Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with svchost.exe*32 trojan "winrscmde"


  • This topic is locked This topic is locked
9 replies to this topic

#1 mefrancisco751

mefrancisco751

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 05 August 2012 - 07:06 PM

I would appreciate any help. I have no experience in computer technology. I have been running Norton 360 Premier and ran several scans, quick & full system. I even tried doing a Norton File Insight. It says it is trusted. It's probably because it is hiding behind an important system process? I'm not really sure. Usually, I would just go to Task Manager and end its process, but it will always come back a few minutes later. It brings up "hidden" advertisements that are only existent by sound and it slows down my CPU significantly, often ending in a blue screen. Any help? If any of you need information about my computer, go ahead and ask away. Again, I would really appreciate the help.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Owner at 23:39:31 on 2012-08-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.1976 [GMT -10:00]
.
AV: Norton 360 Premier Edition *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier Edition *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\BeTwinServiceVS.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.2.3\ccSvcHst.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.2.3\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe"C:\Users\Owner\AppData\Roaming\xsecva\xsecva.exe" -s,-s,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.2.3\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.2.3\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [p9pl8243235702090979438] \\?\globalroot\Device\HarddiskVolume3\Users\Owner\AppData\Local\Temp\p9pl8243235702090979438.tmp
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
uRun: [Apple] rundll32.exe "C:\Users\Owner\AppData\Local\Apple Computer\Apple\mibhoh.dll",CreateInstance
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [RDPClip] C:\Windows\system32\rdpclip.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
dRun: [Apple] rundll32.exe "C:\Users\Owner\AppData\Local\Apple Computer\Apple\mibhoh.dll",CreateInstance
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///D:/win/setup/iamce.dll
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 24.25.227.55 24.25.227.55 209.18.47.61
TCP: Interfaces\{E7EE35A5-B9A1-4DF4-AD53-680BC6D0BAC1} : DhcpNameServer = 24.25.227.55 24.25.227.55 209.18.47.61
TCP: Interfaces\{E7EE35A5-B9A1-4DF4-AD53-680BC6D0BAC1}\169797F6765647F66666D6168637869647 : DhcpNameServer = 192.168.2.1 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{E7EE35A5-B9A1-4DF4-AD53-680BC6D0BAC1}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{E7EE35A5-B9A1-4DF4-AD53-680BC6D0BAC1}\45F6373616 : DhcpNameServer = 192.168.2.254
TCP: Interfaces\{E7EE35A5-B9A1-4DF4-AD53-680BC6D0BAC1}\B45607160284F6573756 : DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{E7EE35A5-B9A1-4DF4-AD53-680BC6D0BAC1}\F475E45425D20534F5E4564777F627B6 : DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.2.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.2.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.2.3\coIEPlg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [RDPClip] C:\Windows\system32\rdpclip.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ca1zsw1h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|https://laulima.hawaii.edu/portal|https://myuh.hawaii.edu/cp/home/displaylogin
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\NetmarbleGlobal\GlbNMNPAPIPlugins\npGlbNMNPAPIUpdater.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nptgeqplugin.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\system32\npmproxy.dll
FF - plugin: C:\Windows\system32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [?]
R1 BeTwinSystem;BeTwinSystem;C:\Windows\system32\Drivers\BeTwinSystemVS.sys --> C:\Windows\system32\Drivers\BeTwinSystemVS.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-6-18 1161376]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120803.002\IDSviA64.sys [2012-8-3 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502020.003\SYMNETS.SYS [?]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 BeTwinService;BeTwin Terminal Services;System32\BeTwinServiceVS.exe --> System32\BeTwinServiceVS.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.2.3\ccsvchst.exe [2012-6-11 130008]
R3 BeTwinProxy;BeTwin Terminal Services Proxy;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 20992]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-2 138912]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RDPSSW32;RDPSSW32;C:\Windows\System32\RDPSSW32.EXE --> C:\Windows\System32\RDPSSW32.EXE [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-26 250056]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-6-7 21712]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-08-04 11:03:39 -------- d-----w- C:\Users\Owner\AppData\Local\ArmA 2 OA
2012-07-31 23:16:17 264 ----a-w- C:\Windows\SysWow64\winsusrm.dll
2012-07-31 23:16:17 120 ----a-w- C:\Windows\SysWow64\winsusrx.dll
2012-07-31 23:16:17 -------- d-----w- C:\ProgramData\ThinSoft
2012-07-31 03:53:04 -------- d-----w- C:\Users\Owner\AppData\Local\Macromedia
2012-07-31 01:27:42 -------- d-----w- C:\Users\Owner\AppData\Local\{10CC2CA1-DA91-11E1-8270-B8AC6F996F26}
2012-07-30 21:54:06 -------- d-----w- C:\Users\Owner\AppData\Local\{10CBFA53-DA91-11E1-8270-B8AC6F996F26}
2012-07-30 21:52:49 -------- d-----w- C:\Users\Owner\AppData\Roaming\xsecva
2012-07-26 13:56:56 210944 ----a-w- C:\Windows\System32\rdpclip.exe
2012-07-22 06:21:31 67584 ----a-w- C:\Windows\System32\Rdpssw32.exe
2012-07-22 06:21:31 46664 ----a-w- C:\Windows\System32\BeTwinScreenSaver.exe
2012-07-22 06:21:31 35640 ----a-w- C:\Windows\System32\drivers\BeTwinMF.sys
2012-07-22 06:21:31 35512 ----a-w- C:\Windows\System32\drivers\BeTwinKF.sys
2012-07-22 06:21:31 289864 ----a-w- C:\Windows\System32\BeTwinServiceVS.exe
2012-07-22 06:21:31 24120 ----a-w- C:\Windows\System32\drivers\BeTwinVF.sys
2012-07-22 06:21:31 22600 ----a-w- C:\Windows\System32\drivers\BeTwinSystemVS.sys
2012-07-22 06:21:30 249856 ----a-w- C:\Windows\System32\Slsapi.dll
2012-07-22 06:21:30 214080 ----a-w- C:\Windows\System32\BeTwinProxyVS.dll
2012-07-22 06:21:30 16696 ----a-w- C:\Windows\System32\BeTwinDD.dll
2012-07-22 06:21:30 151552 ----a-w- C:\Windows\System32\SlsApiEx.dll
2012-07-11 13:09:10 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2012-08-03 01:50:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 01:50:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-08 08:05:48 107832 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-06-08 08:05:35 2250024 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-06-08 07:01:02 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
2012-06-08 06:43:31 66872 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-03 01:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-03 01:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 23:41:33.42 ===============

Edited by mefrancisco751, 06 August 2012 - 04:49 AM.


BC AdBot (Login to Remove)

 


#2 mefrancisco751

mefrancisco751
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 06 August 2012 - 04:53 AM

I'm sorry, I did not read the posting rules beforehand and I should have. I tried editing my OP to attach my attach.txt file so here it is in this post. Again, I'm sorry.

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:49 AM

Posted 08 August 2012 - 08:14 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 mefrancisco751

mefrancisco751
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 10 August 2012 - 03:01 AM

I had to disable my security even when running Security Check as it would remove it. No problems otherwise other than "winrscmde" using high amounts of CPU. It would do the same, generating random ads running in the background (although not visible, the ads are still audible). I just severed my laptop's network connection during Security Check since I noticed that "winrscmde" would never run when I am not connected to the internet. I will post the Security Check log first, followed by Combofix's log.


Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Norton 360 Premier Edition
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox 10.0.2 Firefox out of Date!
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````





ComboFix 12-08-09.01 - Owner 08/09/2012 13:44:49.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.2271 [GMT -10:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\janet\AppData\Roaming\Mozilla\Firefox\Profiles\zt3rbm5y.default\extensions\{828c93f7-98e4-4ac8-9901-19a6ef4e16b8}
c:\users\janet\AppData\Roaming\Mozilla\Firefox\Profiles\zt3rbm5y.default\extensions\{828c93f7-98e4-4ac8-9901-19a6ef4e16b8}\chrome.manifest
c:\users\janet\AppData\Roaming\Mozilla\Firefox\Profiles\zt3rbm5y.default\extensions\{828c93f7-98e4-4ac8-9901-19a6ef4e16b8}\chrome\xulcache.jar
c:\users\janet\AppData\Roaming\Mozilla\Firefox\Profiles\zt3rbm5y.default\extensions\{828c93f7-98e4-4ac8-9901-19a6ef4e16b8}\defaults\preferences\xulcache.js
c:\users\janet\AppData\Roaming\Mozilla\Firefox\Profiles\zt3rbm5y.default\extensions\{828c93f7-98e4-4ac8-9901-19a6ef4e16b8}\install.rdf
c:\users\Owner\AppData\Roaming\app
c:\users\Owner\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Owner\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ca1zsw1h.default\extensions\{828c93f7-98e4-4ac8-9901-19a6ef4e16b8}
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ca1zsw1h.default\extensions\{828c93f7-98e4-4ac8-9901-19a6ef4e16b8}\chrome.manifest
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ca1zsw1h.default\extensions\{828c93f7-98e4-4ac8-9901-19a6ef4e16b8}\chrome\xulcache.jar
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ca1zsw1h.default\extensions\{828c93f7-98e4-4ac8-9901-19a6ef4e16b8}\defaults\preferences\xulcache.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ca1zsw1h.default\extensions\{828c93f7-98e4-4ac8-9901-19a6ef4e16b8}\install.rdf
c:\windows\Installer\{226665ff-17f4-becc-6403-1e07e0bffa81}\@
c:\windows\Installer\{226665ff-17f4-becc-6403-1e07e0bffa81}\L\00000004.@
c:\windows\Installer\{226665ff-17f4-becc-6403-1e07e0bffa81}\L\201d3dde
c:\windows\Installer\{226665ff-17f4-becc-6403-1e07e0bffa81}\U\00000008.@
c:\windows\iun6002.exe
c:\windows\svchost.exe
c:\windows\SysWow64\winsusrm.dll
c:\windows\SysWow64\winsusrx.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 01:49 . 2012-08-10 01:49 -------- d-----w- c:\users\janet\AppData\Local\temp
2012-08-10 01:49 . 2012-08-10 01:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 11:03 . 2012-08-04 11:04 -------- d-----w- c:\users\Owner\AppData\Local\ArmA 2 OA
2012-08-03 03:26 . 2012-08-04 10:44 -------- d-----w- c:\users\Default\AppData\Local\NPE
2012-08-01 12:36 . 2012-08-01 12:36 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-07-31 23:16 . 2012-07-31 23:16 -------- d-----w- c:\programdata\ThinSoft
2012-07-31 03:53 . 2012-07-31 03:53 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia
2012-07-31 01:27 . 2012-07-31 01:27 -------- d-----w- c:\users\Owner\AppData\Local\{10CC2CA1-DA91-11E1-8270-B8AC6F996F26}
2012-07-30 21:54 . 2012-07-30 21:54 -------- d-----w- c:\users\Owner\AppData\Local\{10CBFA53-DA91-11E1-8270-B8AC6F996F26}
2012-07-30 21:52 . 2012-08-02 06:27 -------- d-----w- c:\users\Owner\AppData\Roaming\xsecva
2012-07-26 13:56 . 2010-11-20 04:25 210944 ----a-w- c:\windows\system32\rdpclip.exe
2012-07-22 06:21 . 2012-07-22 06:21 67584 ----a-w- c:\windows\system32\Rdpssw32.exe
2012-07-22 06:21 . 2012-07-22 06:21 46664 ----a-w- c:\windows\system32\BeTwinScreenSaver.exe
2012-07-22 06:21 . 2012-07-22 06:21 35640 ----a-w- c:\windows\system32\drivers\BeTwinMF.sys
2012-07-22 06:21 . 2012-07-22 06:21 35512 ----a-w- c:\windows\system32\drivers\BeTwinKF.sys
2012-07-22 06:21 . 2012-07-22 06:21 289864 ----a-w- c:\windows\system32\BeTwinServiceVS.exe
2012-07-22 06:21 . 2012-07-22 06:21 24120 ----a-w- c:\windows\system32\drivers\BeTwinVF.sys
2012-07-22 06:21 . 2012-07-22 06:21 22600 ----a-w- c:\windows\system32\drivers\BeTwinSystemVS.sys
2012-07-22 06:21 . 2012-07-22 06:21 249856 ----a-w- c:\windows\system32\Slsapi.dll
2012-07-22 06:21 . 2012-07-22 06:21 214080 ----a-w- c:\windows\system32\BeTwinProxyVS.dll
2012-07-22 06:21 . 2012-07-22 06:21 16696 ----a-w- c:\windows\system32\BeTwinDD.dll
2012-07-22 06:21 . 2012-07-22 06:21 151552 ----a-w- c:\windows\system32\SlsApiEx.dll
2012-07-11 13:09 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 01:50 . 2012-04-26 11:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 01:50 . 2011-05-18 23:56 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 13:03 . 2009-12-05 05:41 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-08 08:05 . 2012-06-08 06:43 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-08 08:05 . 2012-06-08 06:43 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-06-08 07:01 . 2012-06-08 07:01 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2012-06-08 06:43 . 2012-06-08 06:43 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-06-03 01:19 . 2012-06-22 09:59 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-03 01:15 . 2012-06-22 09:59 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:19 . 2012-06-22 10:00 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 10:00 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 10:00 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 10:00 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 10:00 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 10:00 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 10:00 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-15 04:01 . 2012-06-15 01:19 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-15 01:19 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-15 01:19 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"p9pl8243235702090979438"="\\?\globalroot\Device\HarddiskVolume3\Users\Owner\AppData\Local\Temp\p9pl8243235702090979438.tmp" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-19 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2011-10-2 405504]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 SMR300;Symantec SMR Utility Service 3.0.0;c:\windows\System32\drivers\SMR300.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
R2 RDPSSW32;RDPSSW32;c:\windows\System32\RDPSSW32.EXE [2012-07-22 67584]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-06-08 21712]
R3 dump_wmimmc;dump_wmimmc;c:\ntreev\grand chase\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [2009-05-14 5435904]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-26 43032]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-04 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 X6va003;X6va003;c:\users\Owner\AppData\Local\Temp\003C34.tmp [x]
R3 X6va005;X6va005;c:\users\Owner\AppData\Local\Temp\0054AF7.tmp [x]
R3 X6va006;X6va006;c:\users\Owner\AppData\Local\Temp\006EBF9.tmp [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BeTwinSystem;BeTwinSystem;c:\windows\system32\Drivers\BeTwinSystemVS.sys [2012-07-22 22600]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120804.001\BHDrvx64.sys [2012-06-19 1161376]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120808.001\IDSvia64.sys [2012-08-02 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 BeTwinService;BeTwin Terminal Services;c:\windows\system32\BeTwinServiceVS.exe [2012-07-22 289864]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]
S3 BeTwinProxy;BeTwin Terminal Services Proxy;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 145408]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-04 8604672]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 01:50]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-657254428-2690101856-4047778501-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-09 08:45]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-657254428-2690101856-4047778501-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-09 08:45]
.
2012-07-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-10 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
BeTwinProxy
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 24.25.227.55 24.25.227.55 209.18.47.61
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///D:/win/setup/iamce.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ca1zsw1h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|https://laulima.hawaii.edu/portal|https://myuh.hawaii.edu/cp/home/displaylogin
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Badoo Desktop - c:\programdata\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Wow6432Node-HKLM-Run-RDPClip - c:\windows\system32\rdpclip.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-wmsus - c:\users\Owner\AppData\Roaming\wmsus.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Owner\AppData\Local\Temp\003C34.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Owner\AppData\Local\Temp\0054AF7.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Owner\AppData\Local\Temp\006EBF9.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-08-09 17:15:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-10 03:15
.
Pre-Run: 18,319,945,728 bytes free
Post-Run: 17,789,517,824 bytes free
.
- - End Of File - - DA91BB6454E489FD571B32C47064D1C6

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:49 AM

Posted 10 August 2012 - 03:56 AM

Greetings

I want you to run these next,
tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 mefrancisco751

mefrancisco751
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 13 August 2012 - 05:27 AM

23:08:11.0843 4384 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
23:08:12.0907 4384 ============================================================
23:08:12.0907 4384 Current date / time: 2012/08/12 23:08:12.0907
23:08:12.0907 4384 SystemInfo:
23:08:12.0907 4384
23:08:12.0907 4384 OS Version: 6.1.7601 ServicePack: 1.0
23:08:12.0907 4384 Product type: Workstation
23:08:12.0908 4384 ComputerName: OWNER-PC
23:08:12.0908 4384 UserName: Owner
23:08:12.0908 4384 Windows directory: C:\Windows
23:08:12.0908 4384 System windows directory: C:\Windows
23:08:12.0908 4384 Running under WOW64
23:08:12.0908 4384 Processor architecture: Intel x64
23:08:12.0908 4384 Number of processors: 2
23:08:12.0908 4384 Page size: 0x1000
23:08:12.0908 4384 Boot type: Normal boot
23:08:12.0908 4384 ============================================================
23:08:14.0705 4384 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:08:14.0718 4384 ============================================================
23:08:14.0719 4384 \Device\Harddisk0\DR0:
23:08:14.0719 4384 MBR partitions:
23:08:14.0719 4384 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
23:08:14.0719 4384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B
23:08:14.0719 4384 ============================================================
23:08:14.0756 4384 C: <-> \Device\Harddisk0\DR0\Partition1
23:08:14.0757 4384 ============================================================
23:08:14.0757 4384 Initialize success
23:08:14.0757 4384 ============================================================
23:08:17.0361 1700 ============================================================
23:08:17.0361 1700 Scan started
23:08:17.0361 1700 Mode: Manual;
23:08:17.0361 1700 ============================================================
23:08:19.0644 1700 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:08:19.0702 1700 1394ohci - ok
23:08:19.0794 1700 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:08:19.0800 1700 ACPI - ok
23:08:19.0865 1700 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:08:19.0868 1700 AcpiPmi - ok
23:08:20.0047 1700 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:08:20.0053 1700 AdobeARMservice - ok
23:08:20.0248 1700 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:08:20.0326 1700 AdobeFlashPlayerUpdateSvc - ok
23:08:20.0420 1700 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:08:20.0464 1700 adp94xx - ok
23:08:20.0563 1700 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:08:20.0570 1700 adpahci - ok
23:08:20.0595 1700 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:08:20.0609 1700 adpu320 - ok
23:08:20.0638 1700 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:08:20.0639 1700 AeLookupSvc - ok
23:08:20.0753 1700 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:08:20.0761 1700 AFD - ok
23:08:20.0837 1700 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:08:20.0843 1700 agp440 - ok
23:08:20.0869 1700 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:08:20.0892 1700 ALG - ok
23:08:20.0934 1700 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:08:20.0960 1700 aliide - ok
23:08:20.0966 1700 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:08:20.0969 1700 amdide - ok
23:08:21.0022 1700 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:08:21.0028 1700 AmdK8 - ok
23:08:21.0045 1700 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:08:21.0052 1700 AmdPPM - ok
23:08:21.0130 1700 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:08:21.0177 1700 amdsata - ok
23:08:21.0205 1700 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:08:21.0213 1700 amdsbs - ok
23:08:21.0229 1700 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:08:21.0231 1700 amdxata - ok
23:08:21.0317 1700 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:08:21.0367 1700 AppID - ok
23:08:21.0389 1700 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:08:21.0417 1700 AppIDSvc - ok
23:08:21.0517 1700 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:08:21.0522 1700 Appinfo - ok
23:08:21.0592 1700 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:08:21.0595 1700 Apple Mobile Device - ok
23:08:21.0666 1700 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:08:21.0681 1700 arc - ok
23:08:21.0700 1700 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:08:21.0703 1700 arcsas - ok
23:08:21.0880 1700 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:08:21.0915 1700 aspnet_state - ok
23:08:21.0949 1700 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:08:21.0952 1700 AsyncMac - ok
23:08:22.0005 1700 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:08:22.0006 1700 atapi - ok
23:08:22.0141 1700 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:08:22.0156 1700 AudioEndpointBuilder - ok
23:08:22.0168 1700 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:08:22.0175 1700 AudioSrv - ok
23:08:22.0280 1700 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:08:22.0315 1700 AxInstSV - ok
23:08:22.0405 1700 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:08:22.0454 1700 b06bdrv - ok
23:08:22.0560 1700 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:08:22.0615 1700 b57nd60a - ok
23:08:22.0652 1700 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:08:22.0711 1700 BDESVC - ok
23:08:22.0741 1700 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:08:22.0744 1700 Beep - ok
23:08:22.0825 1700 BeTwinProxy (20f9570285e6ac8dcc12ffc28e5a6abd) C:\Windows\System32\BeTwinProxyVS.dll
23:08:22.0861 1700 BeTwinProxy - ok
23:08:22.0943 1700 BeTwinService (c190a4c260f9f293be87b22e02ca1e2d) C:\Windows\system32\BeTwinServiceVS.exe
23:08:22.0968 1700 BeTwinService - ok
23:08:23.0031 1700 BeTwinSystem (3f62575213319098ba8522ea6575b0a3) C:\Windows\system32\Drivers\BeTwinSystemVS.sys
23:08:23.0070 1700 BeTwinSystem - ok
23:08:23.0164 1700 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:08:23.0179 1700 BFE - ok
23:08:23.0482 1700 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120804.001\BHDrvx64.sys
23:08:23.0523 1700 BHDrvx64 - ok
23:08:23.0695 1700 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:08:23.0697 1700 blbdrive - ok
23:08:23.0786 1700 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:08:23.0806 1700 Bonjour Service - ok
23:08:23.0869 1700 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:08:23.0872 1700 bowser - ok
23:08:23.0905 1700 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:08:23.0908 1700 BrFiltLo - ok
23:08:23.0921 1700 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:08:23.0923 1700 BrFiltUp - ok
23:08:23.0986 1700 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:08:24.0002 1700 BridgeMP - ok
23:08:24.0066 1700 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:08:24.0099 1700 Browser - ok
23:08:24.0137 1700 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:08:24.0150 1700 Brserid - ok
23:08:24.0174 1700 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:08:24.0181 1700 BrSerWdm - ok
23:08:24.0188 1700 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:08:24.0191 1700 BrUsbMdm - ok
23:08:24.0207 1700 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:08:24.0210 1700 BrUsbSer - ok
23:08:24.0231 1700 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:08:24.0233 1700 BTHMODEM - ok
23:08:24.0262 1700 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:08:24.0310 1700 bthserv - ok
23:08:24.0371 1700 catchme - ok
23:08:24.0405 1700 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:08:24.0420 1700 cdfs - ok
23:08:24.0552 1700 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:08:24.0563 1700 cdrom - ok
23:08:24.0631 1700 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:08:24.0646 1700 CertPropSvc - ok
23:08:24.0669 1700 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:08:24.0676 1700 circlass - ok
23:08:24.0736 1700 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:08:24.0743 1700 CLFS - ok
23:08:24.0823 1700 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:08:24.0885 1700 clr_optimization_v2.0.50727_32 - ok
23:08:24.0941 1700 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:08:24.0958 1700 clr_optimization_v2.0.50727_64 - ok
23:08:25.0122 1700 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:08:25.0169 1700 clr_optimization_v4.0.30319_32 - ok
23:08:25.0263 1700 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:08:25.0274 1700 clr_optimization_v4.0.30319_64 - ok
23:08:25.0307 1700 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:08:25.0310 1700 CmBatt - ok
23:08:25.0361 1700 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:08:25.0406 1700 cmdide - ok
23:08:25.0500 1700 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
23:08:25.0508 1700 CNG - ok
23:08:25.0539 1700 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:08:25.0541 1700 Compbatt - ok
23:08:25.0609 1700 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:08:25.0631 1700 CompositeBus - ok
23:08:25.0655 1700 COMSysApp - ok
23:08:25.0674 1700 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:08:25.0677 1700 crcdisk - ok
23:08:25.0748 1700 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
23:08:25.0755 1700 CryptSvc - ok
23:08:25.0823 1700 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
23:08:25.0876 1700 CtClsFlt - ok
23:08:25.0994 1700 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:08:26.0004 1700 DcomLaunch - ok
23:08:26.0085 1700 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:08:26.0095 1700 defragsvc - ok
23:08:26.0158 1700 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:08:26.0161 1700 DfsC - ok
23:08:26.0256 1700 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:08:26.0275 1700 Dhcp - ok
23:08:26.0304 1700 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:08:26.0306 1700 discache - ok
23:08:26.0327 1700 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:08:26.0330 1700 Disk - ok
23:08:26.0412 1700 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:08:26.0441 1700 Dnscache - ok
23:08:26.0564 1700 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
23:08:26.0574 1700 DockLoginService - ok
23:08:26.0661 1700 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:08:26.0708 1700 dot3svc - ok
23:08:26.0784 1700 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:08:26.0793 1700 DPS - ok
23:08:26.0823 1700 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:08:26.0825 1700 drmkaud - ok
23:08:26.0991 1700 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
23:08:27.0027 1700 DrvAgent64 - ok
23:08:27.0075 1700 dump_wmimmc - ok
23:08:27.0235 1700 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:08:27.0307 1700 DXGKrnl - ok
23:08:27.0341 1700 EagleX64 - ok
23:08:27.0395 1700 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:08:27.0410 1700 EapHost - ok
23:08:27.0759 1700 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:08:27.0820 1700 ebdrv - ok
23:08:27.0994 1700 eeCtrl (4353ff94d47a0a9d52b89eccf0cdb013) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
23:08:28.0040 1700 eeCtrl - ok
23:08:28.0195 1700 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:08:28.0199 1700 EFS - ok
23:08:28.0376 1700 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:08:28.0433 1700 ehRecvr - ok
23:08:28.0469 1700 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:08:28.0514 1700 ehSched - ok
23:08:28.0659 1700 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:08:28.0676 1700 elxstor - ok
23:08:28.0858 1700 EraserUtilDrv11220 (c5bccb378d0a896304a3e71be7215983) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys
23:08:28.0861 1700 EraserUtilDrv11220 - ok
23:08:28.0911 1700 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:08:28.0914 1700 ErrDev - ok
23:08:28.0982 1700 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:08:28.0994 1700 EventSystem - ok
23:08:29.0036 1700 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:08:29.0053 1700 exfat - ok
23:08:29.0083 1700 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:08:29.0087 1700 fastfat - ok
23:08:29.0225 1700 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:08:29.0247 1700 Fax - ok
23:08:29.0276 1700 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:08:29.0279 1700 fdc - ok
23:08:29.0306 1700 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:08:29.0309 1700 fdPHost - ok
23:08:29.0327 1700 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:08:29.0331 1700 FDResPub - ok
23:08:29.0346 1700 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:08:29.0348 1700 FileInfo - ok
23:08:29.0364 1700 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:08:29.0368 1700 Filetrace - ok
23:08:29.0389 1700 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:08:29.0391 1700 flpydisk - ok
23:08:29.0472 1700 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:08:29.0477 1700 FltMgr - ok
23:08:29.0660 1700 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:08:29.0683 1700 FontCache - ok
23:08:29.0779 1700 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:08:29.0782 1700 FontCache3.0.0.0 - ok
23:08:29.0849 1700 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:08:29.0856 1700 FsDepends - ok
23:08:29.0915 1700 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:08:29.0946 1700 Fs_Rec - ok
23:08:30.0051 1700 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:08:30.0056 1700 fvevol - ok
23:08:30.0087 1700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:08:30.0115 1700 gagp30kx - ok
23:08:30.0160 1700 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:08:30.0206 1700 GEARAspiWDM - ok
23:08:30.0273 1700 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
23:08:30.0304 1700 GoToAssist - ok
23:08:30.0417 1700 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:08:30.0429 1700 gpsvc - ok
23:08:30.0460 1700 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:08:30.0462 1700 hcw85cir - ok
23:08:30.0540 1700 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:08:30.0608 1700 HDAudBus - ok
23:08:30.0625 1700 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:08:30.0628 1700 HidBatt - ok
23:08:30.0650 1700 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:08:30.0675 1700 HidBth - ok
23:08:30.0699 1700 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:08:30.0702 1700 HidIr - ok
23:08:30.0729 1700 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:08:30.0732 1700 hidserv - ok
23:08:30.0822 1700 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:08:30.0848 1700 HidUsb - ok
23:08:30.0889 1700 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:08:30.0905 1700 hkmsvc - ok
23:08:30.0974 1700 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:08:30.0988 1700 HomeGroupListener - ok
23:08:31.0053 1700 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:08:31.0061 1700 HomeGroupProvider - ok
23:08:31.0142 1700 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:08:31.0167 1700 HpSAMD - ok
23:08:31.0298 1700 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:08:31.0310 1700 HTTP - ok
23:08:31.0373 1700 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:08:31.0375 1700 hwpolicy - ok
23:08:31.0458 1700 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:08:31.0474 1700 i8042prt - ok
23:08:31.0592 1700 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:08:31.0623 1700 iaStorV - ok
23:08:31.0809 1700 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:08:31.0836 1700 idsvc - ok
23:08:32.0123 1700 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120810.001\IDSvia64.sys
23:08:32.0157 1700 IDSVia64 - ok
23:08:33.0278 1700 igfx (4eaa4261e1ad4b860657cada790b9b38) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:08:33.0519 1700 igfx - ok
23:08:33.0679 1700 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:08:33.0683 1700 iirsp - ok
23:08:33.0835 1700 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:08:33.0863 1700 IKEEXT - ok
23:08:33.0947 1700 IntcHdmiAddService (b014ce58f0a8048d3924ba8d5ccbc5f1) C:\Windows\system32\drivers\IntcHdmi.sys
23:08:34.0002 1700 IntcHdmiAddService - ok
23:08:34.0071 1700 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:08:34.0097 1700 intelide - ok
23:08:34.0172 1700 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:08:34.0198 1700 intelppm - ok
23:08:34.0380 1700 IntuitUpdateService (7bdb4e00e1cb174b56e5b2c31dde68a7) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
23:08:34.0383 1700 IntuitUpdateService - ok
23:08:34.0427 1700 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:08:34.0441 1700 IPBusEnum - ok
23:08:34.0517 1700 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:08:34.0565 1700 IpFilterDriver - ok
23:08:34.0720 1700 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:08:34.0767 1700 iphlpsvc - ok
23:08:34.0826 1700 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:08:34.0876 1700 IPMIDRV - ok
23:08:34.0918 1700 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:08:34.0930 1700 IPNAT - ok
23:08:35.0105 1700 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
23:08:35.0141 1700 iPod Service - ok
23:08:35.0179 1700 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:08:35.0182 1700 IRENUM - ok
23:08:35.0257 1700 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:08:35.0259 1700 isapnp - ok
23:08:35.0341 1700 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:08:35.0419 1700 iScsiPrt - ok
23:08:35.0529 1700 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys
23:08:35.0541 1700 k57nd60a - ok
23:08:35.0558 1700 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:08:35.0581 1700 kbdclass - ok
23:08:35.0630 1700 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:08:35.0660 1700 kbdhid - ok
23:08:35.0706 1700 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:08:35.0708 1700 KeyIso - ok
23:08:35.0794 1700 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
23:08:35.0797 1700 KSecDD - ok
23:08:35.0881 1700 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
23:08:35.0886 1700 KSecPkg - ok
23:08:35.0915 1700 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:08:35.0918 1700 ksthunk - ok
23:08:35.0993 1700 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:08:36.0061 1700 KtmRm - ok
23:08:36.0168 1700 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
23:08:36.0182 1700 LanmanServer - ok
23:08:36.0257 1700 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:08:36.0304 1700 LanmanWorkstation - ok
23:08:36.0368 1700 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:08:36.0376 1700 lltdio - ok
23:08:36.0451 1700 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:08:36.0502 1700 lltdsvc - ok
23:08:36.0543 1700 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:08:36.0547 1700 lmhosts - ok
23:08:36.0590 1700 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:08:36.0606 1700 LSI_FC - ok
23:08:36.0625 1700 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:08:36.0629 1700 LSI_SAS - ok
23:08:36.0652 1700 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:08:36.0655 1700 LSI_SAS2 - ok
23:08:36.0676 1700 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:08:36.0692 1700 LSI_SCSI - ok
23:08:36.0732 1700 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:08:36.0735 1700 luafv - ok
23:08:36.0844 1700 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
23:08:36.0894 1700 McComponentHostService - ok
23:08:36.0967 1700 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:08:37.0051 1700 Mcx2Svc - ok
23:08:37.0083 1700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:08:37.0086 1700 megasas - ok
23:08:37.0134 1700 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:08:37.0144 1700 MegaSR - ok
23:08:37.0190 1700 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:08:37.0206 1700 MMCSS - ok
23:08:37.0227 1700 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:08:37.0230 1700 Modem - ok
23:08:37.0266 1700 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:08:37.0269 1700 monitor - ok
23:08:37.0357 1700 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:08:37.0364 1700 mouclass - ok
23:08:37.0391 1700 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:08:37.0400 1700 mouhid - ok
23:08:37.0469 1700 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:08:37.0472 1700 mountmgr - ok
23:08:37.0535 1700 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:08:37.0545 1700 mpio - ok
23:08:37.0571 1700 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:08:37.0587 1700 mpsdrv - ok
23:08:37.0750 1700 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:08:37.0784 1700 MpsSvc - ok
23:08:37.0855 1700 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:08:37.0865 1700 MRxDAV - ok
23:08:38.0064 1700 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:08:38.0067 1700 mrxsmb - ok
23:08:38.0607 1700 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:08:38.0612 1700 mrxsmb10 - ok
23:08:38.0738 1700 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:08:38.0741 1700 mrxsmb20 - ok
23:08:38.0952 1700 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:08:38.0954 1700 msahci - ok
23:08:39.0070 1700 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:08:39.0113 1700 msdsm - ok
23:08:39.0247 1700 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:08:39.0258 1700 MSDTC - ok
23:08:39.0307 1700 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:08:39.0309 1700 Msfs - ok
23:08:39.0324 1700 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:08:39.0326 1700 mshidkmdf - ok
23:08:39.0379 1700 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:08:39.0381 1700 msisadrv - ok
23:08:39.0436 1700 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:08:39.0485 1700 MSiSCSI - ok
23:08:39.0490 1700 msiserver - ok
23:08:39.0529 1700 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:08:39.0532 1700 MSKSSRV - ok
23:08:39.0563 1700 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:08:39.0565 1700 MSPCLOCK - ok
23:08:39.0582 1700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:08:39.0584 1700 MSPQM - ok
23:08:39.0669 1700 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:08:39.0676 1700 MsRPC - ok
23:08:39.0735 1700 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:08:39.0738 1700 mssmbios - ok
23:08:39.0744 1700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:08:39.0747 1700 MSTEE - ok
23:08:39.0759 1700 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:08:39.0761 1700 MTConfig - ok
23:08:39.0773 1700 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:08:39.0774 1700 Mup - ok
23:08:40.0007 1700 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.2.3\ccSvcHst.exe
23:08:40.0009 1700 N360 - ok
23:08:40.0126 1700 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:08:40.0141 1700 napagent - ok
23:08:40.0223 1700 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:08:40.0240 1700 NativeWifiP - ok
23:08:40.0431 1700 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120812.007\ENG64.SYS
23:08:40.0443 1700 NAVENG - ok
23:08:40.0678 1700 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120812.007\EX64.SYS
23:08:40.0743 1700 NAVEX15 - ok
23:08:41.0053 1700 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:08:41.0072 1700 NDIS - ok
23:08:41.0102 1700 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:08:41.0106 1700 NdisCap - ok
23:08:41.0132 1700 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:08:41.0136 1700 NdisTapi - ok
23:08:41.0200 1700 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:08:41.0218 1700 Ndisuio - ok
23:08:41.0286 1700 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:08:41.0347 1700 NdisWan - ok
23:08:41.0413 1700 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:08:41.0423 1700 NDProxy - ok
23:08:41.0440 1700 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:08:41.0442 1700 NetBIOS - ok
23:08:41.0514 1700 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:08:41.0517 1700 NetBT - ok
23:08:41.0572 1700 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:08:41.0575 1700 Netlogon - ok
23:08:41.0647 1700 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:08:41.0661 1700 Netman - ok
23:08:41.0827 1700 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:08:41.0872 1700 NetMsmqActivator - ok
23:08:41.0880 1700 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:08:41.0883 1700 NetPipeActivator - ok
23:08:41.0963 1700 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:08:41.0992 1700 netprofm - ok
23:08:42.0018 1700 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:08:42.0022 1700 NetTcpActivator - ok
23:08:42.0028 1700 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:08:42.0030 1700 NetTcpPortSharing - ok
23:08:42.0871 1700 NETw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\NETw5v64.sys
23:08:42.0970 1700 NETw5v64 - ok
23:08:43.0958 1700 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
23:08:44.0137 1700 NETwNs64 - ok
23:08:44.0358 1700 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:08:44.0361 1700 nfrd960 - ok
23:08:44.0449 1700 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:08:44.0468 1700 NlaSvc - ok
23:08:44.0502 1700 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:08:44.0504 1700 Npfs - ok
23:08:44.0538 1700 npggsvc - ok
23:08:44.0561 1700 NPPTNT2 - ok
23:08:44.0593 1700 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:08:44.0595 1700 nsi - ok
23:08:44.0612 1700 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:08:44.0614 1700 nsiproxy - ok
23:08:44.0830 1700 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:08:44.0862 1700 Ntfs - ok
23:08:45.0173 1700 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:08:45.0175 1700 Null - ok
23:08:45.0253 1700 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:08:45.0342 1700 nvraid - ok
23:08:45.0421 1700 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:08:45.0432 1700 nvstor - ok
23:08:45.0452 1700 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:08:45.0468 1700 nv_agp - ok
23:08:45.0534 1700 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:08:45.0540 1700 ohci1394 - ok
23:08:45.0641 1700 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:08:45.0674 1700 ose - ok
23:08:46.0217 1700 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:08:46.0371 1700 osppsvc - ok
23:08:46.0542 1700 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:08:46.0559 1700 p2pimsvc - ok
23:08:46.0619 1700 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:08:46.0626 1700 p2psvc - ok
23:08:46.0670 1700 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:08:46.0672 1700 Parport - ok
23:08:46.0735 1700 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:08:46.0738 1700 partmgr - ok
23:08:46.0775 1700 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:08:46.0788 1700 PcaSvc - ok
23:08:46.0906 1700 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
23:08:46.0940 1700 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
23:08:47.0027 1700 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:08:47.0030 1700 pci - ok
23:08:47.0044 1700 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:08:47.0046 1700 pciide - ok
23:08:47.0093 1700 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:08:47.0099 1700 pcmcia - ok
23:08:47.0149 1700 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:08:47.0150 1700 pcw - ok
23:08:47.0248 1700 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:08:47.0267 1700 PEAUTH - ok
23:08:47.0455 1700 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:08:47.0480 1700 PerfHost - ok
23:08:47.0788 1700 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:08:47.0827 1700 pla - ok
23:08:47.0902 1700 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:08:47.0909 1700 PlugPlay - ok
23:08:47.0953 1700 PnkBstrA - ok
23:08:47.0962 1700 PnkBstrB - ok
23:08:48.0000 1700 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:08:48.0029 1700 PNRPAutoReg - ok
23:08:48.0096 1700 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:08:48.0099 1700 PNRPsvc - ok
23:08:48.0198 1700 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:08:48.0264 1700 PolicyAgent - ok
23:08:48.0367 1700 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:08:48.0393 1700 Power - ok
23:08:48.0515 1700 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:08:48.0582 1700 PptpMiniport - ok
23:08:48.0617 1700 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:08:48.0620 1700 Processor - ok
23:08:48.0784 1700 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
23:08:48.0792 1700 ProfSvc - ok
23:08:48.0823 1700 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:08:48.0826 1700 ProtectedStorage - ok
23:08:48.0921 1700 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:08:48.0923 1700 Psched - ok
23:08:48.0957 1700 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:08:48.0959 1700 PxHlpa64 - ok
23:08:49.0117 1700 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:08:49.0154 1700 ql2300 - ok
23:08:49.0339 1700 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:08:49.0343 1700 ql40xx - ok
23:08:49.0413 1700 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:08:49.0426 1700 QWAVE - ok
23:08:49.0452 1700 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:08:49.0460 1700 QWAVEdrv - ok
23:08:49.0471 1700 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:08:49.0475 1700 RasAcd - ok
23:08:49.0517 1700 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:08:49.0524 1700 RasAgileVpn - ok
23:08:49.0549 1700 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:08:49.0556 1700 RasAuto - ok
23:08:49.0686 1700 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:08:49.0715 1700 Rasl2tp - ok
23:08:49.0806 1700 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:08:49.0824 1700 RasMan - ok
23:08:49.0889 1700 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:08:49.0905 1700 RasPppoe - ok
23:08:49.0936 1700 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:08:49.0943 1700 RasSstp - ok
23:08:50.0028 1700 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:08:50.0034 1700 rdbss - ok
23:08:50.0058 1700 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:08:50.0060 1700 rdpbus - ok
23:08:50.0075 1700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:08:50.0077 1700 RDPCDD - ok
23:08:50.0107 1700 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:08:50.0109 1700 RDPENCDD - ok
23:08:50.0301 1700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:08:50.0303 1700 RDPREFMP - ok
23:08:50.0608 1700 RDPSSW32 (977ef648c56541f1d1e5cce7b44eea28) C:\Windows\System32\RDPSSW32.EXE
23:08:50.0635 1700 RDPSSW32 - ok
23:08:50.0707 1700 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:08:50.0763 1700 RDPWD - ok
23:08:50.0848 1700 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:08:50.0851 1700 rdyboost - ok
23:08:50.0896 1700 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:08:50.0945 1700 RemoteAccess - ok
23:08:50.0982 1700 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:08:51.0036 1700 RemoteRegistry - ok
23:08:51.0073 1700 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
23:08:51.0124 1700 rimmptsk - ok
23:08:51.0148 1700 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
23:08:51.0183 1700 rimsptsk - ok
23:08:51.0215 1700 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
23:08:51.0220 1700 rismxdp - ok
23:08:51.0242 1700 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:08:51.0250 1700 RpcEptMapper - ok
23:08:51.0272 1700 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:08:51.0276 1700 RpcLocator - ok
23:08:51.0455 1700 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:08:51.0466 1700 RpcSs - ok
23:08:51.0519 1700 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:08:51.0521 1700 rspndr - ok
23:08:51.0583 1700 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:08:51.0586 1700 SamSs - ok
23:08:51.0649 1700 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:08:51.0681 1700 sbp2port - ok
23:08:51.0745 1700 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:08:51.0797 1700 SCardSvr - ok
23:08:51.0858 1700 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:08:51.0884 1700 scfilter - ok
23:08:52.0037 1700 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:08:52.0094 1700 Schedule - ok
23:08:52.0163 1700 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:08:52.0166 1700 SCPolicySvc - ok
23:08:52.0370 1700 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
23:08:52.0387 1700 sdbus - ok
23:08:52.0464 1700 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:08:52.0519 1700 SDRSVC - ok
23:08:52.0652 1700 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:08:52.0662 1700 SeaPort - ok
23:08:52.0684 1700 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:08:52.0686 1700 secdrv - ok
23:08:52.0737 1700 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:08:52.0742 1700 seclogon - ok
23:08:52.0778 1700 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:08:52.0795 1700 SENS - ok
23:08:52.0815 1700 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:08:52.0842 1700 SensrSvc - ok
23:08:52.0877 1700 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:08:52.0880 1700 Serenum - ok
23:08:52.0910 1700 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:08:52.0926 1700 Serial - ok
23:08:52.0995 1700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:08:52.0998 1700 sermouse - ok
23:08:53.0196 1700 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:08:53.0200 1700 SessionEnv - ok
23:08:53.0255 1700 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
23:08:53.0311 1700 sffdisk - ok
23:08:53.0345 1700 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:08:53.0348 1700 sffp_mmc - ok
23:08:53.0362 1700 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:08:53.0394 1700 sffp_sd - ok
23:08:53.0431 1700 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:08:53.0434 1700 sfloppy - ok
23:08:53.0524 1700 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:08:53.0542 1700 SharedAccess - ok
23:08:53.0638 1700 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:08:53.0651 1700 ShellHWDetection - ok
23:08:53.0685 1700 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:08:53.0688 1700 SiSRaid2 - ok
23:08:53.0712 1700 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:08:53.0728 1700 SiSRaid4 - ok
23:08:53.0840 1700 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
23:08:53.0851 1700 SkypeUpdate - ok
23:08:53.0885 1700 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:08:53.0887 1700 Smb - ok
23:08:53.0907 1700 SMR300 - ok
23:08:53.0989 1700 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS
23:08:53.0992 1700 SMSIVZAM5X64 - ok
23:08:54.0067 1700 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:08:54.0097 1700 SNMPTRAP - ok
23:08:54.0125 1700 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:08:54.0127 1700 spldr - ok
23:08:54.0214 1700 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:08:54.0234 1700 Spooler - ok
23:08:54.0575 1700 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:08:54.0675 1700 sppsvc - ok
23:08:54.0785 1700 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:08:54.0788 1700 sppuinotify - ok
23:08:55.0046 1700 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
23:08:55.0112 1700 SRTSP - ok
23:08:55.0184 1700 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
23:08:55.0187 1700 SRTSPX - ok
23:08:55.0312 1700 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:08:55.0325 1700 srv - ok
23:08:55.0385 1700 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:08:55.0390 1700 srv2 - ok
23:08:55.0465 1700 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:08:55.0469 1700 srvnet - ok
23:08:55.0553 1700 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:08:55.0618 1700 SSDPSRV - ok
23:08:55.0645 1700 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:08:55.0648 1700 SstpSvc - ok
23:08:55.0767 1700 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
23:08:55.0781 1700 STacSV - ok
23:08:55.0862 1700 Steam Client Service - ok
23:08:55.0902 1700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:08:55.0905 1700 stexstor - ok
23:08:55.0989 1700 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
23:08:56.0023 1700 STHDA - ok
23:08:56.0154 1700 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:08:56.0179 1700 stisvc - ok
23:08:56.0240 1700 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:08:56.0244 1700 swenum - ok
23:08:56.0387 1700 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:08:56.0406 1700 swprv - ok
23:08:56.0605 1700 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
23:08:56.0633 1700 SymDS - ok
23:08:56.0871 1700 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
23:08:56.0932 1700 SymEFA - ok
23:08:57.0037 1700 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
23:08:57.0057 1700 SymEvent - ok
23:08:57.0138 1700 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
23:08:57.0147 1700 SymIRON - ok
23:08:57.0471 1700 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
23:08:57.0661 1700 SymNetS - ok
23:08:57.0764 1700 SynTP (1657b7442d5ce30533f5c4317716b468) C:\Windows\system32\DRIVERS\SynTP.sys
23:08:57.0821 1700 SynTP - ok
23:08:58.0068 1700 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:08:58.0122 1700 SysMain - ok
23:08:58.0277 1700 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:08:58.0368 1700 TabletInputService - ok
23:08:58.0459 1700 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:08:58.0479 1700 TapiSrv - ok
23:08:58.0510 1700 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:08:58.0571 1700 TBS - ok
23:08:58.0968 1700 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:08:59.0005 1700 Tcpip - ok
23:08:59.0344 1700 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:08:59.0355 1700 TCPIP6 - ok
23:08:59.0495 1700 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:08:59.0498 1700 tcpipreg - ok
23:08:59.0548 1700 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:08:59.0571 1700 TDPIPE - ok
23:08:59.0614 1700 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:08:59.0618 1700 TDTCP - ok
23:08:59.0691 1700 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:08:59.0704 1700 tdx - ok
23:08:59.0779 1700 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:08:59.0785 1700 TermDD - ok
23:08:59.0920 1700 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:08:59.0935 1700 TermService - ok
23:08:59.0993 1700 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:09:00.0000 1700 Themes - ok
23:09:00.0068 1700 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:09:00.0071 1700 THREADORDER - ok
23:09:00.0099 1700 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:09:00.0111 1700 TrkWks - ok
23:09:00.0199 1700 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:09:00.0216 1700 TrustedInstaller - ok
23:09:00.0350 1700 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:09:00.0352 1700 tssecsrv - ok
23:09:00.0423 1700 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:09:00.0441 1700 TsUsbFlt - ok
23:09:00.0544 1700 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:09:00.0601 1700 tunnel - ok
23:09:00.0782 1700 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:09:00.0786 1700 uagp35 - ok
23:09:00.0882 1700 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:09:00.0899 1700 udfs - ok
23:09:00.0950 1700 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:09:00.0982 1700 UI0Detect - ok
23:09:01.0018 1700 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:09:01.0022 1700 uliagpkx - ok
23:09:01.0069 1700 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:09:01.0072 1700 umbus - ok
23:09:01.0107 1700 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:09:01.0110 1700 UmPass - ok
23:09:01.0158 1700 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:09:01.0175 1700 upnphost - ok
23:09:01.0234 1700 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
23:09:01.0261 1700 usbbus - ok
23:09:01.0350 1700 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:09:01.0366 1700 usbccgp - ok
23:09:01.0428 1700 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:09:01.0449 1700 usbcir - ok
23:09:01.0472 1700 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
23:09:01.0490 1700 UsbDiag - ok
23:09:01.0540 1700 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:09:01.0543 1700 usbehci - ok
23:09:01.0590 1700 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:09:01.0651 1700 usbhub - ok
23:09:01.0717 1700 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
23:09:01.0721 1700 USBModem - ok
23:09:01.0776 1700 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:09:01.0780 1700 usbohci - ok
23:09:01.0823 1700 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:09:01.0848 1700 usbprint - ok
23:09:01.0873 1700 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:09:01.0878 1700 USBSTOR - ok
23:09:01.0972 1700 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
23:09:01.0998 1700 usbuhci - ok
23:09:02.0092 1700 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:09:02.0107 1700 usbvideo - ok
23:09:02.0256 1700 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:09:02.0261 1700 UxSms - ok
23:09:02.0361 1700 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:09:02.0363 1700 VaultSvc - ok
23:09:02.0425 1700 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:09:02.0428 1700 vdrvroot - ok
23:09:02.0542 1700 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:09:02.0598 1700 vds - ok
23:09:02.0637 1700 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:09:02.0640 1700 vga - ok
23:09:02.0661 1700 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:09:02.0664 1700 VgaSave - ok
23:09:02.0742 1700 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:09:02.0759 1700 vhdmp - ok
23:09:02.0784 1700 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:09:02.0787 1700 viaide - ok
23:09:02.0852 1700 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:09:02.0855 1700 volmgr - ok
23:09:02.0952 1700 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:09:02.0965 1700 volmgrx - ok
23:09:03.0051 1700 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:09:03.0057 1700 volsnap - ok
23:09:03.0099 1700 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:09:03.0114 1700 vsmraid - ok
23:09:03.0372 1700 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:09:03.0423 1700 VSS - ok
23:09:03.0550 1700 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:09:03.0553 1700 vwifibus - ok
23:09:03.0585 1700 VWiFiFlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:09:03.0588 1700 VWiFiFlt - ok
23:09:03.0611 1700 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:09:03.0614 1700 vwifimp - ok
23:09:03.0678 1700 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:09:03.0691 1700 W32Time - ok
23:09:03.0737 1700 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:09:03.0739 1700 WacomPen - ok
23:09:03.0822 1700 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:09:03.0870 1700 WANARP - ok
23:09:03.0899 1700 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:09:03.0900 1700 Wanarpv6 - ok
23:09:04.0168 1700 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:09:04.0241 1700 WatAdminSvc - ok
23:09:04.0481 1700 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:09:04.0514 1700 wbengine - ok
23:09:04.0685 1700 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:09:04.0794 1700 WbioSrvc - ok
23:09:04.0953 1700 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:09:04.0960 1700 wcncsvc - ok
23:09:04.0995 1700 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:09:04.0999 1700 WcsPlugInService - ok
23:09:05.0055 1700 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:09:05.0058 1700 Wd - ok
23:09:05.0151 1700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:09:05.0162 1700 Wdf01000 - ok
23:09:05.0185 1700 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:09:05.0192 1700 WdiServiceHost - ok
23:09:05.0196 1700 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:09:05.0199 1700 WdiSystemHost - ok
23:09:05.0277 1700 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:09:05.0377 1700 WebClient - ok
23:09:05.0417 1700 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:09:05.0445 1700 Wecsvc - ok
23:09:05.0482 1700 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:09:05.0498 1700 wercplsupport - ok
23:09:05.0542 1700 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:09:05.0558 1700 WerSvc - ok
23:09:05.0636 1700 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:09:05.0638 1700 WfpLwf - ok
23:09:05.0683 1700 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
23:09:05.0694 1700 WimFltr - ok
23:09:05.0712 1700 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:09:05.0716 1700 WIMMount - ok
23:09:05.0751 1700 WinDefend - ok
23:09:05.0768 1700 WinHttpAutoProxySvc - ok
23:09:05.0844 1700 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:09:05.0857 1700 Winmgmt - ok
23:09:06.0139 1700 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:09:06.0212 1700 WinRM - ok
23:09:06.0476 1700 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:09:06.0505 1700 WinUsb - ok
23:09:06.0643 1700 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:09:06.0670 1700 Wlansvc - ok
23:09:06.0953 1700 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:09:06.0984 1700 wlidsvc - ok
23:09:07.0190 1700 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:09:07.0213 1700 WmiAcpi - ok
23:09:07.0383 1700 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:09:07.0434 1700 wmiApSrv - ok
23:09:07.0465 1700 WMPNetworkSvc - ok
23:09:07.0498 1700 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:09:07.0523 1700 WPCSvc - ok
23:09:07.0579 1700 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:09:07.0592 1700 WPDBusEnum - ok
23:09:07.0617 1700 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:09:07.0619 1700 ws2ifsl - ok
23:09:07.0675 1700 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:09:07.0691 1700 wscsvc - ok
23:09:07.0751 1700 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
23:09:07.0782 1700 WSDPrintDevice - ok
23:09:07.0787 1700 WSearch - ok
23:09:08.0098 1700 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:09:08.0154 1700 wuauserv - ok
23:09:08.0463 1700 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:09:08.0476 1700 WudfPf - ok
23:09:08.0519 1700 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:09:08.0528 1700 WUDFRd - ok
23:09:08.0596 1700 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:09:08.0612 1700 wudfsvc - ok
23:09:08.0655 1700 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:09:08.0713 1700 WwanSvc - ok
23:09:08.0825 1700 X6va003 - ok
23:09:08.0880 1700 X6va005 - ok
23:09:08.0906 1700 X6va006 - ok
23:09:08.0977 1700 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
23:09:09.0027 1700 xusb21 - ok
23:09:09.0070 1700 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
23:09:09.0126 1700 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
23:09:09.0126 1700 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
23:09:09.0132 1700 Boot (0x1200) (127da5c5830d7121c9a9049c25e9e492) \Device\Harddisk0\DR0\Partition0
23:09:09.0134 1700 \Device\Harddisk0\DR0\Partition0 - ok
23:09:09.0148 1700 Boot (0x1200) (d79b19afbc99083a7539feeff5d90240) \Device\Harddisk0\DR0\Partition1
23:09:09.0151 1700 \Device\Harddisk0\DR0\Partition1 - ok
23:09:09.0151 1700 ============================================================
23:09:09.0151 1700 Scan finished
23:09:09.0152 1700 ============================================================
23:09:09.0207 2304 Detected object count: 1
23:09:09.0207 2304 Actual detected object count: 1
23:09:30.0941 2304 \Device\Harddisk0\DR0\# - copied to quarantine
23:09:30.0942 2304 \Device\Harddisk0\DR0 - copied to quarantine
23:09:30.0979 2304 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
23:09:30.0981 2304 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
23:09:30.0984 2304 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
23:09:30.0987 2304 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
23:09:30.0991 2304 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
23:09:31.0006 2304 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
23:09:31.0017 2304 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
23:09:31.0030 2304 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
23:09:31.0034 2304 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
23:09:31.0067 2304 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
23:09:31.0076 2304 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
23:09:31.0079 2304 \Device\Harddisk0\DR0 - ok
23:09:31.0086 2304 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
23:09:39.0103 3580 Deinitialize success




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-12 23:19:15
-----------------------------
23:19:15.569 OS Version: Windows x64 6.1.7601 Service Pack 1
23:19:15.569 Number of processors: 2 586 0x170A
23:19:15.570 ComputerName: OWNER-PC UserName: Owner
23:19:26.351 Initialize success
23:32:59.030 AVAST engine defs: 12081300
23:33:03.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:33:03.519 Disk 0 Vendor: WDC_WD5000BEVT-75ZAT0 01.01A01 Size: 476940MB BusType: 11
23:33:03.531 Disk 0 MBR read successfully
23:33:03.535 Disk 0 MBR scan
23:33:03.543 Disk 0 Windows VISTA default MBR code
23:33:03.549 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
23:33:03.575 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
23:33:03.597 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30800325
23:33:03.700 Disk 0 scanning C:\Windows\system32\drivers
23:33:20.688 Service scanning
23:33:59.245 Modules scanning
23:33:59.260 Disk 0 trace - called modules:
23:33:59.306 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:33:59.643 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c7e060]
23:33:59.653 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004719060]
23:34:01.788 AVAST engine scan C:\Windows
23:34:08.932 AVAST engine scan C:\Windows\system32
23:40:48.177 AVAST engine scan C:\Windows\system32\drivers
23:41:13.253 AVAST engine scan C:\Users\Owner
00:10:17.328 AVAST engine scan C:\ProgramData
00:19:37.458 Scan finished successfully
00:26:20.789 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
00:26:20.799 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:49 AM

Posted 13 August 2012 - 12:46 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:49 AM

Posted 16 August 2012 - 07:42 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:49 AM

Posted 20 August 2012 - 12:05 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:49 AM

Posted 22 August 2012 - 11:24 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users