Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

winrscmde


  • Please log in to reply
29 replies to this topic

#1 BigHornRam05

BigHornRam05

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 05 August 2012 - 09:38 AM

Hello People of BleepingComputer,

I recently bought a labtop for college, and i have recent been having spyware problems. I have Norton 360 for my antivirus program, and it works well exept for this little problem called "winrscmde", everynow and then (and sometimes more than others) Norton 360 will popup from the taskbar and informing me about proformance alert saying that winrscmde is causing high CPU usage and it will bog down my internet browser really bad. I have downloaded the free trial of another program called SpyDig, and when i scan my computer with SpyDig it tells me that i have 3 files that are suspicious but inorder to fix them i have to buy the full verion of SpyDig (they always do it), and my Norton 360 cant even find 1 suspicious file.

Also winrscmde is something that is launched by svchost.exe, and in my task manager i cant find it and shut it down, so any help you guys have on how i can fix this spyware issue would be greatly appreicated.

Thanks Kenneth


*Moderator Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 05 August 2012 - 10:08 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:58 PM

Posted 05 August 2012 - 01:02 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:58 AM

Posted 05 August 2012 - 01:04 PM

Hello and welcome. Remove SpyDig,we dont need to buy anything.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).


Now>>>

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.





Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 BigHornRam05

BigHornRam05
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 05 August 2012 - 02:57 PM

Ok Broni

Heres Security Check ------------------------------------------------------------------------------

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 32
Java version out of Date!
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

Heres FSS ---------------------------------------------------------------

Farbar Service Scanner Version: 04-08-2012 01
Ran by Kenneth (administrator) on 05-08-2012 at 14:47:58
Running from "C:\Users\Kenneth\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Heres Mini Tool Box Stuff ------------------------------------------------------------------------------

MiniToolBox by Farbar Version: 23-07-2012
Ran by Kenneth (administrator) on 05-08-2012 at 14:53:41
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8188CE 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Kenneth-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ckt.net

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : SWDLED01.COM
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : E4-11-5B-FB-BE-60
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : ckt.net
Description . . . . . . . . . . . : Realtek RTL8188CE 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : 74-DE-2B-AD-78-70
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3cd8:1095:607c:58c0%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.119(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, August 05, 2012 2:38:25 PM
Lease Expires . . . . . . . . . . : Monday, August 06, 2012 2:38:36 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 242540075
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-9B-C8-E0-74-DE-2B-AD-78-70
DNS Servers . . . . . . . . . . . : 216.49.224.10
216.49.224.11
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.ckt.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : ckt.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1891:2fff:3001:5abb(Preferred)
Link-local IPv6 Address . . . . . : fe80::1891:2fff:3001:5abb%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: girard1.ckt.net
Address: 216.49.224.10

Name: google.com
Addresses: 2607:f8b0:4000:801::1004
74.125.227.136
74.125.227.133
74.125.227.134
74.125.227.130
74.125.227.129
74.125.227.132
74.125.227.142
74.125.227.135
74.125.227.131
74.125.227.137
74.125.227.128


Pinging google.com [74.125.227.133] with 32 bytes of data:
Reply from 74.125.227.133: bytes=32 time=46ms TTL=52
Reply from 74.125.227.133: bytes=32 time=47ms TTL=52

Ping statistics for 74.125.227.133:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 46ms, Maximum = 47ms, Average = 46ms
Server: girard1.ckt.net
Address: 216.49.224.10

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=90ms TTL=49
Reply from 72.30.38.140: bytes=32 time=161ms TTL=49

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 90ms, Maximum = 161ms, Average = 125ms
Server: girard1.ckt.net
Address: 216.49.224.10

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...e4 11 5b fb be 60 ......Realtek PCIe FE Family Controller
11...74 de 2b ad 78 70 ......Realtek RTL8188CE 802.11b/g/n WiFi Adapter
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.119 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.119 281
192.168.1.119 255.255.255.255 On-link 192.168.1.119 281
192.168.1.255 255.255.255.255 On-link 192.168.1.119 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.119 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.119 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:1891:2fff:3001:5abb/128
On-link
11 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::1891:2fff:3001:5abb/128
On-link
11 281 fe80::3cd8:1095:607c:58c0/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/05/2012 02:38:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2012 11:20:06 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: mshtml.dll, version: 9.0.8112.16447, time stamp: 0x4fc9d776
Exception code: 0xc0000005
Fault offset: 0x0021d9dc
Faulting process id: 0xb8c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/05/2012 07:17:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2012 06:39:17 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: mshtml.dll, version: 9.0.8112.16447, time stamp: 0x4fc9d776
Exception code: 0xc0000005
Fault offset: 0x0021d9dc
Faulting process id: 0x8a0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/05/2012 06:19:35 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16447, time stamp: 0x4fc9cd53
Faulting module name: YontooIEClient.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ee16049
Exception code: 0xc0000005
Fault offset: 0x671ee701
Faulting process id: 0xc30
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/05/2012 06:12:31 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: MSHTML.dll, version: 9.0.8112.16447, time stamp: 0x4fc9d776
Exception code: 0xc0000005
Fault offset: 0x0021d9dc
Faulting process id: 0x1210
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/05/2012 06:09:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2012 05:50:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2012 08:04:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2012 04:52:20 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16447 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5a4

Start Time: 01cd7237722afc53

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: cbe01cf0-de2a-11e1-8553-e4115bfbbe60


System errors:
=============
Error: (08/05/2012 02:38:53 PM) (Source: Application Popup) (User: )
Description: \??\C:\Windows\SysWow64\drivers\RKHit.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/05/2012 02:38:28 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (08/05/2012 02:38:27 PM) (Source: Service Control Manager) (User: )
Description: The Hardlock service failed to start due to the following error:
%%577

Error: (08/05/2012 02:37:39 PM) (Source: sptd) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (08/05/2012 07:23:03 AM) (Source: Application Popup) (User: )
Description: \??\C:\Windows\SysWow64\drivers\RKHit.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/05/2012 07:16:42 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (08/05/2012 07:16:38 AM) (Source: Service Control Manager) (User: )
Description: The Hardlock service failed to start due to the following error:
%%577

Error: (08/05/2012 07:15:52 AM) (Source: sptd) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (08/05/2012 06:09:40 AM) (Source: Application Popup) (User: )
Description: \??\C:\Windows\SysWow64\drivers\RKHit.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/05/2012 06:09:00 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd


Microsoft Office Sessions:
=========================
Error: (08/05/2012 02:38:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2012 11:20:06 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5mshtml.dll9.0.8112.164474fc9d776c00000050021d9dcb8c01cd73150de78a1a\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\mshtml.dll2e30357a-df2a-11e1-b434-e4115bfbbe60

Error: (08/05/2012 07:17:50 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2012 06:39:17 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5mshtml.dll9.0.8112.164474fc9d776c00000050021d9dc8a001cd730c02fea5d4\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\mshtml.dllf381fc38-df02-11e1-a443-e4115bfbbe60

Error: (08/05/2012 06:19:35 AM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164474fc9cd53YontooIEClient.dll_unloaded0.0.0.04ee16049c0000005671ee701c3001cd730bf3a3f888C:\Program Files (x86)\Internet Explorer\iexplore.exeYontooIEClient.dll32f79a6f-df00-11e1-a443-e4115bfbbe60

Error: (08/05/2012 06:12:31 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5MSHTML.dll9.0.8112.164474fc9d776c00000050021d9dc121001cd730b9a8d9136\\.\globalroot\systemroot\svchost.exeC:\Windows\system32\MSHTML.dll360ea218-deff-11e1-a443-e4115bfbbe60

Error: (08/05/2012 06:09:35 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2012 05:50:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2012 08:04:47 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2012 04:52:20 AM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.164475a401cd7237722afc530C:\Program Files (x86)\Internet Explorer\iexplore.execbe01cf0-de2a-11e1-8553-e4115bfbbe60


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.3.300.270)
Adobe Reader X (10.1.3) MUI (Version: 10.1.3)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Adobe SVG Viewer 3.0 (Version: 3.0)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
ALLDATA for Windows (Version: 9.40.1007b)
Audacity 1.3.14 (Unicode)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
BitTorrentBar Toolbar (Version: 6.8.5.1)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.95)
Blio (Version: 2.2.6585)
Bounce Symphony (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Creative Removable Disk Manager
Creative ZEN Mozaic User's Guide
Creative ZEN Style Series Documentation
CyberLink YouCam (Version: 3.2.1.3726)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.2.0287)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's World Adventure (Version: 2.2.0.95)
Energy Star Digital Logo (Version: 1.0.1)
Escape Rosecliff Island (Version: 2.2.0.95)
ESU for Microsoft Windows 7 (Version: 1.0.0)
Farm Frenzy (Version: 2.2.0.95)
FATE (Version: 2.2.0.95)
Final Drive Nitro (Version: 2.2.0.95)
Google Earth (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.115)
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.0.12656.3472)
HP CloudDrive
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.0.0)
HP Games (Version: 1.0.1.5)
HP MovieStore (Version: 1.0.045)
HP MovieStore (Version: 2.0)
HP On Screen Display (Version: 1.3.5)
HP Power Manager (Version: 1.4.8)
HP Quick Launch (Version: 2.7.2)
HP Setup (Version: 8.6.4516.3597)
HP Setup Manager (Version: 1.1.13155.3599)
HP Software Framework (Version: 4.1.13.1)
HP Support Assistant (Version: 6.1.12.1)
HP Wireless Assistant (Version: 4.0.10.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2202)
Intel® Rapid Storage Technology (Version: 10.0.0.1046)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 22 (64-bit) (Version: 6.0.220)
Java™ 6 Update 32 (Version: 6.0.320)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Age of Empires
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery P.I. - The London Caper (Version: 2.2.0.95)
Need For Speed High Stakes
Norton 360 (Version: 6.2.1.5)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies (Version: 2.2.0.95)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Realtek Ethernet Controller Driver (Version: 7.42.304.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6287)
Realtek PCIE Card Reader (Version: 6.1.7600.77)
REALTEK Wireless LAN Driver (Version: 1.00.10.0416)
Recovery Manager (Version: 1.0.22)
RoxioNow Player (Version: 1.9.5.103)
Star Wars Galactic Battlegrounds: Saga
Star Wars JK II Jedi Outcast
Synaptics Pointing Device Driver (Version: 15.2.4.3)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Virtual Families (Version: 2.2.0.95)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
Wheel of Fortune 2 (Version: 2.2.0.95)
WildTangent Games App (HP Games) (Version: 4.0.5.32)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yontoo 1.10.02 (Version: 1.10.02)
Zuma Deluxe (Version: 2.2.0.95)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 3001.89 MB
Available physical RAM: 1696.73 MB
Total Pagefile: 6001.97 MB
Available Pagefile: 4271.61 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.9 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:284.21 GB) (Free:150.99 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:13.58 GB) (Free:1.69 GB) NTFS
4 Drive f: (GM2Q307) (CDROM) (Total:6.94 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\KENNETH-HP

Administrator Guest Kenneth


**** End of log ****


I will post the rest after i restart my computer

#5 BigHornRam05

BigHornRam05
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 05 August 2012 - 03:29 PM

Ok heres the rest of the stuff:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.05.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kenneth :: KENNETH-HP [administrator]

8/5/2012 3:01:32 PM
mbam-log-2012-08-05 (15-01-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196261
Time elapsed: 2 minute(s), 45 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4688 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Program Files (x86)\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)


I have to run guys, Thanks

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:58 PM

Posted 05 August 2012 - 05:15 PM

I still need aswMBR log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 BigHornRam05

BigHornRam05
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 05 August 2012 - 07:32 PM

Heres aswMBR Log:

swMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-05 18:56:39
-----------------------------
18:56:39.006 OS Version: Windows x64 6.1.7601 Service Pack 1
18:56:39.006 Number of processors: 2 586 0x170A
18:56:39.006 ComputerName: KENNETH-HP UserName: Kenneth
18:56:41.212 Initialize success
19:09:01.503 AVAST engine defs: 12080501
19:11:57.904 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:11:57.907 Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 3
19:11:57.910 Device \Driver\iaStor -> MajorFunction fffffa80056c85e8
19:11:57.913 Disk 0 MBR read successfully
19:11:57.916 Disk 0 MBR scan
19:11:57.923 Disk 0 Windows 7 default MBR code
19:11:57.927 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:11:57.949 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291033 MB offset 409600
19:11:57.987 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13908 MB offset 596445184
19:11:58.009 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
19:11:58.050 Disk 0 scanning C:\Windows\system32\drivers
19:12:13.665 Service scanning
19:12:53.594 Modules scanning
19:12:56.603 AVAST engine scan C:\Windows
19:12:59.625 AVAST engine scan C:\Windows\system32
19:17:03.052 AVAST engine scan C:\Windows\system32\drivers
19:17:23.907 AVAST engine scan C:\Users\Kenneth
19:20:39.492 AVAST engine scan C:\ProgramData
19:23:07.961 Scan finished successfully
19:27:59.136 Disk 0 MBR has been saved successfully to "C:\Users\Kenneth\Desktop\MBR.dat"
19:27:59.144 The log file has been saved successfully to "C:\Users\Kenneth\Desktop\aswMBR.txt"

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:58 PM

Posted 05 August 2012 - 07:34 PM

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 BigHornRam05

BigHornRam05
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 05 August 2012 - 07:52 PM

Heres TDSSKiller:

19:38:42.0279 5128 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:38:44.0359 5128 ============================================================
19:38:44.0359 5128 Current date / time: 2012/08/05 19:38:44.0359
19:38:44.0359 5128 SystemInfo:
19:38:44.0359 5128
19:38:44.0359 5128 OS Version: 6.1.7601 ServicePack: 1.0
19:38:44.0359 5128 Product type: Workstation
19:38:44.0359 5128 ComputerName: KENNETH-HP
19:38:44.0360 5128 UserName: Kenneth
19:38:44.0360 5128 Windows directory: C:\Windows
19:38:44.0360 5128 System windows directory: C:\Windows
19:38:44.0360 5128 Running under WOW64
19:38:44.0360 5128 Processor architecture: Intel x64
19:38:44.0360 5128 Number of processors: 2
19:38:44.0360 5128 Page size: 0x1000
19:38:44.0360 5128 Boot type: Normal boot
19:38:44.0360 5128 ============================================================
19:38:46.0835 5128 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:38:46.0865 5128 ============================================================
19:38:46.0865 5128 \Device\Harddisk0\DR0:
19:38:46.0870 5128 MBR partitions:
19:38:46.0870 5128 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
19:38:46.0870 5128 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x2386C800
19:38:46.0870 5128 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x238D0800, BlocksNum 0x1B2A000
19:38:46.0870 5128 ============================================================
19:38:46.0926 5128 C: <-> \Device\Harddisk0\DR0\Partition1
19:38:47.0076 5128 D: <-> \Device\Harddisk0\DR0\Partition2
19:38:47.0077 5128 ============================================================
19:38:47.0077 5128 Initialize success
19:38:47.0077 5128 ============================================================
19:40:53.0750 3440 ============================================================
19:40:53.0750 3440 Scan started
19:40:53.0750 3440 Mode: Manual; TDLFS;
19:40:53.0750 3440 ============================================================
19:40:57.0495 3440 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:40:59.0261 3440 1394ohci - ok
19:40:59.0368 3440 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:40:59.0373 3440 ACPI - ok
19:40:59.0408 3440 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:40:59.0409 3440 AcpiPmi - ok
19:40:59.0645 3440 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:40:59.0702 3440 AdobeARMservice - ok
19:40:59.0940 3440 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:40:59.0945 3440 AdobeFlashPlayerUpdateSvc - ok
19:41:00.0062 3440 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:41:00.0085 3440 adp94xx - ok
19:41:00.0149 3440 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:41:00.0153 3440 adpahci - ok
19:41:00.0245 3440 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:41:00.0267 3440 adpu320 - ok
19:41:00.0306 3440 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:41:00.0307 3440 AeLookupSvc - ok
19:41:00.0388 3440 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
19:41:00.0390 3440 AERTFilters - ok
19:41:00.0458 3440 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:41:00.0480 3440 AFD - ok
19:41:00.0520 3440 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:41:00.0522 3440 agp440 - ok
19:41:00.0559 3440 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:41:00.0561 3440 ALG - ok
19:41:00.0598 3440 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:41:00.0600 3440 aliide - ok
19:41:00.0623 3440 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:41:00.0625 3440 amdide - ok
19:41:00.0672 3440 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:41:00.0675 3440 AmdK8 - ok
19:41:00.0695 3440 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:41:00.0697 3440 AmdPPM - ok
19:41:00.0733 3440 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:41:00.0736 3440 amdsata - ok
19:41:00.0776 3440 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:41:00.0780 3440 amdsbs - ok
19:41:00.0804 3440 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:41:00.0806 3440 amdxata - ok
19:41:00.0852 3440 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:41:00.0854 3440 AppID - ok
19:41:00.0876 3440 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:41:00.0878 3440 AppIDSvc - ok
19:41:00.0916 3440 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:41:00.0918 3440 Appinfo - ok
19:41:00.0949 3440 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:41:00.0951 3440 arc - ok
19:41:00.0977 3440 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:41:00.0979 3440 arcsas - ok
19:41:01.0014 3440 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:41:01.0015 3440 AsyncMac - ok
19:41:01.0039 3440 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:41:01.0040 3440 atapi - ok
19:41:01.0118 3440 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:41:01.0126 3440 AudioEndpointBuilder - ok
19:41:01.0136 3440 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:41:01.0141 3440 AudioSrv - ok
19:41:01.0191 3440 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:41:01.0194 3440 AxInstSV - ok
19:41:01.0250 3440 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:41:01.0257 3440 b06bdrv - ok
19:41:01.0315 3440 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:41:01.0330 3440 b57nd60a - ok
19:41:01.0460 3440 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:41:01.0476 3440 BCM43XX - ok
19:41:01.0507 3440 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:41:01.0513 3440 BDESVC - ok
19:41:01.0566 3440 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:41:01.0567 3440 Beep - ok
19:41:01.0641 3440 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:41:01.0649 3440 BFE - ok
19:41:01.0870 3440 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
19:41:01.0884 3440 BHDrvx64 - ok
19:41:02.0040 3440 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:41:02.0066 3440 BITS - ok
19:41:02.0116 3440 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
19:41:02.0118 3440 blbdrive - ok
19:41:02.0153 3440 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:41:02.0155 3440 bowser - ok
19:41:02.0204 3440 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:41:02.0209 3440 BrFiltLo - ok
19:41:02.0290 3440 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:41:02.0292 3440 BrFiltUp - ok
19:41:02.0457 3440 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:41:02.0460 3440 Browser - ok
19:41:02.0569 3440 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:41:02.0588 3440 Brserid - ok
19:41:02.0658 3440 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:41:02.0660 3440 BrSerWdm - ok
19:41:02.0704 3440 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:41:02.0705 3440 BrUsbMdm - ok
19:41:02.0728 3440 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:41:02.0730 3440 BrUsbSer - ok
19:41:02.0757 3440 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:41:02.0759 3440 BTHMODEM - ok
19:41:02.0811 3440 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:41:02.0813 3440 bthserv - ok
19:41:02.0889 3440 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
19:41:02.0893 3440 ccSet_N360 - ok
19:41:02.0931 3440 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:41:02.0933 3440 cdfs - ok
19:41:02.0965 3440 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:41:02.0968 3440 cdrom - ok
19:41:03.0011 3440 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:41:03.0013 3440 CertPropSvc - ok
19:41:03.0052 3440 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:41:03.0053 3440 circlass - ok
19:41:03.0105 3440 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:41:03.0110 3440 CLFS - ok
19:41:03.0178 3440 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:41:03.0189 3440 clr_optimization_v2.0.50727_32 - ok
19:41:03.0230 3440 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:41:03.0260 3440 clr_optimization_v2.0.50727_64 - ok
19:41:03.0330 3440 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:41:03.0349 3440 clr_optimization_v4.0.30319_32 - ok
19:41:03.0403 3440 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:41:03.0406 3440 clr_optimization_v4.0.30319_64 - ok
19:41:03.0462 3440 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
19:41:03.0464 3440 clwvd - ok
19:41:03.0486 3440 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:41:03.0488 3440 CmBatt - ok
19:41:03.0510 3440 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:41:03.0511 3440 cmdide - ok
19:41:03.0588 3440 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
19:41:03.0595 3440 CNG - ok
19:41:03.0630 3440 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:41:03.0632 3440 Compbatt - ok
19:41:03.0651 3440 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:41:03.0653 3440 CompositeBus - ok
19:41:03.0661 3440 COMSysApp - ok
19:41:03.0682 3440 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:41:03.0684 3440 crcdisk - ok
19:41:03.0757 3440 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:41:03.0760 3440 CryptSvc - ok
19:41:03.0820 3440 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:41:03.0827 3440 DcomLaunch - ok
19:41:03.0870 3440 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:41:03.0875 3440 defragsvc - ok
19:41:03.0903 3440 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:41:03.0917 3440 DfsC - ok
19:41:03.0971 3440 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:41:03.0976 3440 Dhcp - ok
19:41:03.0996 3440 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:41:04.0006 3440 discache - ok
19:41:04.0069 3440 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:41:04.0071 3440 Disk - ok
19:41:04.0120 3440 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:41:04.0123 3440 Dnscache - ok
19:41:04.0155 3440 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:41:04.0177 3440 dot3svc - ok
19:41:04.0214 3440 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:41:04.0217 3440 DPS - ok
19:41:04.0329 3440 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:41:04.0333 3440 drmkaud - ok
19:41:04.0445 3440 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:41:04.0450 3440 dtsoftbus01 - ok
19:41:04.0537 3440 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:41:04.0548 3440 DXGKrnl - ok
19:41:04.0587 3440 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:41:04.0589 3440 EapHost - ok
19:41:04.0758 3440 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:41:04.0845 3440 ebdrv - ok
19:41:04.0952 3440 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:41:04.0958 3440 eeCtrl - ok
19:41:05.0071 3440 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:41:05.0073 3440 EFS - ok
19:41:05.0160 3440 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:41:05.0185 3440 ehRecvr - ok
19:41:05.0229 3440 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:41:05.0232 3440 ehSched - ok
19:41:05.0314 3440 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:41:05.0322 3440 elxstor - ok
19:41:05.0407 3440 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:41:05.0409 3440 EraserUtilRebootDrv - ok
19:41:05.0456 3440 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:41:05.0457 3440 ErrDev - ok
19:41:05.0540 3440 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:41:05.0546 3440 EventSystem - ok
19:41:05.0592 3440 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:41:05.0595 3440 exfat - ok
19:41:05.0618 3440 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:41:05.0622 3440 fastfat - ok
19:41:05.0694 3440 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:41:05.0703 3440 Fax - ok
19:41:05.0741 3440 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:41:05.0743 3440 fdc - ok
19:41:05.0775 3440 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:41:05.0776 3440 fdPHost - ok
19:41:05.0790 3440 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:41:05.0792 3440 FDResPub - ok
19:41:05.0846 3440 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:41:05.0848 3440 FileInfo - ok
19:41:05.0875 3440 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:41:05.0877 3440 Filetrace - ok
19:41:05.0909 3440 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:41:05.0911 3440 flpydisk - ok
19:41:05.0970 3440 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:41:05.0993 3440 FltMgr - ok
19:41:06.0076 3440 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:41:06.0091 3440 FontCache - ok
19:41:06.0144 3440 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:41:06.0159 3440 FontCache3.0.0.0 - ok
19:41:06.0267 3440 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:41:06.0269 3440 FsDepends - ok
19:41:06.0305 3440 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:41:06.0308 3440 Fs_Rec - ok
19:41:06.0418 3440 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:41:06.0422 3440 fvevol - ok
19:41:06.0501 3440 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:41:06.0503 3440 gagp30kx - ok
19:41:06.0731 3440 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:41:06.0765 3440 GamesAppService - ok
19:41:06.0840 3440 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:41:06.0849 3440 gpsvc - ok
19:41:06.0930 3440 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:41:06.0932 3440 gupdate - ok
19:41:06.0953 3440 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:41:06.0954 3440 gupdatem - ok
19:41:07.0031 3440 Hardlock (091582da724f54830012e3faaf2f1d1a) C:\Windows\system32\drivers\hardlock.sys
19:41:07.0035 3440 Hardlock - ok
19:41:07.0060 3440 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:41:07.0062 3440 hcw85cir - ok
19:41:07.0109 3440 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:41:07.0114 3440 HdAudAddService - ok
19:41:07.0156 3440 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:41:07.0176 3440 HDAudBus - ok
19:41:07.0204 3440 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:41:07.0206 3440 HidBatt - ok
19:41:07.0228 3440 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:41:07.0230 3440 HidBth - ok
19:41:07.0260 3440 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:41:07.0262 3440 HidIr - ok
19:41:07.0289 3440 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:41:07.0290 3440 hidserv - ok
19:41:07.0341 3440 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:41:07.0343 3440 HidUsb - ok
19:41:07.0380 3440 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:41:07.0382 3440 hkmsvc - ok
19:41:07.0406 3440 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:41:07.0409 3440 HomeGroupListener - ok
19:41:07.0449 3440 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:41:07.0453 3440 HomeGroupProvider - ok
19:41:07.0571 3440 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
19:41:07.0573 3440 HP Support Assistant Service - ok
19:41:07.0678 3440 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
19:41:07.0680 3440 HP Wireless Assistant Service - ok
19:41:07.0722 3440 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
19:41:07.0726 3440 HPClientSvc - ok
19:41:07.0773 3440 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
19:41:07.0777 3440 HPDrvMntSvc.exe - ok
19:41:07.0850 3440 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
19:41:07.0862 3440 hpqwmiex - ok
19:41:07.0984 3440 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:41:08.0001 3440 HpSAMD - ok
19:41:08.0104 3440 HPWMISVC (2bec76bdcd1bc080210325e7b5094834) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
19:41:08.0105 3440 HPWMISVC - ok
19:41:08.0158 3440 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:41:08.0167 3440 HTTP - ok
19:41:08.0177 3440 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:41:08.0179 3440 hwpolicy - ok
19:41:08.0234 3440 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:41:08.0236 3440 i8042prt - ok
19:41:08.0302 3440 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
19:41:08.0306 3440 iaStor - ok
19:41:08.0444 3440 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:41:08.0445 3440 IAStorDataMgrSvc - ok
19:41:08.0509 3440 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:41:08.0515 3440 iaStorV - ok
19:41:08.0710 3440 IconMan_R (e4693409d06785477a49fb34afae1b92) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
19:41:09.0194 3440 IconMan_R - ok
19:41:09.0353 3440 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:41:09.0397 3440 idsvc - ok
19:41:09.0653 3440 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120803.002\IDSvia64.sys
19:41:09.0661 3440 IDSVia64 - ok
19:41:10.0357 3440 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:41:10.0559 3440 igfx - ok
19:41:10.0712 3440 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:41:10.0714 3440 iirsp - ok
19:41:10.0783 3440 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:41:10.0795 3440 IKEEXT - ok
19:41:10.0953 3440 IntcAzAudAddService (336c3a6bf14d5a9af35af07c6b6b29cd) C:\Windows\system32\drivers\RTKVHD64.sys
19:41:10.0984 3440 IntcAzAudAddService - ok
19:41:11.0121 3440 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:41:11.0123 3440 intelide - ok
19:41:11.0156 3440 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:41:11.0159 3440 intelppm - ok
19:41:11.0196 3440 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:41:11.0198 3440 IPBusEnum - ok
19:41:11.0231 3440 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:41:11.0239 3440 IpFilterDriver - ok
19:41:11.0300 3440 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:41:11.0307 3440 iphlpsvc - ok
19:41:11.0331 3440 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:41:11.0333 3440 IPMIDRV - ok
19:41:11.0352 3440 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:41:11.0355 3440 IPNAT - ok
19:41:11.0392 3440 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:41:11.0394 3440 IRENUM - ok
19:41:11.0421 3440 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:41:11.0423 3440 isapnp - ok
19:41:11.0468 3440 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:41:11.0473 3440 iScsiPrt - ok
19:41:11.0496 3440 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:41:11.0498 3440 kbdclass - ok
19:41:11.0548 3440 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:41:11.0567 3440 kbdhid - ok
19:41:11.0605 3440 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:41:11.0607 3440 KeyIso - ok
19:41:11.0632 3440 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
19:41:11.0635 3440 KSecDD - ok
19:41:11.0656 3440 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
19:41:11.0665 3440 KSecPkg - ok
19:41:11.0686 3440 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:41:11.0696 3440 ksthunk - ok
19:41:11.0742 3440 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:41:11.0749 3440 KtmRm - ok
19:41:11.0829 3440 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:41:11.0833 3440 LanmanServer - ok
19:41:11.0854 3440 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:41:11.0858 3440 LanmanWorkstation - ok
19:41:11.0900 3440 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:41:11.0902 3440 lltdio - ok
19:41:11.0944 3440 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:41:11.0949 3440 lltdsvc - ok
19:41:11.0971 3440 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:41:11.0973 3440 lmhosts - ok
19:41:12.0013 3440 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:41:12.0016 3440 LSI_FC - ok
19:41:12.0043 3440 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:41:12.0046 3440 LSI_SAS - ok
19:41:12.0083 3440 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:41:12.0086 3440 LSI_SAS2 - ok
19:41:12.0116 3440 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:41:12.0119 3440 LSI_SCSI - ok
19:41:12.0159 3440 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:41:12.0162 3440 luafv - ok
19:41:12.0249 3440 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:41:12.0252 3440 Mcx2Svc - ok
19:41:12.0296 3440 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:41:12.0299 3440 megasas - ok
19:41:12.0379 3440 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:41:12.0384 3440 MegaSR - ok
19:41:12.0440 3440 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:41:12.0442 3440 MMCSS - ok
19:41:12.0481 3440 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:41:12.0483 3440 Modem - ok
19:41:12.0526 3440 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:41:12.0579 3440 monitor - ok
19:41:12.0678 3440 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:41:12.0680 3440 mouclass - ok
19:41:12.0724 3440 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:41:12.0727 3440 mouhid - ok
19:41:12.0854 3440 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:41:12.0857 3440 mountmgr - ok
19:41:12.0942 3440 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:41:12.0945 3440 mpio - ok
19:41:12.0997 3440 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:41:13.0000 3440 mpsdrv - ok
19:41:13.0066 3440 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:41:13.0081 3440 MpsSvc - ok
19:41:13.0109 3440 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:41:13.0113 3440 MRxDAV - ok
19:41:13.0144 3440 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:41:13.0147 3440 mrxsmb - ok
19:41:13.0177 3440 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:41:13.0182 3440 mrxsmb10 - ok
19:41:13.0213 3440 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:41:13.0216 3440 mrxsmb20 - ok
19:41:13.0242 3440 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:41:13.0244 3440 msahci - ok
19:41:13.0308 3440 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:41:13.0312 3440 msdsm - ok
19:41:13.0360 3440 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:41:13.0364 3440 MSDTC - ok
19:41:13.0401 3440 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:41:13.0434 3440 Msfs - ok
19:41:13.0456 3440 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:41:13.0468 3440 mshidkmdf - ok
19:41:13.0492 3440 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:41:13.0494 3440 msisadrv - ok
19:41:13.0551 3440 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:41:13.0555 3440 MSiSCSI - ok
19:41:13.0559 3440 msiserver - ok
19:41:13.0617 3440 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:41:13.0621 3440 MSKSSRV - ok
19:41:13.0649 3440 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:41:13.0651 3440 MSPCLOCK - ok
19:41:13.0667 3440 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:41:13.0668 3440 MSPQM - ok
19:41:13.0700 3440 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:41:13.0707 3440 MsRPC - ok
19:41:13.0742 3440 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:41:13.0744 3440 mssmbios - ok
19:41:13.0774 3440 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:41:13.0776 3440 MSTEE - ok
19:41:13.0817 3440 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:41:13.0818 3440 MTConfig - ok
19:41:13.0842 3440 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:41:13.0844 3440 Mup - ok
19:41:14.0022 3440 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
19:41:14.0024 3440 N360 - ok
19:41:14.0084 3440 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:41:14.0091 3440 napagent - ok
19:41:14.0154 3440 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:41:14.0164 3440 NativeWifiP - ok
19:41:14.0414 3440 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120804.009\ENG64.SYS
19:41:14.0418 3440 NAVENG - ok
19:41:14.0722 3440 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120804.009\EX64.SYS
19:41:14.0750 3440 NAVEX15 - ok
19:41:15.0007 3440 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:41:15.0020 3440 NDIS - ok
19:41:15.0056 3440 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:41:15.0058 3440 NdisCap - ok
19:41:15.0077 3440 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:41:15.0079 3440 NdisTapi - ok
19:41:15.0101 3440 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:41:15.0103 3440 Ndisuio - ok
19:41:15.0139 3440 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:41:15.0143 3440 NdisWan - ok
19:41:15.0159 3440 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:41:15.0161 3440 NDProxy - ok
19:41:15.0201 3440 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:41:15.0203 3440 NetBIOS - ok
19:41:15.0255 3440 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:41:15.0259 3440 NetBT - ok
19:41:15.0305 3440 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:41:15.0306 3440 Netlogon - ok
19:41:15.0387 3440 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:41:15.0393 3440 Netman - ok
19:41:15.0419 3440 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:41:15.0426 3440 netprofm - ok
19:41:15.0521 3440 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:41:15.0525 3440 NetTcpPortSharing - ok
19:41:15.0555 3440 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:41:15.0557 3440 nfrd960 - ok
19:41:15.0603 3440 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:41:15.0610 3440 NlaSvc - ok
19:41:15.0652 3440 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:41:15.0654 3440 Npfs - ok
19:41:15.0689 3440 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:41:15.0691 3440 nsi - ok
19:41:15.0715 3440 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:41:15.0717 3440 nsiproxy - ok
19:41:15.0844 3440 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:41:15.0910 3440 Ntfs - ok
19:41:16.0026 3440 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:41:16.0042 3440 Null - ok
19:41:16.0094 3440 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
19:41:16.0112 3440 NVENETFD - ok
19:41:16.0165 3440 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:41:16.0168 3440 nvraid - ok
19:41:16.0277 3440 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:41:16.0284 3440 nvstor - ok
19:41:16.0478 3440 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:41:16.0481 3440 nv_agp - ok
19:41:16.0540 3440 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:41:16.0574 3440 ohci1394 - ok
19:41:16.0937 3440 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:41:16.0942 3440 ose - ok
19:41:17.0375 3440 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:41:17.0522 3440 osppsvc - ok
19:41:17.0662 3440 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:41:17.0668 3440 p2pimsvc - ok
19:41:17.0709 3440 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:41:17.0717 3440 p2psvc - ok
19:41:17.0797 3440 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:41:17.0800 3440 Parport - ok
19:41:17.0827 3440 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:41:17.0830 3440 partmgr - ok
19:41:17.0861 3440 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:41:17.0866 3440 PcaSvc - ok
19:41:17.0907 3440 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:41:17.0920 3440 pci - ok
19:41:17.0947 3440 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:41:17.0949 3440 pciide - ok
19:41:17.0991 3440 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:41:17.0995 3440 pcmcia - ok
19:41:18.0025 3440 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:41:18.0026 3440 pcw - ok
19:41:18.0083 3440 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:41:18.0106 3440 PEAUTH - ok
19:41:18.0186 3440 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:41:18.0205 3440 PerfHost - ok
19:41:18.0376 3440 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:41:18.0396 3440 pla - ok
19:41:18.0526 3440 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:41:18.0533 3440 PlugPlay - ok
19:41:18.0569 3440 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:41:18.0572 3440 PNRPAutoReg - ok
19:41:18.0607 3440 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:41:18.0612 3440 PNRPsvc - ok
19:41:18.0695 3440 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:41:18.0703 3440 PolicyAgent - ok
19:41:18.0770 3440 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:41:18.0774 3440 Power - ok
19:41:18.0843 3440 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:41:18.0846 3440 PptpMiniport - ok
19:41:18.0874 3440 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:41:18.0876 3440 Processor - ok
19:41:18.0920 3440 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:41:18.0924 3440 ProfSvc - ok
19:41:18.0961 3440 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:41:18.0963 3440 ProtectedStorage - ok
19:41:19.0008 3440 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:41:19.0012 3440 Psched - ok
19:41:19.0161 3440 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:41:19.0181 3440 ql2300 - ok
19:41:19.0366 3440 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:41:19.0369 3440 ql40xx - ok
19:41:19.0422 3440 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:41:19.0428 3440 QWAVE - ok
19:41:19.0464 3440 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:41:19.0466 3440 QWAVEdrv - ok
19:41:19.0487 3440 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:41:19.0501 3440 RasAcd - ok
19:41:19.0534 3440 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:41:19.0546 3440 RasAgileVpn - ok
19:41:19.0574 3440 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:41:19.0577 3440 RasAuto - ok
19:41:19.0619 3440 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:41:19.0625 3440 Rasl2tp - ok
19:41:19.0672 3440 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:41:19.0679 3440 RasMan - ok
19:41:19.0719 3440 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:41:19.0721 3440 RasPppoe - ok
19:41:19.0774 3440 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:41:19.0776 3440 RasSstp - ok
19:41:19.0827 3440 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:41:19.0832 3440 rdbss - ok
19:41:19.0862 3440 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:41:19.0864 3440 rdpbus - ok
19:41:19.0892 3440 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:41:19.0894 3440 RDPCDD - ok
19:41:19.0932 3440 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:41:19.0933 3440 RDPENCDD - ok
19:41:19.0946 3440 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:41:19.0947 3440 RDPREFMP - ok
19:41:19.0987 3440 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:41:20.0003 3440 RDPWD - ok
19:41:20.0068 3440 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:41:20.0134 3440 rdyboost - ok
19:41:20.0186 3440 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:41:20.0189 3440 RemoteAccess - ok
19:41:20.0272 3440 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:41:20.0277 3440 RemoteRegistry - ok
19:41:20.0375 3440 RkHit - ok
19:41:20.0463 3440 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
19:41:20.0469 3440 RoxioNow Service - ok
19:41:20.0502 3440 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:41:20.0505 3440 RpcEptMapper - ok
19:41:20.0535 3440 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:41:20.0537 3440 RpcLocator - ok
19:41:20.0597 3440 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:41:20.0603 3440 RpcSs - ok
19:41:20.0717 3440 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
19:41:20.0722 3440 RSPCIESTOR - ok
19:41:20.0767 3440 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:41:20.0769 3440 rspndr - ok
19:41:20.0831 3440 RTL8167 (3372196f61af48503656ef6aa3e92d1b) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:41:20.0851 3440 RTL8167 - ok
19:41:20.0960 3440 RTL8192Ce (fa088015155c4c6dab5d1d9e68eb9d6b) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
19:41:20.0976 3440 RTL8192Ce - ok
19:41:21.0005 3440 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:41:21.0007 3440 SamSs - ok
19:41:21.0037 3440 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:41:21.0040 3440 sbp2port - ok
19:41:21.0075 3440 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:41:21.0080 3440 SCardSvr - ok
19:41:21.0106 3440 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:41:21.0109 3440 scfilter - ok
19:41:21.0199 3440 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:41:21.0214 3440 Schedule - ok
19:41:21.0255 3440 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:41:21.0256 3440 SCPolicySvc - ok
19:41:21.0296 3440 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
19:41:21.0298 3440 sdbus - ok
19:41:21.0335 3440 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:41:21.0339 3440 SDRSVC - ok
19:41:21.0359 3440 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:41:21.0362 3440 seclogon - ok
19:41:21.0384 3440 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:41:21.0387 3440 SENS - ok
19:41:21.0433 3440 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:41:21.0436 3440 SensrSvc - ok
19:41:21.0462 3440 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
19:41:21.0463 3440 Serenum - ok
19:41:21.0497 3440 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
19:41:21.0500 3440 Serial - ok
19:41:21.0517 3440 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:41:21.0518 3440 sermouse - ok
19:41:21.0567 3440 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:41:21.0571 3440 SessionEnv - ok
19:41:21.0591 3440 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:41:21.0595 3440 sffdisk - ok
19:41:21.0621 3440 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:41:21.0623 3440 sffp_mmc - ok
19:41:21.0639 3440 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:41:21.0641 3440 sffp_sd - ok
19:41:21.0673 3440 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:41:21.0675 3440 sfloppy - ok
19:41:21.0728 3440 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:41:21.0735 3440 SharedAccess - ok
19:41:21.0780 3440 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:41:21.0786 3440 ShellHWDetection - ok
19:41:21.0812 3440 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:41:21.0814 3440 SiSRaid2 - ok
19:41:21.0845 3440 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:41:21.0848 3440 SiSRaid4 - ok
19:41:21.0899 3440 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:41:21.0901 3440 Smb - ok
19:41:21.0939 3440 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:41:21.0942 3440 SNMPTRAP - ok
19:41:21.0978 3440 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:41:21.0980 3440 spldr - ok
19:41:22.0040 3440 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:41:22.0050 3440 Spooler - ok
19:41:22.0302 3440 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:41:22.0398 3440 sppsvc - ok
19:41:22.0572 3440 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:41:22.0575 3440 sppuinotify - ok
19:41:22.0681 3440 sptd (9ab59cf736981ed1f83c6ab5faa8ba5c) C:\Windows\system32\Drivers\sptd.sys
19:41:22.0692 3440 sptd - ok
19:41:22.0815 3440 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS
19:41:22.0825 3440 SRTSP - ok
19:41:22.0853 3440 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
19:41:22.0855 3440 SRTSPX - ok
19:41:22.0904 3440 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:41:22.0923 3440 srv - ok
19:41:22.0971 3440 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:41:22.0977 3440 srv2 - ok
19:41:23.0025 3440 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:41:23.0029 3440 SrvHsfHDA - ok
19:41:23.0124 3440 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:41:23.0142 3440 SrvHsfV92 - ok
19:41:23.0296 3440 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:41:23.0306 3440 SrvHsfWinac - ok
19:41:23.0342 3440 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:41:23.0358 3440 srvnet - ok
19:41:23.0398 3440 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:41:23.0402 3440 SSDPSRV - ok
19:41:23.0423 3440 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:41:23.0426 3440 SstpSvc - ok
19:41:23.0457 3440 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:41:23.0459 3440 stexstor - ok
19:41:23.0525 3440 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:41:23.0533 3440 stisvc - ok
19:41:23.0559 3440 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:41:23.0561 3440 swenum - ok
19:41:23.0621 3440 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:41:23.0629 3440 swprv - ok
19:41:23.0716 3440 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
19:41:23.0723 3440 SymDS - ok
19:41:23.0868 3440 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
19:41:23.0885 3440 SymEFA - ok
19:41:23.0977 3440 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:41:23.0981 3440 SymEvent - ok
19:41:24.0024 3440 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
19:41:24.0030 3440 SymIRON - ok
19:41:24.0090 3440 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS
19:41:24.0097 3440 SymNetS - ok
19:41:24.0189 3440 SynTP (ec4dca6539eb97376f1a1743d209d842) C:\Windows\system32\DRIVERS\SynTP.sys
19:41:24.0209 3440 SynTP - ok
19:41:24.0567 3440 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:41:24.0615 3440 SysMain - ok
19:41:24.0840 3440 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:41:24.0844 3440 TabletInputService - ok
19:41:24.0975 3440 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:41:24.0982 3440 TapiSrv - ok
19:41:25.0012 3440 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:41:25.0015 3440 TBS - ok
19:41:25.0242 3440 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:41:25.0265 3440 Tcpip - ok
19:41:25.0598 3440 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:41:25.0611 3440 TCPIP6 - ok
19:41:25.0737 3440 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:41:25.0756 3440 tcpipreg - ok
19:41:25.0771 3440 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:41:25.0783 3440 TDPIPE - ok
19:41:25.0841 3440 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:41:25.0843 3440 TDTCP - ok
19:41:25.0877 3440 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:41:25.0880 3440 tdx - ok
19:41:25.0905 3440 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:41:25.0908 3440 TermDD - ok
19:41:25.0968 3440 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:41:25.0978 3440 TermService - ok
19:41:25.0995 3440 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:41:25.0998 3440 Themes - ok
19:41:26.0016 3440 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:41:26.0018 3440 THREADORDER - ok
19:41:26.0047 3440 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:41:26.0051 3440 TrkWks - ok
19:41:26.0103 3440 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:41:26.0106 3440 TrustedInstaller - ok
19:41:26.0123 3440 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:41:26.0124 3440 tssecsrv - ok
19:41:26.0162 3440 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:41:26.0165 3440 TsUsbFlt - ok
19:41:26.0218 3440 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:41:26.0234 3440 TsUsbGD - ok
19:41:26.0309 3440 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:41:26.0312 3440 tunnel - ok
19:41:26.0364 3440 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:41:26.0366 3440 uagp35 - ok
19:41:26.0420 3440 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:41:26.0425 3440 udfs - ok
19:41:26.0487 3440 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:41:26.0490 3440 UI0Detect - ok
19:41:26.0535 3440 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:41:26.0537 3440 uliagpkx - ok
19:41:26.0623 3440 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:41:26.0625 3440 umbus - ok
19:41:26.0652 3440 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:41:26.0653 3440 UmPass - ok
19:41:26.0717 3440 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:41:26.0724 3440 upnphost - ok
19:41:26.0825 3440 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:41:26.0840 3440 usbccgp - ok
19:41:26.0910 3440 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:41:26.0913 3440 usbcir - ok
19:41:26.0943 3440 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:41:26.0945 3440 usbehci - ok
19:41:26.0998 3440 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:41:27.0005 3440 usbhub - ok
19:41:27.0037 3440 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:41:27.0041 3440 usbohci - ok
19:41:27.0086 3440 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:41:27.0088 3440 usbprint - ok
19:41:27.0120 3440 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:41:27.0123 3440 usbscan - ok
19:41:27.0155 3440 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:41:27.0157 3440 USBSTOR - ok
19:41:27.0180 3440 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
19:41:27.0182 3440 usbuhci - ok
19:41:27.0427 3440 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
19:41:27.0430 3440 usbvideo - ok
19:41:27.0463 3440 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:41:27.0466 3440 UxSms - ok
19:41:27.0492 3440 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:41:27.0494 3440 VaultSvc - ok
19:41:27.0520 3440 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:41:27.0522 3440 vdrvroot - ok
19:41:27.0574 3440 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:41:27.0583 3440 vds - ok
19:41:27.0620 3440 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:41:27.0622 3440 vga - ok
19:41:27.0644 3440 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:41:27.0646 3440 VgaSave - ok
19:41:27.0681 3440 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:41:27.0685 3440 vhdmp - ok
19:41:27.0716 3440 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:41:27.0718 3440 viaide - ok
19:41:27.0754 3440 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:41:27.0757 3440 volmgr - ok
19:41:27.0815 3440 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:41:27.0821 3440 volmgrx - ok
19:41:27.0892 3440 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:41:27.0897 3440 volsnap - ok
19:41:27.0932 3440 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:41:27.0936 3440 vsmraid - ok
19:41:28.0103 3440 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:41:28.0124 3440 VSS - ok
19:41:28.0271 3440 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:41:28.0272 3440 vwifibus - ok
19:41:28.0326 3440 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:41:28.0329 3440 vwififlt - ok
19:41:28.0428 3440 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:41:28.0434 3440 W32Time - ok
19:41:28.0464 3440 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:41:28.0466 3440 WacomPen - ok
19:41:28.0508 3440 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:41:28.0510 3440 WANARP - ok
19:41:28.0515 3440 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:41:28.0516 3440 Wanarpv6 - ok
19:41:28.0616 3440 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:41:28.0631 3440 WatAdminSvc - ok
19:41:28.0724 3440 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:41:28.0743 3440 wbengine - ok
19:41:28.0894 3440 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:41:28.0900 3440 WbioSrvc - ok
19:41:28.0950 3440 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:41:28.0978 3440 wcncsvc - ok
19:41:29.0015 3440 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:41:29.0018 3440 WcsPlugInService - ok
19:41:29.0061 3440 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:41:29.0063 3440 Wd - ok
19:41:29.0133 3440 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:41:29.0142 3440 Wdf01000 - ok
19:41:29.0165 3440 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:41:29.0168 3440 WdiServiceHost - ok
19:41:29.0173 3440 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:41:29.0177 3440 WdiSystemHost - ok
19:41:29.0223 3440 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:41:29.0228 3440 WebClient - ok
19:41:29.0248 3440 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:41:29.0253 3440 Wecsvc - ok
19:41:29.0268 3440 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:41:29.0271 3440 wercplsupport - ok
19:41:29.0329 3440 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:41:29.0332 3440 WerSvc - ok
19:41:29.0386 3440 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:41:29.0388 3440 WfpLwf - ok
19:41:29.0434 3440 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:41:29.0436 3440 WIMMount - ok
19:41:29.0472 3440 WinDefend - ok
19:41:29.0482 3440 WinHttpAutoProxySvc - ok
19:41:29.0548 3440 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:41:29.0552 3440 Winmgmt - ok
19:41:29.0674 3440 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:41:29.0698 3440 WinRM - ok
19:41:29.0905 3440 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:41:29.0908 3440 WinUsb - ok
19:41:30.0002 3440 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:41:30.0014 3440 Wlansvc - ok
19:41:30.0085 3440 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:41:30.0088 3440 wlcrasvc - ok
19:41:30.0271 3440 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:41:30.0303 3440 wlidsvc - ok
19:41:30.0532 3440 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:41:30.0534 3440 WmiAcpi - ok
19:41:30.0606 3440 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:41:30.0621 3440 wmiApSrv - ok
19:41:30.0686 3440 WMPNetworkSvc - ok
19:41:30.0719 3440 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:41:30.0725 3440 WPCSvc - ok
19:41:30.0746 3440 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:41:30.0750 3440 WPDBusEnum - ok
19:41:30.0784 3440 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:41:30.0794 3440 ws2ifsl - ok
19:41:30.0830 3440 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
19:41:30.0833 3440 wscsvc - ok
19:41:30.0838 3440 WSearch - ok
19:41:31.0045 3440 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:41:31.0074 3440 wuauserv - ok
19:41:31.0202 3440 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:41:31.0212 3440 WudfPf - ok
19:41:31.0269 3440 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:41:31.0273 3440 WUDFRd - ok
19:41:31.0302 3440 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:41:31.0305 3440 wudfsvc - ok
19:41:31.0330 3440 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:41:31.0335 3440 WwanSvc - ok
19:41:31.0365 3440 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:41:31.0414 3440 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
19:41:31.0414 3440 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
19:41:31.0451 3440 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:41:31.0451 3440 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:41:31.0456 3440 Boot (0x1200) (fbb06a58ea284d5e288783ab95e433ea) \Device\Harddisk0\DR0\Partition0
19:41:31.0461 3440 \Device\Harddisk0\DR0\Partition0 - ok
19:41:31.0497 3440 Boot (0x1200) (209c31f802055abe95109f1db49143dc) \Device\Harddisk0\DR0\Partition1
19:41:31.0499 3440 \Device\Harddisk0\DR0\Partition1 - ok
19:41:31.0535 3440 Boot (0x1200) (67e4f544d5228732f384859e1d956737) \Device\Harddisk0\DR0\Partition2
19:41:31.0536 3440 \Device\Harddisk0\DR0\Partition2 - ok
19:41:31.0541 3440 ============================================================
19:41:31.0542 3440 Scan finished
19:41:31.0542 3440 ============================================================
19:41:31.0564 4716 Detected object count: 2
19:41:31.0564 4716 Actual detected object count: 2
19:42:52.0327 4716 \Device\Harddisk0\DR0\# - copied to quarantine
19:42:52.0328 4716 \Device\Harddisk0\DR0 - copied to quarantine
19:42:52.0394 4716 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:42:52.0398 4716 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
19:42:52.0404 4716 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
19:42:52.0411 4716 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
19:42:52.0427 4716 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:42:52.0435 4716 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:42:52.0438 4716 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
19:42:52.0441 4716 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:42:52.0444 4716 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:42:52.0448 4716 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:42:52.0452 4716 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:42:52.0478 4716 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
19:42:52.0482 4716 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
19:42:52.0485 4716 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
19:42:52.0545 4716 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
19:42:52.0594 4716 \Device\Harddisk0\DR0 - ok
19:42:53.0466 4716 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
19:42:53.0467 4716 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:42:53.0467 4716 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:43:04.0949 2980 Deinitialize success

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:58 PM

Posted 05 August 2012 - 07:59 PM

Please post new MBAM log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 BigHornRam05

BigHornRam05
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 05 August 2012 - 08:30 PM

Please post new MBAM log.



which log was that, and do i redo the scan for it or just a repost..

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:58 PM

Posted 05 August 2012 - 08:32 PM

Malwarebytes. Update, run "quick scan" and post new log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 BigHornRam05

BigHornRam05
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 05 August 2012 - 10:18 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.06.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kenneth :: KENNETH-HP [administrator]

8/5/2012 10:09:46 PM
mbam-log-2012-08-05 (22-09-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196139
Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:58 PM

Posted 05 August 2012 - 11:33 PM

Please download the below tool named Rkill (courtesy of BleepingComputer.com) to your desktop.

There are 2 different versions. If one of them won't run then download and try to run the other one.

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 BigHornRam05

BigHornRam05
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 06 August 2012 - 06:42 AM

Rkill 2.1.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/06/2012 06:40:21 AM in x64 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Kenneth\Desktop\rkill-backup\rkill-08-06-2012-06-40-24.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/06/2012 06:40:39 AM
Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users