psched - ok
20:51:54.0603 5324 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:51:54.0618 5324 PxHlpa64 - ok
20:51:54.0962 5324 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:51:55.0024 5324 ql2300 - ok
20:51:55.0242 5324 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:51:55.0242 5324 ql40xx - ok
20:51:55.0289 5324 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:51:55.0320 5324 QWAVE - ok
20:51:55.0352 5324 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:51:55.0352 5324 QWAVEdrv - ok
20:51:55.0352 5324 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:51:55.0367 5324 RasAcd - ok
20:51:55.0398 5324 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:51:55.0398 5324 RasAgileVpn - ok
20:51:55.0430 5324 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:51:55.0445 5324 RasAuto - ok
20:51:55.0508 5324 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:51:55.0539 5324 Rasl2tp - ok
20:51:55.0648 5324 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:51:55.0648 5324 RasMan - ok
20:51:55.0710 5324 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:51:55.0710 5324 RasPppoe - ok
20:51:55.0726 5324 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:51:55.0726 5324 RasSstp - ok
20:51:55.0804 5324 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:51:55.0804 5324 rdbss - ok
20:51:55.0820 5324 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:51:55.0820 5324 rdpbus - ok
20:51:55.0835 5324 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:51:55.0835 5324 RDPCDD - ok
20:51:55.0882 5324 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:51:55.0882 5324 RDPENCDD - ok
20:51:55.0898 5324 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:51:55.0898 5324 RDPREFMP - ok
20:51:55.0960 5324 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:51:55.0991 5324 RDPWD - ok
20:51:56.0054 5324 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:51:56.0069 5324 rdyboost - ok
20:51:56.0116 5324 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:51:56.0132 5324 RemoteAccess - ok
20:51:56.0178 5324 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:51:56.0225 5324 RemoteRegistry - ok
20:51:56.0256 5324 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:51:56.0272 5324 RpcEptMapper - ok
20:51:56.0288 5324 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:51:56.0303 5324 RpcLocator - ok
20:51:56.0412 5324 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:51:56.0412 5324 RpcSs - ok
20:51:56.0475 5324 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:51:56.0490 5324 rspndr - ok
20:51:56.0584 5324 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
20:51:56.0584 5324 RSUSBSTOR - ok
20:51:56.0631 5324 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:51:56.0631 5324 SamSs - ok
20:51:56.0678 5324 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:51:56.0693 5324 sbp2port - ok
20:51:57.0239 5324 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:51:57.0286 5324 SBSDWSCService - ok
20:51:57.0364 5324 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:51:57.0426 5324 SCardSvr - ok
20:51:57.0551 5324 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:51:57.0614 5324 scfilter - ok
20:51:57.0848 5324 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:51:57.0894 5324 Schedule - ok
20:51:57.0988 5324 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:51:57.0988 5324 SCPolicySvc - ok
20:51:58.0097 5324 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:51:58.0128 5324 SDRSVC - ok
20:51:58.0331 5324 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
20:51:58.0347 5324 SeaPort - ok
20:51:58.0394 5324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:51:58.0409 5324 secdrv - ok
20:51:58.0456 5324 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:51:58.0456 5324 seclogon - ok
20:51:58.0503 5324 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:51:58.0503 5324 SENS - ok
20:51:58.0534 5324 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:51:58.0534 5324 SensrSvc - ok
20:51:58.0550 5324 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:51:58.0565 5324 Serenum - ok
20:51:58.0628 5324 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:51:58.0628 5324 Serial - ok
20:51:58.0659 5324 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:51:58.0706 5324 sermouse - ok
20:51:58.0768 5324 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:51:58.0799 5324 SessionEnv - ok
20:51:58.0830 5324 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:51:58.0846 5324 sffdisk - ok
20:51:58.0862 5324 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:51:58.0877 5324 sffp_mmc - ok
20:51:58.0893 5324 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:51:58.0893 5324 sffp_sd - ok
20:51:58.0955 5324 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:51:58.0955 5324 sfloppy - ok
20:51:59.0361 5324 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
20:51:59.0392 5324 SftService - ok
20:51:59.0532 5324 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:51:59.0548 5324 SharedAccess - ok
20:51:59.0642 5324 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:51:59.0642 5324 ShellHWDetection - ok
20:51:59.0735 5324 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:51:59.0766 5324 SiSRaid2 - ok
20:51:59.0798 5324 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:51:59.0813 5324 SiSRaid4 - ok
20:51:59.0844 5324 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:51:59.0860 5324 Smb - ok
20:51:59.0922 5324 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:51:59.0922 5324 SNMPTRAP - ok
20:51:59.0938 5324 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:51:59.0938 5324 spldr - ok
20:52:00.0078 5324 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:52:00.0094 5324 Spooler - ok
20:52:01.0264 5324 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:52:01.0358 5324 sppsvc - ok
20:52:01.0592 5324 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:52:01.0623 5324 sppuinotify - ok
20:52:02.0169 5324 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS
20:52:02.0200 5324 SRTSP - ok
20:52:02.0231 5324 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS
20:52:02.0231 5324 SRTSPX - ok
20:52:02.0418 5324 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:52:02.0481 5324 srv - ok
20:52:02.0574 5324 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:52:02.0606 5324 srv2 - ok
20:52:02.0652 5324 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:52:02.0684 5324 srvnet - ok
20:52:02.0746 5324 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:52:02.0762 5324 SSDPSRV - ok
20:52:02.0808 5324 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:52:02.0808 5324 SstpSvc - ok
20:52:03.0074 5324 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
20:52:03.0074 5324 STacSV - ok
20:52:03.0105 5324 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:52:03.0120 5324 stexstor - ok
20:52:03.0214 5324 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
20:52:03.0245 5324 STHDA - ok
20:52:03.0464 5324 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:52:03.0479 5324 stisvc - ok
20:52:03.0526 5324 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:52:03.0526 5324 swenum - ok
20:52:03.0698 5324 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:52:03.0713 5324 swprv - ok
20:52:03.0932 5324 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS
20:52:03.0947 5324 SymDS - ok
20:52:04.0150 5324 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS
20:52:04.0212 5324 SymEFA - ok
20:52:04.0275 5324 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:52:04.0275 5324 SymEvent - ok
20:52:04.0306 5324 SYMFW - ok
20:52:04.0368 5324 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS
20:52:04.0368 5324 SymIRON - ok
20:52:04.0400 5324 SYMNDISV - ok
20:52:04.0462 5324 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS
20:52:04.0478 5324 SymNetS - ok
20:52:04.0649 5324 SynTP (3178b56219e0e4fb5f95299e49b83b44) C:\Windows\system32\DRIVERS\SynTP.sys
20:52:04.0665 5324 SynTP - ok
20:52:05.0039 5324 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:52:05.0117 5324 SysMain - ok
20:52:05.0351 5324 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:52:05.0367 5324 TabletInputService - ok
20:52:05.0570 5324 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:52:05.0585 5324 TapiSrv - ok
20:52:05.0616 5324 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:52:05.0616 5324 TBS - ok
20:52:06.0131 5324 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:52:06.0225 5324 Tcpip - ok
20:52:07.0005 5324 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:52:07.0020 5324 TCPIP6 - ok
20:52:07.0395 5324 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:52:07.0442 5324 tcpipreg - ok
20:52:07.0535 5324 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:52:07.0551 5324 TDPIPE - ok
20:52:07.0582 5324 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:52:07.0598 5324 TDTCP - ok
20:52:07.0644 5324 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:52:07.0660 5324 tdx - ok
20:52:07.0707 5324 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:52:07.0707 5324 TermDD - ok
20:52:08.0253 5324 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:52:08.0268 5324 TermService - ok
20:52:08.0315 5324 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:52:08.0315 5324 Themes - ok
20:52:08.0362 5324 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:52:08.0362 5324 THREADORDER - ok
20:52:08.0487 5324 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:52:08.0502 5324 TrkWks - ok
20:52:08.0627 5324 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:52:08.0627 5324 TrustedInstaller - ok
20:52:08.0674 5324 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:52:08.0690 5324 tssecsrv - ok
20:52:08.0752 5324 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:52:08.0752 5324 TsUsbFlt - ok
20:52:08.0814 5324 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:52:08.0814 5324 tunnel - ok
20:52:08.0846 5324 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:52:08.0861 5324 uagp35 - ok
20:52:08.0939 5324 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:52:08.0939 5324 udfs - ok
20:52:08.0970 5324 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:52:08.0986 5324 UI0Detect - ok
20:52:09.0033 5324 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:52:09.0033 5324 uliagpkx - ok
20:52:09.0080 5324 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:52:09.0080 5324 umbus - ok
20:52:09.0251 5324 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:52:09.0282 5324 UmPass - ok
20:52:09.0501 5324 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:52:09.0548 5324 upnphost - ok
20:52:09.0626 5324 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:52:09.0657 5324 usbccgp - ok
20:52:09.0782 5324 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:52:09.0813 5324 usbcir - ok
20:52:09.0844 5324 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:52:09.0860 5324 usbehci - ok
20:52:09.0922 5324 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:52:09.0953 5324 usbhub - ok
20:52:10.0016 5324 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:52:10.0016 5324 usbohci - ok
20:52:10.0109 5324 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:52:10.0140 5324 usbprint - ok
20:52:10.0172 5324 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:52:10.0172 5324 USBSTOR - ok
20:52:10.0203 5324 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
20:52:10.0218 5324 usbuhci - ok
20:52:10.0296 5324 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:52:10.0296 5324 usbvideo - ok
20:52:10.0328 5324 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:52:10.0343 5324 UxSms - ok
20:52:10.0390 5324 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:52:10.0390 5324 VaultSvc - ok
20:52:10.0702 5324 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:52:10.0702 5324 vdrvroot - ok
20:52:11.0451 5324 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:52:11.0513 5324 vds - ok
20:52:11.0560 5324 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:52:11.0560 5324 vga - ok
20:52:11.0591 5324 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:52:11.0591 5324 VgaSave - ok
20:52:11.0934 5324 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:52:11.0966 5324 vhdmp - ok
20:52:11.0997 5324 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:52:12.0012 5324 viaide - ok
20:52:12.0059 5324 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:52:12.0075 5324 volmgr - ok
20:52:12.0153 5324 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:52:12.0153 5324 volmgrx - ok
20:52:12.0246 5324 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:52:12.0262 5324 volsnap - ok
20:52:12.0324 5324 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:52:12.0356 5324 vsmraid - ok
20:52:12.0964 5324 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:52:13.0026 5324 VSS - ok
20:52:13.0370 5324 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:52:13.0385 5324 vwifibus - ok
20:52:13.0448 5324 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:52:13.0448 5324 vwififlt - ok
20:52:13.0479 5324 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:52:13.0479 5324 vwifimp - ok
20:52:13.0557 5324 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:52:13.0572 5324 W32Time - ok
20:52:13.0604 5324 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:52:13.0604 5324 WacomPen - ok
20:52:13.0666 5324 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:52:13.0682 5324 WANARP - ok
20:52:13.0697 5324 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:52:13.0697 5324 Wanarpv6 - ok
20:52:14.0415 5324 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:52:14.0540 5324 WatAdminSvc - ok
20:52:17.0878 5324 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:52:17.0909 5324 wbengine - ok
20:52:18.0299 5324 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:52:18.0346 5324 WbioSrvc - ok
20:52:18.0424 5324 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:52:18.0424 5324 wcncsvc - ok
20:52:18.0518 5324 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:52:18.0533 5324 WcsPlugInService - ok
20:52:18.0658 5324 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:52:18.0658 5324 Wd - ok
20:52:18.0752 5324 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:52:18.0752 5324 Wdf01000 - ok
20:52:18.0845 5324 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:52:18.0845 5324 WdiServiceHost - ok
20:52:18.0845 5324 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:52:18.0861 5324 WdiSystemHost - ok
20:52:18.0939 5324 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:52:18.0986 5324 WebClient - ok
20:52:19.0157 5324 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:52:19.0188 5324 Wecsvc - ok
20:52:19.0220 5324 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:52:19.0235 5324 wercplsupport - ok
20:52:19.0282 5324 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:52:19.0282 5324 WerSvc - ok
20:52:19.0376 5324 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:52:19.0376 5324 WfpLwf - ok
20:52:19.0469 5324 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
20:52:19.0516 5324 WimFltr - ok
20:52:19.0547 5324 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:52:19.0547 5324 WIMMount - ok
20:52:19.0578 5324 WinDefend - ok
20:52:19.0578 5324 WinHttpAutoProxySvc - ok
20:52:19.0859 5324 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:52:19.0875 5324 Winmgmt - ok
20:52:20.0733 5324 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:52:20.0842 5324 WinRM - ok
20:52:21.0497 5324 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:52:21.0513 5324 Wlansvc - ok
20:52:21.0653 5324 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:52:21.0653 5324 WmiAcpi - ok
20:52:22.0215 5324 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:52:22.0262 5324 wmiApSrv - ok
20:52:22.0324 5324 WMPNetworkSvc - ok
20:52:22.0464 5324 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:52:22.0480 5324 WPCSvc - ok
20:52:22.0542 5324 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:52:22.0558 5324 WPDBusEnum - ok
20:52:22.0652 5324 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:52:22.0652 5324 ws2ifsl - ok
20:52:22.0730 5324 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:52:22.0730 5324 wscsvc - ok
20:52:22.0745 5324 WSearch - ok
20:52:22.0948 5324 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:52:23.0010 5324 wuauserv - ok
20:52:23.0478 5324 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:52:23.0494 5324 WudfPf - ok
20:52:23.0572 5324 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:52:23.0588 5324 WUDFRd - ok
20:52:23.0650 5324 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:52:23.0650 5324 wudfsvc - ok
20:52:23.0728 5324 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:52:23.0759 5324 WwanSvc - ok
20:52:23.0853 5324 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
20:52:23.0853 5324 yukonw7 - ok
20:52:23.0915 5324 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
20:52:23.0962 5324 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
20:52:23.0962 5324 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
20:52:24.0524 5324 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:52:24.0524 5324 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:52:24.0524 5324 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:52:27.0316 5324 \Device\Harddisk1\DR1 - ok
20:52:27.0347 5324 Boot (0x1200) (844c807994e1622088c74b59aca5fb41) \Device\Harddisk0\DR0\Partition0
20:52:27.0347 5324 \Device\Harddisk0\DR0\Partition0 - ok
20:52:27.0363 5324 Boot (0x1200) (7083c35f024f45e2e59cb5d4f57289d3) \Device\Harddisk0\DR0\Partition1
20:52:27.0363 5324 \Device\Harddisk0\DR0\Partition1 - ok
20:52:27.0363 5324 Boot (0x1200) (8291488b438c80cf8a0f9c9cbff7dc63) \Device\Harddisk1\DR1\Partition0
20:52:27.0378 5324 \Device\Harddisk1\DR1\Partition0 - ok
20:52:27.0378 5324 ============================================================
20:52:27.0378 5324 Scan finished
20:52:27.0378 5324 ============================================================
20:52:27.0628 5608 Detected object count: 2
20:52:27.0628 5608 Actual detected object count: 2
20:53:06.0893 5608 \Device\Harddisk0\DR0\# - copied to quarantine
20:53:06.0893 5608 \Device\Harddisk0\DR0 - copied to quarantine
20:53:15.0816 5608 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:53:16.0238 5608 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:53:16.0472 5608 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:53:19.0748 5608 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:53:22.0322 5608 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:53:22.0368 5608 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
20:53:22.0415 5608 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:53:22.0571 5608 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:53:22.0946 5608 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:53:23.0429 5608 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:53:23.0492 5608 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
20:53:23.0601 5608 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
20:53:23.0648 5608 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
20:53:23.0804 5608 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
20:53:23.0819 5608 \Device\Harddisk0\DR0 - ok
20:53:24.0303 5608 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
20:53:24.0303 5608 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:53:24.0303 5608 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:53:35.0948 3504 Deinitialize success

#13 mjporp70

mjporp70
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 31 July 2012 - 07:58 PM

ListParts by Farbar Version: 25-07-2012
Ran by Mike (administrator) on 31-07-2012 at 20:57:22
Windows 7 (X64)
Running From: C:\Users\Mike\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 33%
Total physical RAM: 4056.36 MB
Available physical RAM: 2695.39 MB
Total Pagefile: 8110.92 MB
Available Pagefile: 6667.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:386.02 GB) NTFS
3 Drive e: (HP v125w) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1912 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 451 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 RECOVERY NTFS Partition 14 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy Boot

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1911 MB 4096 B

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP v125w FAT32 Removable 1911 MB Healthy

======================================================================================================

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=\Device\HarddiskVolume2
description Windows Boot Manager
locale en-us
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {92155eef-0cd5-11df-8ccf-a4badb9e06f0}
resumeobject {92155eee-0cd5-11df-8ccf-a4badb9e06f0}
displayorder {92155eef-0cd5-11df-8ccf-a4badb9e06f0}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {92155eef-0cd5-11df-8ccf-a4badb9e06f0}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-us
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {92155ef0-0cd5-11df-8ccf-a4badb9e06f0}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {92155eee-0cd5-11df-8ccf-a4badb9e06f0}
nx OptIn
bootlog No

Windows Boot Loader
-------------------
identifier {92155ef0-0cd5-11df-8ccf-a4badb9e06f0}
device ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\winre.wim,{92155ef1-0cd5-11df-8ccf-a4badb9e06f0}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\winre.wim,{92155ef1-0cd5-11df-8ccf-a4badb9e06f0}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {92155eee-0cd5-11df-8ccf-a4badb9e06f0}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=\Device\HarddiskVolume2
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {92155ef1-0cd5-11df-8ccf-a4badb9e06f0}
description Ramdisk Options
ramdisksdidevice partition=\Device\HarddiskVolume2
ramdisksdipath \Recovery\WindowsRE\boot.sdi


****** End Of Log ******

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:48 PM

Posted 31 July 2012 - 08:04 PM

looks better,

please run the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT

Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 mjporp70

mjporp70
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 31 July 2012 - 08:33 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-31 21:10:40
-----------------------------
21:10:40.459 OS Version: Windows x64 6.1.7601 Service Pack 1
21:10:40.459 Number of processors: 2 586 0x170A
21:10:40.459 ComputerName: MJ-LAPTOP UserName: Mike
21:10:42.394 Initialize success
21:13:49.174 AVAST engine defs: 12073102
21:14:01.966 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:14:01.966 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
21:14:01.981 Disk 0 MBR read successfully
21:14:01.997 Disk 0 MBR scan
21:14:01.997 Disk 0 Windows VISTA default MBR code
21:14:01.997 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:14:02.012 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
21:14:02.044 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30801920
21:14:02.059 Disk 0 scanning C:\Windows\system32\drivers
21:14:13.822 Service scanning
21:14:42.978 Modules scanning
21:14:42.978 Disk 0 trace - called modules:
21:14:43.056 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:14:43.072 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004456410]
21:14:43.087 3 CLASSPNP.SYS[fffff88001f9243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040b8050]
21:14:45.022 AVAST engine scan C:\Windows
21:14:49.124 AVAST engine scan C:\Windows\system32
21:18:07.760 AVAST engine scan C:\Windows\system32\drivers
21:18:41.955 AVAST engine scan C:\Users\Mike
21:26:50.704 AVAST engine scan C:\ProgramData
21:31:04.064 Scan finished successfully
21:31:16.076 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"
21:31:16.076 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"


Attached File  MBR.zip   572bytes   0 downloads




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users