Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Gen.2 wont go away


  • Please log in to reply
9 replies to this topic

#1 Coldham

Coldham

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 20 August 2012 - 09:04 AM

I have tried some removal tools under some not so great advice and no success.

I have scanned with SAV and malware bites. They come back clean with the exception of Trojan.Gen.2. It seems to come back randomly. I perform a full scan with sav and it comes back clean. Wait a few hours and it pops up Trojan.Gen.2 with the autodetect. Malwarebytes has came back clean every time.

I have been fighting with this thing with advice from another forum and got hung out to dry.

I think my eyeballs are going to pop out of my head.

Any help appreciated.

Thanks in advance.

CH

Windows 7 64 Bit OS
I have a flash drive and I know how to use it :)

Edited by Coldham, 20 August 2012 - 09:06 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:15 AM

Posted 20 August 2012 - 09:11 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Coldham

Coldham
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 20 August 2012 - 11:13 AM

09:30:55.0850 5756 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
09:30:56.0438 5756 ============================================================
09:30:56.0439 5756 Current date / time: 2012/08/20 09:30:56.0438
09:30:56.0439 5756 SystemInfo:
09:30:56.0439 5756
09:30:56.0439 5756 OS Version: 6.1.7601 ServicePack: 1.0
09:30:56.0439 5756 Product type: Workstation
09:30:56.0439 5756 ComputerName: CLARK-B
09:30:56.0439 5756 UserName: BRUCE
09:30:56.0439 5756 Windows directory: C:\Windows
09:30:56.0439 5756 System windows directory: C:\Windows
09:30:56.0439 5756 Running under WOW64
09:30:56.0439 5756 Processor architecture: Intel x64
09:30:56.0439 5756 Number of processors: 4
09:30:56.0439 5756 Page size: 0x1000
09:30:56.0439 5756 Boot type: Normal boot
09:30:56.0439 5756 ============================================================
09:30:57.0098 5756 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:30:57.0183 5756 Drive \Device\Harddisk2\DR2 - Size: 0xEEB00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:30:57.0186 5756 ============================================================
09:30:57.0186 5756 \Device\Harddisk0\DR0:
09:30:57.0186 5756 MBR partitions:
09:30:57.0186 5756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x178800
09:30:57.0186 5756 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x18C800, BlocksNum 0x1CC38000
09:30:57.0212 5756 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1CDC5000, BlocksNum 0x400800
09:30:57.0212 5756 \Device\Harddisk2\DR2:
09:30:57.0213 5756 MBR partitions:
09:30:57.0213 5756 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x80, BlocksNum 0x775780
09:30:57.0213 5756 ============================================================
09:30:57.0239 5756 C: <-> \Device\Harddisk0\DR0\Partition2
09:30:57.0282 5756 D: <-> \Device\Harddisk0\DR0\Partition3
09:30:57.0282 5756 ============================================================
09:30:57.0282 5756 Initialize success
09:30:57.0282 5756 ============================================================
09:32:15.0122 5780 ============================================================
09:32:15.0122 5780 Scan started
09:32:15.0122 5780 Mode: Manual; TDLFS;
09:32:15.0122 5780 ============================================================
09:32:17.0332 5780 ================ Scan system memory ========================
09:32:17.0332 5780 System memory - ok
09:32:17.0332 5780 ================ Scan services =============================
09:32:17.0391 5780 1394ohci - ok
09:32:17.0420 5780 Acceler - ok
09:32:17.0435 5780 ACPI - ok
09:32:17.0442 5780 AcpiPmi - ok
09:32:17.0465 5780 AdobeARMservice - ok
09:32:17.0485 5780 AdobeFlashPlayerUpdateSvc - ok
09:32:17.0492 5780 adp94xx - ok
09:32:17.0497 5780 adpahci - ok
09:32:17.0501 5780 adpu320 - ok
09:32:17.0507 5780 AeLookupSvc - ok
09:32:17.0524 5780 AESTFilters - ok
09:32:17.0534 5780 AFD - ok
09:32:17.0538 5780 agp440 - ok
09:32:17.0542 5780 ALG - ok
09:32:17.0546 5780 aliide - ok
09:32:17.0550 5780 amdide - ok
09:32:17.0554 5780 AmdK8 - ok
09:32:17.0559 5780 AmdPPM - ok
09:32:17.0574 5780 amdsata - ok
09:32:17.0578 5780 amdsbs - ok
09:32:17.0582 5780 amdxata - ok
09:32:17.0587 5780 ApfiltrService - ok
09:32:17.0592 5780 AppID - ok
09:32:17.0595 5780 AppIDSvc - ok
09:32:17.0600 5780 Appinfo - ok
09:32:17.0606 5780 AppMgmt - ok
09:32:17.0610 5780 arc - ok
09:32:17.0615 5780 arcsas - ok
09:32:17.0627 5780 AsyncMac - ok
09:32:17.0638 5780 atapi - ok
09:32:17.0642 5780 AudioEndpointBuilder - ok
09:32:17.0646 5780 AudioSrv - ok
09:32:17.0651 5780 AxInstSV - ok
09:32:17.0666 5780 b06bdrv - ok
09:32:17.0670 5780 b57nd60a - ok
09:32:17.0682 5780 BCM42RLY - ok
09:32:17.0685 5780 BCM43XX - ok
09:32:17.0710 5780 BDESVC - ok
09:32:17.0714 5780 Beep - ok
09:32:17.0740 5780 BFE - ok
09:32:17.0744 5780 BITS - ok
09:32:17.0748 5780 blbdrive - ok
09:32:17.0751 5780 bowser - ok
09:32:17.0755 5780 BrFiltLo - ok
09:32:17.0759 5780 BrFiltUp - ok
09:32:17.0790 5780 BridgeMP - ok
09:32:17.0795 5780 Browser - ok
09:32:17.0799 5780 Brserid - ok
09:32:17.0803 5780 BrSerWdm - ok
09:32:17.0807 5780 BrUsbMdm - ok
09:32:17.0811 5780 BrUsbSer - ok
09:32:17.0815 5780 BTHMODEM - ok
09:32:17.0821 5780 bthserv - ok
09:32:17.0853 5780 catchme - ok
09:32:17.0877 5780 ccEvtMgr - ok
09:32:17.0902 5780 ccSetMgr - ok
09:32:17.0907 5780 cdfs - ok
09:32:17.0911 5780 cdrom - ok
09:32:17.0915 5780 CertPropSvc - ok
09:32:17.0920 5780 circlass - ok
09:32:17.0924 5780 CLFS - ok
09:32:17.0928 5780 clr_optimization_v2.0.50727_32 - ok
09:32:17.0934 5780 clr_optimization_v2.0.50727_64 - ok
09:32:17.0957 5780 clr_optimization_v4.0.30319_32 - ok
09:32:17.0962 5780 clr_optimization_v4.0.30319_64 - ok
09:32:17.0965 5780 CmBatt - ok
09:32:17.0969 5780 cmdide - ok
09:32:17.0973 5780 CNG - ok
09:32:17.0977 5780 Compbatt - ok
09:32:18.0003 5780 CompositeBus - ok
09:32:18.0007 5780 COMSysApp - ok
09:32:18.0012 5780 crcdisk - ok
09:32:18.0016 5780 Credential Vault Host Control Service - ok
09:32:18.0020 5780 Credential Vault Host Storage - ok
09:32:18.0027 5780 CryptSvc - ok
09:32:18.0031 5780 CSC - ok
09:32:18.0034 5780 CscService - ok
09:32:18.0039 5780 cvusbdrv - ok
09:32:18.0045 5780 DcomLaunch - ok
09:32:18.0049 5780 dcpsysmgrsvc - ok
09:32:18.0053 5780 defragsvc - ok
09:32:18.0057 5780 DefWatch - ok
09:32:18.0060 5780 DfsC - ok
09:32:18.0065 5780 Dhcp - ok
09:32:18.0069 5780 discache - ok
09:32:18.0073 5780 Disk - ok
09:32:18.0076 5780 Dnscache - ok
09:32:18.0081 5780 dot3svc - ok
09:32:18.0085 5780 DPS - ok
09:32:18.0089 5780 drmkaud - ok
09:32:18.0151 5780 [ AD00375D9ABA8DB72D0E38129AF0277A ] DVMIO D:\Program Files (x86)\Dell\Reader 2.1\dvmio_x64.sys
09:32:18.0207 5780 DVMIO - ok
09:32:18.0250 5780 [ 6F0952F5A3C8D9E90DF1F88B84541145 ] DvmMDES D:\Program Files (x86)\Dell\Reader 2.1\DVMExportService.exe
09:32:18.0292 5780 DvmMDES - ok
09:32:18.0294 5780 DXGKrnl - ok
09:32:18.0298 5780 e1kexpress - ok
09:32:18.0302 5780 EapHost - ok
09:32:18.0307 5780 ebdrv - ok
09:32:18.0310 5780 eeCtrl - ok
09:32:18.0314 5780 EFS - ok
09:32:18.0319 5780 ehRecvr - ok
09:32:18.0322 5780 ehSched - ok
09:32:18.0326 5780 elxstor - ok
09:32:18.0330 5780 EraserUtilRebootDrv - ok
09:32:18.0334 5780 ErrDev - ok
09:32:18.0341 5780 EventSystem - ok
09:32:18.0347 5780 Exchange Backup Agent - ok
09:32:18.0351 5780 exfat - ok
09:32:18.0357 5780 fastfat - ok
09:32:18.0372 5780 Fax - ok
09:32:18.0377 5780 fdc - ok
09:32:18.0381 5780 fdPHost - ok
09:32:18.0385 5780 FDResPub - ok
09:32:18.0389 5780 FileInfo - ok
09:32:18.0393 5780 Filetrace - ok
09:32:18.0398 5780 flpydisk - ok
09:32:18.0402 5780 FltMgr - ok
09:32:18.0406 5780 FontCache - ok
09:32:18.0410 5780 FontCache3.0.0.0 - ok
09:32:18.0415 5780 FsDepends - ok
09:32:18.0418 5780 Fs_Rec - ok
09:32:18.0422 5780 fvevol - ok
09:32:18.0427 5780 gagp30kx - ok
09:32:18.0430 5780 gpsvc - ok
09:32:18.0444 5780 gupdate - ok
09:32:18.0448 5780 gupdatem - ok
09:32:18.0457 5780 gusvc - ok
09:32:18.0461 5780 hcw85cir - ok
09:32:18.0465 5780 HDAudBus - ok
09:32:18.0469 5780 HidBatt - ok
09:32:18.0472 5780 HidBth - ok
09:32:18.0476 5780 HidIr - ok
09:32:18.0480 5780 hidserv - ok
09:32:18.0486 5780 HidUsb - ok
09:32:18.0492 5780 hkmsvc - ok
09:32:18.0496 5780 HomeGroupListener - ok
09:32:18.0499 5780 HomeGroupProvider - ok
09:32:18.0504 5780 HpSAMD - ok
09:32:18.0509 5780 HTTP - ok
09:32:18.0513 5780 hwpolicy - ok
09:32:18.0519 5780 i8042prt - ok
09:32:18.0851 5780 iaStor - ok
09:32:19.0269 5780 IAStorDataMgrSvc - ok
09:32:19.0291 5780 iaStorV - ok
09:32:19.0296 5780 idsvc - ok
09:32:19.0306 5780 igfx - ok
09:32:19.0310 5780 iirsp - ok
09:32:19.0314 5780 IKEEXT - ok
09:32:19.0319 5780 Impcd - ok
09:32:19.0337 5780 InstallFilterService - ok
09:32:19.0341 5780 IntcDAud - ok
09:32:19.0346 5780 intelide - ok
09:32:19.0353 5780 intelppm - ok
09:32:19.0357 5780 IPBusEnum - ok
09:32:19.0361 5780 IpFilterDriver - ok
09:32:19.0365 5780 iphlpsvc - ok
09:32:19.0369 5780 IPMIDRV - ok
09:32:19.0373 5780 IPNAT - ok
09:32:19.0377 5780 IRENUM - ok
09:32:19.0380 5780 isapnp - ok
09:32:19.0384 5780 iScsiPrt - ok
09:32:19.0396 5780 kbdclass - ok
09:32:19.0401 5780 kbdhid - ok
09:32:19.0405 5780 KeyIso - ok
09:32:19.0408 5780 KSecDD - ok
09:32:19.0413 5780 KSecPkg - ok
09:32:19.0417 5780 ksthunk - ok
09:32:19.0421 5780 KtmRm - ok
09:32:19.0432 5780 LanmanServer - ok
09:32:19.0437 5780 LanmanWorkstation - ok
09:32:19.0451 5780 LBTServ - ok
09:32:19.0457 5780 LHidFilt - ok
09:32:19.0473 5780 LiveUpdate - ok
09:32:19.0492 5780 lltdio - ok
09:32:19.0496 5780 lltdsvc - ok
09:32:19.0500 5780 lmhosts - ok
09:32:19.0512 5780 LMouFilt - ok
09:32:19.0519 5780 LSI_FC - ok
09:32:19.0523 5780 LSI_SAS - ok
09:32:19.0527 5780 LSI_SAS2 - ok
09:32:19.0532 5780 LSI_SCSI - ok
09:32:19.0544 5780 luafv - ok
09:32:19.0555 5780 LVRS64 - ok
09:32:19.0558 5780 Mcx2Svc - ok
09:32:19.0562 5780 megasas - ok
09:32:19.0565 5780 MegaSR - ok
09:32:19.0569 5780 Microsoft SharePoint Workspace Audit Service - ok
09:32:19.0576 5780 MMCSS - ok
09:32:19.0580 5780 Modem - ok
09:32:19.0584 5780 monitor - ok
09:32:19.0588 5780 mouclass - ok
09:32:19.0592 5780 mouhid - ok
09:32:19.0600 5780 mountmgr - ok
09:32:19.0604 5780 mpio - ok
09:32:19.0607 5780 mpsdrv - ok
09:32:19.0612 5780 MpsSvc - ok
09:32:19.0616 5780 MRxDAV - ok
09:32:19.0619 5780 mrxsmb - ok
09:32:19.0623 5780 mrxsmb10 - ok
09:32:19.0627 5780 mrxsmb20 - ok
09:32:19.0631 5780 msahci - ok
09:32:19.0635 5780 msdsm - ok
09:32:19.0640 5780 MSDTC - ok
09:32:19.0647 5780 Msfs - ok
09:32:19.0651 5780 mshidkmdf - ok
09:32:19.0655 5780 msisadrv - ok
09:32:19.0659 5780 MSiSCSI - ok
09:32:19.0664 5780 msiserver - ok
09:32:19.0668 5780 MSKSSRV - ok
09:32:19.0685 5780 msoidsvc - ok
09:32:19.0690 5780 MSPCLOCK - ok
09:32:19.0694 5780 MSPQM - ok
09:32:19.0698 5780 MsRPC - ok
09:32:19.0704 5780 mssmbios - ok
09:32:19.0708 5780 MSTEE - ok
09:32:19.0711 5780 MTConfig - ok
09:32:19.0715 5780 Mup - ok
09:32:19.0719 5780 napagent - ok
09:32:19.0730 5780 NativeWifiP - ok
09:32:19.0734 5780 NAVENG - ok
09:32:19.0738 5780 NAVEX15 - ok
09:32:19.0742 5780 NDIS - ok
09:32:19.0750 5780 NdisCap - ok
09:32:19.0753 5780 NdisTapi - ok
09:32:19.0758 5780 Ndisuio - ok
09:32:19.0761 5780 NdisWan - ok
09:32:19.0765 5780 NDProxy - ok
09:32:19.0773 5780 NetBIOS - ok
09:32:19.0777 5780 NetBT - ok
09:32:19.0781 5780 Netlogon - ok
09:32:19.0789 5780 Netman - ok
09:32:19.0792 5780 netprofm - ok
09:32:19.0796 5780 NetTcpPortSharing - ok
09:32:19.0809 5780 nfrd960 - ok
09:32:19.0813 5780 NlaSvc - ok
09:32:19.0828 5780 nosGetPlusHelper - ok
09:32:19.0832 5780 Npfs - ok
09:32:19.0836 5780 nsi - ok
09:32:19.0840 5780 nsiproxy - ok
09:32:19.0845 5780 Ntfs - ok
09:32:19.0849 5780 Null - ok
09:32:19.0856 5780 nvraid - ok
09:32:19.0860 5780 nvstor - ok
09:32:19.0865 5780 nv_agp - ok
09:32:19.0878 5780 NxDrv - ok
09:32:19.0882 5780 ohci1394 - ok
09:32:19.0891 5780 ose - ok
09:32:19.0896 5780 osppsvc - ok
09:32:19.0901 5780 p2pimsvc - ok
09:32:19.0906 5780 p2psvc - ok
09:32:19.0911 5780 Parport - ok
09:32:19.0915 5780 partmgr - ok
09:32:19.0919 5780 PBADRV - ok
09:32:19.0923 5780 PcaSvc - ok
09:32:19.0926 5780 pci - ok
09:32:19.0932 5780 pciide - ok
09:32:19.0936 5780 pcmcia - ok
09:32:19.0939 5780 pcw - ok
09:32:19.0943 5780 PEAUTH - ok
09:32:19.0947 5780 PeerDistSvc - ok
09:32:19.0952 5780 PerfHost - ok
09:32:19.0962 5780 pla - ok
09:32:19.0965 5780 PlugPlay - ok
09:32:19.0969 5780 PNRPAutoReg - ok
09:32:19.0973 5780 PNRPsvc - ok
09:32:19.0978 5780 PolicyAgent - ok
09:32:19.0982 5780 Power - ok
09:32:19.0987 5780 PptpMiniport - ok
09:32:19.0990 5780 Processor - ok
09:32:19.0994 5780 ProfSvc - ok
09:32:19.0998 5780 ProtectedStorage - ok
09:32:20.0002 5780 Psched - ok
09:32:20.0011 5780 PxHlpa64 - ok
09:32:20.0015 5780 ql2300 - ok
09:32:20.0019 5780 ql40xx - ok
09:32:20.0023 5780 QWAVE - ok
09:32:20.0027 5780 QWAVEdrv - ok
09:32:20.0030 5780 RasAcd - ok
09:32:20.0034 5780 RasAgileVpn - ok
09:32:20.0038 5780 RasAuto - ok
09:32:20.0044 5780 Rasl2tp - ok
09:32:20.0049 5780 RasMan - ok
09:32:20.0053 5780 RasPppoe - ok
09:32:20.0057 5780 RasSstp - ok
09:32:20.0065 5780 rbScheduler - ok
09:32:20.0069 5780 rdbss - ok
09:32:20.0073 5780 rdpbus - ok
09:32:20.0077 5780 RDPCDD - ok
09:32:20.0082 5780 RDPDR - ok
09:32:20.0086 5780 RDPENCDD - ok
09:32:20.0092 5780 RDPREFMP - ok
09:32:20.0099 5780 RdpVideoMiniport - ok
09:32:20.0103 5780 RDPWD - ok
09:32:20.0111 5780 rdyboost - ok
09:32:20.0114 5780 RemoteAccess - ok
09:32:20.0119 5780 RemoteRegistry - ok
09:32:20.0122 5780 rimspci - ok
09:32:20.0126 5780 risdpcie - ok
09:32:20.0131 5780 rixdpcie - ok
09:32:20.0135 5780 RoxMediaDB12OEM - ok
09:32:20.0139 5780 RoxWatch12 - ok
09:32:20.0151 5780 RpcEptMapper - ok
09:32:20.0155 5780 RpcLocator - ok
09:32:20.0159 5780 RpcSs - ok
09:32:20.0163 5780 rspndr - ok
09:32:20.0166 5780 s3cap - ok
09:32:20.0170 5780 SamSs - ok
09:32:20.0174 5780 sbp2port - ok
09:32:20.0178 5780 SCardSvr - ok
09:32:20.0181 5780 scfilter - ok
09:32:20.0185 5780 Schedule - ok
09:32:20.0189 5780 SCPolicySvc - ok
09:32:20.0193 5780 SDRSVC - ok
09:32:20.0197 5780 secdrv - ok
09:32:20.0201 5780 seclogon - ok
09:32:20.0205 5780 SecureStorageService - ok
09:32:20.0209 5780 SENS - ok
09:32:20.0214 5780 SensrSvc - ok
09:32:20.0218 5780 Serenum - ok
09:32:20.0221 5780 Serial - ok
09:32:20.0226 5780 sermouse - ok
09:32:20.0235 5780 SessionEnv - ok
09:32:20.0239 5780 sffdisk - ok
09:32:20.0243 5780 sffp_mmc - ok
09:32:20.0246 5780 sffp_sd - ok
09:32:20.0250 5780 sfloppy - ok
09:32:20.0263 5780 SharedAccess - ok
09:32:20.0268 5780 ShellHWDetection - ok
09:32:20.0271 5780 SiSRaid2 - ok
09:32:20.0275 5780 SiSRaid4 - ok
09:32:20.0279 5780 Smb - ok
09:32:20.0293 5780 SNMPTRAP - ok
09:32:20.0296 5780 SONICWALL_NetExtender - ok
09:32:20.0300 5780 spldr - ok
09:32:20.0305 5780 Spooler - ok
09:32:20.0308 5780 sppsvc - ok
09:32:20.0312 5780 sppuinotify - ok
09:32:20.0317 5780 SRTSP - ok
09:32:20.0320 5780 SRTSPL - ok
09:32:20.0324 5780 SRTSPX - ok
09:32:20.0328 5780 srv - ok
09:32:20.0332 5780 srv2 - ok
09:32:20.0336 5780 srvnet - ok
09:32:20.0347 5780 SSDPSRV - ok
09:32:20.0351 5780 SstpSvc - ok
09:32:20.0354 5780 STacSV - ok
09:32:20.0359 5780 stdflt - ok
09:32:20.0362 5780 stexstor - ok
09:32:20.0366 5780 STHDA - ok
09:32:20.0370 5780 stisvc - ok
09:32:20.0375 5780 stllssvr - ok
09:32:20.0379 5780 storflt - ok
09:32:20.0384 5780 storvsc - ok
09:32:20.0387 5780 swenum - ok
09:32:20.0391 5780 swprv - ok
09:32:20.0395 5780 Symantec AntiVirus - ok
09:32:20.0402 5780 SymEvent - ok
09:32:20.0415 5780 Synth3dVsc - ok
09:32:20.0419 5780 SysMain - ok
09:32:20.0423 5780 TabletInputService - ok
09:32:20.0427 5780 TapiSrv - ok
09:32:20.0432 5780 TBS - ok
09:32:20.0436 5780 Tcpip - ok
09:32:20.0440 5780 TCPIP6 - ok
09:32:20.0446 5780 tcpipreg - ok
09:32:20.0456 5780 tcsd_win32.exe - ok
09:32:20.0461 5780 TdmService - ok
09:32:20.0466 5780 TDPIPE - ok
09:32:20.0469 5780 TDTCP - ok
09:32:20.0473 5780 tdx - ok
09:32:20.0477 5780 TermDD - ok
09:32:20.0481 5780 TermService - ok
09:32:20.0484 5780 Themes - ok
09:32:20.0488 5780 THREADORDER - ok
09:32:20.0496 5780 TPM - ok
09:32:20.0499 5780 TrkWks - ok
09:32:20.0503 5780 TrustedInstaller - ok
09:32:20.0509 5780 tssecsrv - ok
09:32:20.0512 5780 TsUsbFlt - ok
09:32:20.0518 5780 tsusbhub - ok
09:32:20.0522 5780 tunnel - ok
09:32:20.0525 5780 uagp35 - ok
09:32:20.0529 5780 udfs - ok
09:32:20.0537 5780 UI0Detect - ok
09:32:20.0540 5780 uliagpkx - ok
09:32:20.0552 5780 umbus - ok
09:32:20.0557 5780 UmPass - ok
09:32:20.0561 5780 UmRdpService - ok
09:32:20.0564 5780 upnphost - ok
09:32:20.0575 5780 usbaudio - ok
09:32:20.0578 5780 usbccgp - ok
09:32:20.0591 5780 usbcir - ok
09:32:20.0595 5780 usbehci - ok
09:32:20.0599 5780 usbhub - ok
09:32:20.0603 5780 usbohci - ok
09:32:20.0606 5780 usbprint - ok
09:32:20.0611 5780 USBSTOR - ok
09:32:20.0615 5780 usbuhci - ok
09:32:20.0623 5780 usbvideo - ok
09:32:20.0627 5780 uvnc_service - ok
09:32:20.0631 5780 UxSms - ok
09:32:20.0634 5780 VaultSvc - ok
09:32:20.0639 5780 vdrvroot - ok
09:32:20.0642 5780 vds - ok
09:32:20.0646 5780 vga - ok
09:32:20.0650 5780 VgaSave - ok
09:32:20.0654 5780 VGPU - ok
09:32:20.0658 5780 vhdmp - ok
09:32:20.0661 5780 viaide - ok
09:32:20.0667 5780 vmbus - ok
09:32:20.0670 5780 VMBusHID - ok
09:32:20.0674 5780 volmgr - ok
09:32:20.0679 5780 volmgrx - ok
09:32:20.0683 5780 volsnap - ok
09:32:20.0686 5780 vpcbus - ok
09:32:20.0692 5780 vpcnfltr - ok
09:32:20.0695 5780 vpcusb - ok
09:32:20.0699 5780 vpcvmm - ok
09:32:20.0703 5780 vsmraid - ok
09:32:20.0708 5780 VSS - ok
09:32:20.0711 5780 vwifibus - ok
09:32:20.0724 5780 vwififlt - ok
09:32:20.0733 5780 W32Time - ok
09:32:20.0739 5780 WacomPen - ok
09:32:20.0743 5780 WANARP - ok
09:32:20.0747 5780 Wanarpv6 - ok
09:32:20.0755 5780 WatAdminSvc - ok
09:32:20.0759 5780 wbengine - ok
09:32:20.0763 5780 WbioSrvc - ok
09:32:20.0766 5780 wcncsvc - ok
09:32:20.0770 5780 WcsPlugInService - ok
09:32:20.0775 5780 Wd - ok
09:32:20.0778 5780 Wdf01000 - ok
09:32:20.0782 5780 WdiServiceHost - ok
09:32:20.0786 5780 WdiSystemHost - ok
09:32:20.0790 5780 WebClient - ok
09:32:20.0793 5780 Wecsvc - ok
09:32:20.0798 5780 wercplsupport - ok
09:32:20.0802 5780 WerSvc - ok
09:32:20.0806 5780 WfpLwf - ok
09:32:20.0810 5780 WIMMount - ok
09:32:20.0814 5780 WinDefend - ok
09:32:20.0819 5780 WinHttpAutoProxySvc - ok
09:32:20.0822 5780 Winmgmt - ok
09:32:20.0827 5780 WinRM - ok
09:32:20.0834 5780 WinUsb - ok
09:32:20.0839 5780 Wlansvc - ok
09:32:20.0842 5780 wlcrasvc - ok
09:32:20.0846 5780 wlidsvc - ok
09:32:20.0851 5780 wltrysvc - ok
09:32:20.0855 5780 WmiAcpi - ok
09:32:20.0860 5780 wmiApSrv - ok
09:32:20.0864 5780 WMPNetworkSvc - ok
09:32:20.0868 5780 WPCSvc - ok
09:32:20.0873 5780 WPDBusEnum - ok
09:32:20.0876 5780 ws2ifsl - ok
09:32:20.0880 5780 wscsvc - ok
09:32:20.0884 5780 WSearch - ok
09:32:20.0889 5780 wuauserv - ok
09:32:20.0894 5780 WudfPf - ok
09:32:20.0897 5780 WUDFRd - ok
09:32:20.0901 5780 wudfsvc - ok
09:32:20.0906 5780 WwanSvc - ok
09:32:20.0913 5780 ================ Scan global ===============================
09:32:20.0915 5780 [Global] - ok
09:32:20.0916 5780 ================ Scan MBR ==================================
09:32:20.0925 5780 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:32:22.0023 5780 \Device\Harddisk0\DR0 - ok
09:32:22.0028 5780 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
09:32:29.0742 5780 \Device\Harddisk2\DR2 - ok
09:32:29.0743 5780 ================ Scan VBR ==================================
09:32:29.0987 5780 [ A955343372021254E6A3812574F330F3 ] \Device\Harddisk0\DR0\Partition1
09:32:29.0989 5780 \Device\Harddisk0\DR0\Partition1 - ok
09:32:30.0015 5780 [ BA62D8FC1CDA4334A841473421931005 ] \Device\Harddisk0\DR0\Partition2
09:32:30.0016 5780 \Device\Harddisk0\DR0\Partition2 - ok
09:32:30.0042 5780 [ F1167C4E8D022AE26BA930C74EC49967 ] \Device\Harddisk0\DR0\Partition3
09:32:30.0044 5780 \Device\Harddisk0\DR0\Partition3 - ok
09:32:30.0048 5780 [ 6B4ED82E42BE41424E5AB9CD4832E9E9 ] \Device\Harddisk2\DR2\Partition1
09:32:30.0049 5780 \Device\Harddisk2\DR2\Partition1 - ok
09:32:30.0050 5780 ============================================================
09:32:30.0050 5780 Scan finished
09:32:30.0050 5780 ============================================================
09:32:30.0062 3168 Detected object count: 0
09:32:30.0062 3168 Actual detected object count: 0
09:32:53.0243 5308 ============================================================
09:32:53.0243 5308 Scan started
09:32:53.0243 5308 Mode: Manual; TDLFS;
09:32:53.0243 5308 ============================================================
09:32:53.0390 5308 ================ Scan system memory ========================
09:32:53.0390 5308 System memory - ok
09:32:53.0391 5308 ================ Scan services =============================
09:32:53.0447 5308 1394ohci - ok
09:32:53.0450 5308 Acceler - ok
09:32:53.0454 5308 ACPI - ok
09:32:53.0458 5308 AcpiPmi - ok
09:32:53.0462 5308 AdobeARMservice - ok
09:32:53.0467 5308 AdobeFlashPlayerUpdateSvc - ok
09:32:53.0471 5308 adp94xx - ok
09:32:53.0475 5308 adpahci - ok
09:32:53.0479 5308 adpu320 - ok
09:32:53.0484 5308 AeLookupSvc - ok
09:32:53.0488 5308 AESTFilters - ok
09:32:53.0491 5308 AFD - ok
09:32:53.0495 5308 agp440 - ok
09:32:53.0499 5308 ALG - ok
09:32:53.0503 5308 aliide - ok
09:32:53.0506 5308 amdide - ok
09:32:53.0510 5308 AmdK8 - ok
09:32:53.0514 5308 AmdPPM - ok
09:32:53.0518 5308 amdsata - ok
09:32:53.0522 5308 amdsbs - ok
09:32:53.0526 5308 amdxata - ok
09:32:53.0530 5308 ApfiltrService - ok
09:32:53.0534 5308 AppID - ok
09:32:53.0538 5308 AppIDSvc - ok
09:32:53.0542 5308 Appinfo - ok
09:32:53.0546 5308 AppMgmt - ok
09:32:53.0549 5308 arc - ok
09:32:53.0553 5308 arcsas - ok
09:32:53.0557 5308 AsyncMac - ok
09:32:53.0561 5308 atapi - ok
09:32:53.0564 5308 AudioEndpointBuilder - ok
09:32:53.0568 5308 AudioSrv - ok
09:32:53.0572 5308 AxInstSV - ok
09:32:53.0576 5308 b06bdrv - ok
09:32:53.0579 5308 b57nd60a - ok
09:32:53.0585 5308 BCM42RLY - ok
09:32:53.0588 5308 BCM43XX - ok
09:32:53.0594 5308 BDESVC - ok
09:32:53.0599 5308 Beep - ok
09:32:53.0603 5308 BFE - ok
09:32:53.0606 5308 BITS - ok
09:32:53.0610 5308 blbdrive - ok
09:32:53.0614 5308 bowser - ok
09:32:53.0617 5308 BrFiltLo - ok
09:32:53.0621 5308 BrFiltUp - ok
09:32:53.0625 5308 BridgeMP - ok
09:32:53.0629 5308 Browser - ok
09:32:53.0634 5308 Brserid - ok
09:32:53.0638 5308 BrSerWdm - ok
09:32:53.0641 5308 BrUsbMdm - ok
09:32:53.0645 5308 BrUsbSer - ok
09:32:53.0649 5308 BTHMODEM - ok
09:32:53.0655 5308 bthserv - ok
09:32:53.0658 5308 catchme - ok
09:32:53.0662 5308 ccEvtMgr - ok
09:32:53.0667 5308 ccSetMgr - ok
09:32:53.0670 5308 cdfs - ok
09:32:53.0674 5308 cdrom - ok
09:32:53.0678 5308 CertPropSvc - ok
09:32:53.0682 5308 circlass - ok
09:32:53.0685 5308 CLFS - ok
09:32:53.0690 5308 clr_optimization_v2.0.50727_32 - ok
09:32:53.0694 5308 clr_optimization_v2.0.50727_64 - ok
09:32:53.0697 5308 clr_optimization_v4.0.30319_32 - ok
09:32:53.0701 5308 clr_optimization_v4.0.30319_64 - ok
09:32:53.0705 5308 CmBatt - ok
09:32:53.0709 5308 cmdide - ok
09:32:53.0713 5308 CNG - ok
09:32:53.0717 5308 Compbatt - ok
09:32:53.0720 5308 CompositeBus - ok
09:32:53.0724 5308 COMSysApp - ok
09:32:53.0727 5308 crcdisk - ok
09:32:53.0733 5308 Credential Vault Host Control Service - ok
09:32:53.0737 5308 Credential Vault Host Storage - ok
09:32:53.0744 5308 CryptSvc - ok
09:32:53.0747 5308 CSC - ok
09:32:53.0751 5308 CscService - ok
09:32:53.0755 5308 cvusbdrv - ok
09:32:53.0761 5308 DcomLaunch - ok
09:32:53.0764 5308 dcpsysmgrsvc - ok
09:32:53.0768 5308 defragsvc - ok
09:32:53.0772 5308 DefWatch - ok
09:32:53.0776 5308 DfsC - ok
09:32:53.0780 5308 Dhcp - ok
09:32:53.0784 5308 discache - ok
09:32:53.0787 5308 Disk - ok
09:32:53.0791 5308 Dnscache - ok
09:32:53.0794 5308 dot3svc - ok
09:32:53.0798 5308 DPS - ok
09:32:53.0802 5308 drmkaud - ok
09:32:53.0865 5308 [ AD00375D9ABA8DB72D0E38129AF0277A ] DVMIO D:\Program Files (x86)\Dell\Reader 2.1\dvmio_x64.sys
09:32:53.0866 5308 DVMIO - ok
09:32:53.0880 5308 [ 6F0952F5A3C8D9E90DF1F88B84541145 ] DvmMDES D:\Program Files (x86)\Dell\Reader 2.1\DVMExportService.exe
09:32:53.0882 5308 DvmMDES - ok
09:32:53.0885 5308 DXGKrnl - ok
09:32:53.0890 5308 e1kexpress - ok
09:32:53.0893 5308 EapHost - ok
09:32:53.0897 5308 ebdrv - ok
09:32:53.0901 5308 eeCtrl - ok
09:32:53.0905 5308 EFS - ok
09:32:53.0909 5308 ehRecvr - ok
09:32:53.0913 5308 ehSched - ok
09:32:53.0917 5308 elxstor - ok
09:32:53.0921 5308 EraserUtilRebootDrv - ok
09:32:53.0925 5308 ErrDev - ok
09:32:53.0933 5308 EventSystem - ok
09:32:53.0937 5308 Exchange Backup Agent - ok
09:32:53.0940 5308 exfat - ok
09:32:53.0947 5308 fastfat - ok
09:32:53.0950 5308 Fax - ok
09:32:53.0954 5308 fdc - ok
09:32:53.0957 5308 fdPHost - ok
09:32:53.0962 5308 FDResPub - ok
09:32:53.0965 5308 FileInfo - ok
09:32:53.0969 5308 Filetrace - ok
09:32:53.0973 5308 flpydisk - ok
09:32:54.0008 5308 FltMgr - ok
09:32:54.0011 5308 FontCache - ok
09:32:54.0016 5308 FontCache3.0.0.0 - ok
09:32:54.0021 5308 FsDepends - ok
09:32:54.0025 5308 Fs_Rec - ok
09:32:54.0029 5308 fvevol - ok
09:32:54.0033 5308 gagp30kx - ok
09:32:54.0038 5308 gpsvc - ok
09:32:54.0042 5308 gupdate - ok
09:32:54.0045 5308 gupdatem - ok
09:32:54.0050 5308 gusvc - ok
09:32:54.0053 5308 hcw85cir - ok
09:32:54.0057 5308 HDAudBus - ok
09:32:54.0061 5308 HidBatt - ok
09:32:54.0064 5308 HidBth - ok
09:32:54.0068 5308 HidIr - ok
09:32:54.0072 5308 hidserv - ok
09:32:54.0077 5308 HidUsb - ok
09:32:54.0080 5308 hkmsvc - ok
09:32:54.0083 5308 HomeGroupListener - ok
09:32:54.0087 5308 HomeGroupProvider - ok
09:32:54.0091 5308 HpSAMD - ok
09:32:54.0095 5308 HTTP - ok
09:32:54.0099 5308 hwpolicy - ok
09:32:54.0103 5308 i8042prt - ok
09:32:54.0108 5308 iaStor - ok
09:32:54.0112 5308 IAStorDataMgrSvc - ok
09:32:54.0117 5308 iaStorV - ok
09:32:54.0120 5308 idsvc - ok
09:32:54.0124 5308 igfx - ok
09:32:54.0128 5308 iirsp - ok
09:32:54.0132 5308 IKEEXT - ok
09:32:54.0136 5308 Impcd - ok
09:32:54.0141 5308 InstallFilterService - ok
09:32:54.0146 5308 IntcDAud - ok
09:32:54.0149 5308 intelide - ok
09:32:54.0153 5308 intelppm - ok
09:32:54.0157 5308 IPBusEnum - ok
09:32:54.0160 5308 IpFilterDriver - ok
09:32:54.0164 5308 iphlpsvc - ok
09:32:54.0168 5308 IPMIDRV - ok
09:32:54.0172 5308 IPNAT - ok
09:32:54.0176 5308 IRENUM - ok
09:32:54.0180 5308 isapnp - ok
09:32:54.0184 5308 iScsiPrt - ok
09:32:54.0188 5308 kbdclass - ok
09:32:54.0191 5308 kbdhid - ok
09:32:54.0194 5308 KeyIso - ok
09:32:54.0199 5308 KSecDD - ok
09:32:54.0202 5308 KSecPkg - ok
09:32:54.0206 5308 ksthunk - ok
09:32:54.0210 5308 KtmRm - ok
09:32:54.0213 5308 LanmanServer - ok
09:32:54.0217 5308 LanmanWorkstation - ok
09:32:54.0221 5308 LBTServ - ok
09:32:54.0226 5308 LHidFilt - ok
09:32:54.0230 5308 LiveUpdate - ok
09:32:54.0233 5308 lltdio - ok
09:32:54.0239 5308 lltdsvc - ok
09:32:54.0242 5308 lmhosts - ok
09:32:54.0246 5308 LMouFilt - ok
09:32:54.0252 5308 LSI_FC - ok
09:32:54.0256 5308 LSI_SAS - ok
09:32:54.0260 5308 LSI_SAS2 - ok
09:32:54.0264 5308 LSI_SCSI - ok
09:32:54.0268 5308 luafv - ok
09:32:54.0272 5308 LVRS64 - ok
09:32:54.0275 5308 Mcx2Svc - ok
09:32:54.0279 5308 megasas - ok
09:32:54.0283 5308 MegaSR - ok
09:32:54.0286 5308 Microsoft SharePoint Workspace Audit Service - ok
09:32:54.0291 5308 MMCSS - ok
09:32:54.0295 5308 Modem - ok
09:32:54.0298 5308 monitor - ok
09:32:54.0303 5308 mouclass - ok
09:32:54.0306 5308 mouhid - ok
09:32:54.0310 5308 mountmgr - ok
09:32:54.0313 5308 mpio - ok
09:32:54.0317 5308 mpsdrv - ok
09:32:54.0321 5308 MpsSvc - ok
09:32:54.0325 5308 MRxDAV - ok
09:32:54.0328 5308 mrxsmb - ok
09:32:54.0333 5308 mrxsmb10 - ok
09:32:54.0336 5308 mrxsmb20 - ok
09:32:54.0340 5308 msahci - ok
09:32:54.0345 5308 msdsm - ok
09:32:54.0349 5308 MSDTC - ok
09:32:54.0357 5308 Msfs - ok
09:32:54.0360 5308 mshidkmdf - ok
09:32:54.0364 5308 msisadrv - ok
09:32:54.0368 5308 MSiSCSI - ok
09:32:54.0372 5308 msiserver - ok
09:32:54.0376 5308 MSKSSRV - ok
09:32:54.0379 5308 msoidsvc - ok
09:32:54.0384 5308 MSPCLOCK - ok
09:32:54.0388 5308 MSPQM - ok
09:32:54.0392 5308 MsRPC - ok
09:32:54.0397 5308 mssmbios - ok
09:32:54.0401 5308 MSTEE - ok
09:32:54.0405 5308 MTConfig - ok
09:32:54.0408 5308 Mup - ok
09:32:54.0413 5308 napagent - ok
09:32:54.0416 5308 NativeWifiP - ok
09:32:54.0420 5308 NAVENG - ok
09:32:54.0425 5308 NAVEX15 - ok
09:32:54.0429 5308 NDIS - ok
09:32:54.0432 5308 NdisCap - ok
09:32:54.0437 5308 NdisTapi - ok
09:32:54.0441 5308 Ndisuio - ok
09:32:54.0445 5308 NdisWan - ok
09:32:54.0450 5308 NDProxy - ok
09:32:54.0453 5308 NetBIOS - ok
09:32:54.0456 5308 NetBT - ok
09:32:54.0460 5308 Netlogon - ok
09:32:54.0464 5308 Netman - ok
09:32:54.0468 5308 netprofm - ok
09:32:54.0473 5308 NetTcpPortSharing - ok
09:32:54.0477 5308 nfrd960 - ok
09:32:54.0481 5308 NlaSvc - ok
09:32:54.0484 5308 nosGetPlusHelper - ok
09:32:54.0488 5308 Npfs - ok
09:32:54.0492 5308 nsi - ok
09:32:54.0496 5308 nsiproxy - ok
09:32:54.0501 5308 Ntfs - ok
09:32:54.0505 5308 Null - ok
09:32:54.0509 5308 nvraid - ok
09:32:54.0512 5308 nvstor - ok
09:32:54.0516 5308 nv_agp - ok
09:32:54.0520 5308 NxDrv - ok
09:32:54.0524 5308 ohci1394 - ok
09:32:54.0527 5308 ose - ok
09:32:54.0532 5308 osppsvc - ok
09:32:54.0537 5308 p2pimsvc - ok
09:32:54.0541 5308 p2psvc - ok
09:32:54.0545 5308 Parport - ok
09:32:54.0549 5308 partmgr - ok
09:32:54.0552 5308 PBADRV - ok
09:32:54.0556 5308 PcaSvc - ok
09:32:54.0560 5308 pci - ok
09:32:54.0564 5308 pciide - ok
09:32:54.0568 5308 pcmcia - ok
09:32:54.0571 5308 pcw - ok
09:32:54.0575 5308 PEAUTH - ok
09:32:54.0579 5308 PeerDistSvc - ok
09:32:54.0585 5308 PerfHost - ok
09:32:54.0594 5308 pla - ok
09:32:54.0599 5308 PlugPlay - ok
09:32:54.0603 5308 PNRPAutoReg - ok
09:32:54.0607 5308 PNRPsvc - ok
09:32:54.0611 5308 PolicyAgent - ok
09:32:54.0617 5308 Power - ok
09:32:54.0620 5308 PptpMiniport - ok
09:32:54.0625 5308 Processor - ok
09:32:54.0628 5308 ProfSvc - ok
09:32:54.0632 5308 ProtectedStorage - ok
09:32:54.0636 5308 Psched - ok
09:32:54.0640 5308 PxHlpa64 - ok
09:32:54.0643 5308 ql2300 - ok
09:32:54.0647 5308 ql40xx - ok
09:32:54.0652 5308 QWAVE - ok
09:32:54.0655 5308 QWAVEdrv - ok
09:32:54.0659 5308 RasAcd - ok
09:32:54.0663 5308 RasAgileVpn - ok
09:32:54.0666 5308 RasAuto - ok
09:32:54.0670 5308 Rasl2tp - ok
09:32:54.0673 5308 RasMan - ok
09:32:54.0678 5308 RasPppoe - ok
09:32:54.0682 5308 RasSstp - ok
09:32:54.0686 5308 rbScheduler - ok
09:32:54.0690 5308 rdbss - ok
09:32:54.0694 5308 rdpbus - ok
09:32:54.0698 5308 RDPCDD - ok
09:32:54.0704 5308 RDPDR - ok
09:32:54.0708 5308 RDPENCDD - ok
09:32:54.0713 5308 RDPREFMP - ok
09:32:54.0720 5308 RdpVideoMiniport - ok
09:32:54.0723 5308 RDPWD - ok
09:32:54.0727 5308 rdyboost - ok
09:32:54.0731 5308 RemoteAccess - ok
09:32:54.0735 5308 RemoteRegistry - ok
09:32:54.0739 5308 rimspci - ok
09:32:54.0742 5308 risdpcie - ok
09:32:54.0747 5308 rixdpcie - ok
09:32:54.0751 5308 RoxMediaDB12OEM - ok
09:32:54.0754 5308 RoxWatch12 - ok
09:32:54.0759 5308 RpcEptMapper - ok
09:32:54.0763 5308 RpcLocator - ok
09:32:54.0767 5308 RpcSs - ok
09:32:54.0771 5308 rspndr - ok
09:32:54.0775 5308 s3cap - ok
09:32:54.0778 5308 SamSs - ok
09:32:54.0782 5308 sbp2port - ok
09:32:54.0786 5308 SCardSvr - ok
09:32:54.0789 5308 scfilter - ok
09:32:54.0793 5308 Schedule - ok
09:32:54.0798 5308 SCPolicySvc - ok
09:32:54.0802 5308 SDRSVC - ok
09:32:54.0805 5308 secdrv - ok
09:32:54.0809 5308 seclogon - ok
09:32:54.0814 5308 SecureStorageService - ok
09:32:54.0817 5308 SENS - ok
09:32:54.0821 5308 SensrSvc - ok
09:32:54.0825 5308 Serenum - ok
09:32:54.0829 5308 Serial - ok
09:32:54.0832 5308 sermouse - ok
09:32:54.0841 5308 SessionEnv - ok
09:32:54.0845 5308 sffdisk - ok
09:32:54.0849 5308 sffp_mmc - ok
09:32:54.0853 5308 sffp_sd - ok
09:32:54.0856 5308 sfloppy - ok
09:32:54.0860 5308 SharedAccess - ok
09:32:54.0865 5308 ShellHWDetection - ok
09:32:54.0868 5308 SiSRaid2 - ok
09:32:54.0872 5308 SiSRaid4 - ok
09:32:54.0877 5308 Smb - ok
09:32:54.0883 5308 SNMPTRAP - ok
09:32:54.0886 5308 SONICWALL_NetExtender - ok
09:32:54.0891 5308 spldr - ok
09:32:54.0894 5308 Spooler - ok
09:32:54.0898 5308 sppsvc - ok
09:32:54.0901 5308 sppuinotify - ok
09:32:54.0905 5308 SRTSP - ok
09:32:54.0909 5308 SRTSPL - ok
09:32:54.0913 5308 SRTSPX - ok
09:32:54.0917 5308 srv - ok
09:32:54.0921 5308 srv2 - ok
09:32:54.0924 5308 srvnet - ok
09:32:54.0928 5308 SSDPSRV - ok
09:32:54.0932 5308 SstpSvc - ok
09:32:54.0936 5308 STacSV - ok
09:32:54.0940 5308 stdflt - ok
09:32:54.0945 5308 stexstor - ok
09:32:54.0949 5308 STHDA - ok
09:32:54.0952 5308 stisvc - ok
09:32:54.0956 5308 stllssvr - ok
09:32:54.0960 5308 storflt - ok
09:32:54.0964 5308 storvsc - ok
09:32:54.0968 5308 swenum - ok
09:32:54.0971 5308 swprv - ok
09:32:54.0975 5308 Symantec AntiVirus - ok
09:32:54.0979 5308 SymEvent - ok
09:32:54.0983 5308 Synth3dVsc - ok
09:32:54.0987 5308 SysMain - ok
09:32:54.0990 5308 TabletInputService - ok
09:32:54.0993 5308 TapiSrv - ok
09:32:54.0999 5308 TBS - ok
09:32:55.0002 5308 Tcpip - ok
09:32:55.0005 5308 TCPIP6 - ok
09:32:55.0011 5308 tcpipreg - ok
09:32:55.0017 5308 tcsd_win32.exe - ok
09:32:55.0023 5308 TdmService - ok
09:32:55.0027 5308 TDPIPE - ok
09:32:55.0031 5308 TDTCP - ok
09:32:55.0034 5308 tdx - ok
09:32:55.0038 5308 TermDD - ok
09:32:55.0042 5308 TermService - ok
09:32:55.0047 5308 Themes - ok
09:32:55.0051 5308 THREADORDER - ok
09:32:55.0055 5308 TPM - ok
09:32:55.0058 5308 TrkWks - ok
09:32:55.0063 5308 TrustedInstaller - ok
09:32:55.0068 5308 tssecsrv - ok
09:32:55.0071 5308 TsUsbFlt - ok
09:32:55.0076 5308 tsusbhub - ok
09:32:55.0080 5308 tunnel - ok
09:32:55.0083 5308 uagp35 - ok
09:32:55.0086 5308 udfs - ok
09:32:55.0094 5308 UI0Detect - ok
09:32:55.0098 5308 uliagpkx - ok
09:32:55.0101 5308 umbus - ok
09:32:55.0106 5308 UmPass - ok
09:32:55.0109 5308 UmRdpService - ok
09:32:55.0113 5308 upnphost - ok
09:32:55.0118 5308 usbaudio - ok
09:32:55.0121 5308 usbccgp - ok
09:32:55.0125 5308 usbcir - ok
09:32:55.0130 5308 usbehci - ok
09:32:55.0133 5308 usbhub - ok
09:32:55.0136 5308 usbohci - ok
09:32:55.0140 5308 usbprint - ok
09:32:55.0144 5308 USBSTOR - ok
09:32:55.0148 5308 usbuhci - ok
09:32:55.0152 5308 usbvideo - ok
09:32:55.0157 5308 uvnc_service - ok
09:32:55.0161 5308 UxSms - ok
09:32:55.0165 5308 VaultSvc - ok
09:32:55.0168 5308 vdrvroot - ok
09:32:55.0173 5308 vds - ok
09:32:55.0176 5308 vga - ok
09:32:55.0180 5308 VgaSave - ok
09:32:55.0185 5308 VGPU - ok
09:32:55.0188 5308 vhdmp - ok
09:32:55.0192 5308 viaide - ok
09:32:55.0196 5308 vmbus - ok
09:32:55.0200 5308 VMBusHID - ok
09:32:55.0203 5308 volmgr - ok
09:32:55.0207 5308 volmgrx - ok
09:32:55.0211 5308 volsnap - ok
09:32:55.0215 5308 vpcbus - ok
09:32:55.0218 5308 vpcnfltr - ok
09:32:55.0223 5308 vpcusb - ok
09:32:55.0226 5308 vpcvmm - ok
09:32:55.0230 5308 vsmraid - ok
09:32:55.0233 5308 VSS - ok
09:32:55.0238 5308 vwifibus - ok
09:32:55.0242 5308 vwififlt - ok
09:32:55.0245 5308 W32Time - ok
09:32:55.0251 5308 WacomPen - ok
09:32:55.0254 5308 WANARP - ok
09:32:55.0258 5308 Wanarpv6 - ok
09:32:55.0261 5308 WatAdminSvc - ok
09:32:55.0267 5308 wbengine - ok
09:32:55.0271 5308 WbioSrvc - ok
09:32:55.0274 5308 wcncsvc - ok
09:32:55.0278 5308 WcsPlugInService - ok
09:32:55.0282 5308 Wd - ok
09:32:55.0286 5308 Wdf01000 - ok
09:32:55.0290 5308 WdiServiceHost - ok
09:32:55.0294 5308 WdiSystemHost - ok
09:32:55.0298 5308 WebClient - ok
09:32:55.0303 5308 Wecsvc - ok
09:32:55.0306 5308 wercplsupport - ok
09:32:55.0309 5308 WerSvc - ok
09:32:55.0313 5308 WfpLwf - ok
09:32:55.0317 5308 WIMMount - ok
09:32:55.0321 5308 WinDefend - ok
09:32:55.0326 5308 WinHttpAutoProxySvc - ok
09:32:55.0331 5308 Winmgmt - ok
09:32:55.0335 5308 WinRM - ok
09:32:55.0341 5308 WinUsb - ok
09:32:55.0346 5308 Wlansvc - ok
09:32:55.0349 5308 wlcrasvc - ok
09:32:55.0353 5308 wlidsvc - ok
09:32:55.0357 5308 wltrysvc - ok
09:32:55.0361 5308 WmiAcpi - ok
09:32:55.0367 5308 wmiApSrv - ok
09:32:55.0371 5308 WMPNetworkSvc - ok
09:32:55.0375 5308 WPCSvc - ok
09:32:55.0379 5308 WPDBusEnum - ok
09:32:55.0384 5308 ws2ifsl - ok
09:32:55.0388 5308 wscsvc - ok
09:32:55.0392 5308 WSearch - ok
09:32:55.0398 5308 wuauserv - ok
09:32:55.0402 5308 WudfPf - ok
09:32:55.0405 5308 WUDFRd - ok
09:32:55.0409 5308 wudfsvc - ok
09:32:55.0414 5308 WwanSvc - ok
09:32:55.0420 5308 ================ Scan global ===============================
09:32:55.0422 5308 [Global] - ok
09:32:55.0424 5308 ================ Scan MBR ==================================
09:32:55.0455 5308 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:32:56.0470 5308 \Device\Harddisk0\DR0 - ok
09:32:56.0477 5308 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
09:33:04.0178 5308 \Device\Harddisk2\DR2 - ok
09:33:04.0179 5308 ================ Scan VBR ==================================
09:33:04.0209 5308 [ A955343372021254E6A3812574F330F3 ] \Device\Harddisk0\DR0\Partition1
09:33:04.0211 5308 \Device\Harddisk0\DR0\Partition1 - ok
09:33:04.0221 5308 [ BA62D8FC1CDA4334A841473421931005 ] \Device\Harddisk0\DR0\Partition2
09:33:04.0222 5308 \Device\Harddisk0\DR0\Partition2 - ok
09:33:04.0247 5308 [ F1167C4E8D022AE26BA930C74EC49967 ] \Device\Harddisk0\DR0\Partition3
09:33:04.0249 5308 \Device\Harddisk0\DR0\Partition3 - ok
09:33:04.0253 5308 [ 6B4ED82E42BE41424E5AB9CD4832E9E9 ] \Device\Harddisk2\DR2\Partition1
09:33:04.0255 5308 \Device\Harddisk2\DR2\Partition1 - ok
09:33:04.0255 5308 ============================================================
09:33:04.0255 5308 Scan finished
09:33:04.0255 5308 ============================================================
09:33:04.0262 6852 Detected object count: 0
09:33:04.0263 6852 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-20 09:35:08
-----------------------------
09:35:08.394 OS Version: Windows x64 6.1.7601 Service Pack 1
09:35:08.394 Number of processors: 4 586 0x2505
09:35:08.394 ComputerName: CLARK-B UserName: BRUCE
09:35:10.249 Initialize success
09:35:32.786 AVAST engine defs: 12082000
09:35:48.858 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:35:48.860 Disk 0 Vendor: TOSHIBA_ MC00 Size: 238475MB BusType: 8
09:35:48.879 Disk 0 MBR read successfully
09:35:48.881 Disk 0 MBR scan
09:35:48.886 Disk 0 Windows VISTA default MBR code
09:35:48.889 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
09:35:48.897 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 753 MB offset 81920
09:35:48.908 Disk 0 Partition 3 00 07 HPFS/NTFS 235632 MB offset 1624064
09:35:48.914 Disk 0 Partition - 00 0F Extended LBA 2050 MB offset 484198400
09:35:48.943 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 2049 MB offset 484200448
09:35:48.977 Disk 0 scanning C:\Windows\system32\drivers
09:35:48.982 Service scanning
09:36:23.271 Modules scanning
09:36:23.283 Disk 0 trace - called modules:
09:36:23.331 ntoskrnl.exe CLASSPNP.SYS disk.sys stdfltn.sys ACPI.sys iaStor.sys hal.dll
09:36:23.337 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006454060]
09:36:23.342 3 CLASSPNP.SYS[fffff88001b8e43f] -> nt!IofCallDriver -> [0xfffffa80062f3ad0]
09:36:23.347 5 stdfltn.sys[fffff88001ab0af2] -> nt!IofCallDriver -> [0xfffffa80043e4b20]
09:36:23.352 7 ACPI.sys[fffff88000d597a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80043e9050]
09:36:25.442 AVAST engine scan C:\Windows
09:36:25.457 AVAST engine scan C:\Windows\system32
09:36:25.466 AVAST engine scan C:\Windows\system32\drivers
09:36:25.472 AVAST engine scan C:\Users\bruce.CSASTAFF1
09:36:25.479 AVAST engine scan C:\ProgramData
09:36:25.483 Scan finished successfully
09:37:17.245 Disk 0 MBR has been saved successfully to "G:\2\MBR.dat"
09:37:17.272 The log file has been saved successfully to "G:\2\aswMBR.txt"

ESET came back with nothing. Didnt produce list button.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:15 AM

Posted 20 August 2012 - 11:17 AM

Can you post the location of file detected as Trojan gen 2?

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Edited by narenxp, 20 August 2012 - 11:18 AM.


#5 Coldham

Coldham
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 20 August 2012 - 11:26 AM

"Can you post the location of file detected as Trojan gen 2?"

Here you go. This is a small sample from the SAV log.

DWH431A.tmp C:\Users\bruce.CSASTAFF1\AppData\Local\temp\
DWHF8D2.tmp C:\Users\bruce.CSASTAFF1\AppData\Local\temp\
DWHAA93.tmp C:\Users\bruce.CSASTAFF1\AppData\Local\temp\
DWH603B.tmp C:\Users\bruce.CSASTAFF1\AppData\Local\temp\
DWH19D9.tmp C:\Users\bruce.CSASTAFF1\AppData\Local\temp\
DWHD377.tmp C:\Users\bruce.CSASTAFF1\AppData\Local\temp\
DWH8D15.tmp C:\Users\bruce.CSASTAFF1\AppData\Local\temp\


Ill get started on the other stuff right away.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:15 AM

Posted 20 August 2012 - 11:35 AM

Malwarebytes should remove them :thumbup2:

#7 Coldham

Coldham
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 20 August 2012 - 02:23 PM

MALWAREBYTES came back clean with first scan (been coming back clean. i have scanned this pc before today)

MINITOOLBOX
MiniToolBox by Farbar Version: 23-07-2012
Ran by BRUCE (administrator) on 20-08-2012 at 13:56:41
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

DW1520 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
SonicWALL NetExtender Adapter = Local Area Connection 2 (Connected)
Intel® 82577LM Gigabit Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : clark-b
Primary Dns Suffix . . . . . . . : csa1.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : csa1.com

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : csa1.com
Description . . . . . . . . . . . : DW1520 Wireless-N WLAN Half-Mini Card
Physical Address. . . . . . . . . : 90-00-4E-19-15-AC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e4d6:6169:ed38:7f16%12(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.148.23(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Lease Obtained. . . . . . . . . . : Friday, August 17, 2012 2:03:25 PM
Lease Expires . . . . . . . . . . : Tuesday, August 28, 2012 2:03:26 PM
Default Gateway . . . . . . . . . : 10.1.150.254
DHCP Server . . . . . . . . . . . : 1.1.1.1
DHCPv6 IAID . . . . . . . . . . . : 244318286
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-20-3D-9A-5C-26-0A-47-BE-AC
DNS Servers . . . . . . . . . . . : 10.1.150.221
10.1.150.202
Primary WINS Server . . . . . . . : 10.1.150.221
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : csa1.com
Description . . . . . . . . . . . : Intel® 82577LM Gigabit Network Connection
Physical Address. . . . . . . . . : 5C-26-0A-47-BE-AC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {8C84A5E7-350E-4C28-B31A-B61196141A9D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : csa1.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #11
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: oprsvr2.csa1.com
Address: 10.1.150.221

Name: google.com
Addresses: 2607:f8b0:4002:802::1000
74.125.134.113
74.125.134.101
74.125.134.102
74.125.134.138
74.125.134.100
74.125.134.139


Pinging google.com [74.125.134.113] with 32 bytes of data:
Reply from 74.125.134.113: bytes=32 time=29ms TTL=47
Reply from 74.125.134.113: bytes=32 time=25ms TTL=47

Ping statistics for 74.125.134.113:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 29ms, Average = 27ms
Server: oprsvr2.csa1.com
Address: 10.1.150.221

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=79ms TTL=47
Reply from 98.138.253.109: bytes=32 time=117ms TTL=47

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 79ms, Maximum = 117ms, Average = 98ms
Server: oprsvr2.csa1.com
Address: 10.1.150.221

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...90 00 4e 19 15 ac ......DW1520 Wireless-N WLAN Half-Mini Card
10...5c 26 0a 47 be ac ......Intel® 82577LM Gigabit Network Connection
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #11
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.150.254 10.1.148.23 25
10.1.144.0 255.255.240.0 On-link 10.1.148.23 281
10.1.148.23 255.255.255.255 On-link 10.1.148.23 281
10.1.159.255 255.255.255.255 On-link 10.1.148.23 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.1.148.23 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.1.148.23 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 281 fe80::/64 On-link
12 281 fe80::e4d6:6169:ed38:7f16/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/20/2012 10:25:16 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan.Gen.2 in File: C:\Users\bruce.CSASTAFF1\AppData\Local\temp\DWHFE7A.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (08/20/2012 10:25:15 AM) (Source: Symantec AntiVirus) (User: )
Description: Risk Found!Risk: Trojan.Gen.2 in File: C:\Users\bruce.CSASTAFF1\AppData\Local\temp\DWHFE7A.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (08/20/2012 10:25:15 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan.Gen.2 in File: C:\Users\bruce.CSASTAFF1\AppData\Local\temp\DWHFE7A.tmp by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Error: (08/20/2012 10:24:54 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan.Gen.2 in File: C:\Users\bruce.CSASTAFF1\AppData\Local\temp\DWHF8D2.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (08/20/2012 10:24:53 AM) (Source: Symantec AntiVirus) (User: )
Description: Risk Found!Risk: Trojan.Gen.2 in File: C:\Users\bruce.CSASTAFF1\AppData\Local\temp\DWHF8D2.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (08/20/2012 10:24:53 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan.Gen.2 in File: C:\Users\bruce.CSASTAFF1\AppData\Local\temp\DWHF8D2.tmp by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Error: (08/20/2012 10:24:30 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan.Gen.2 in File: C:\Users\bruce.CSASTAFF1\AppData\Local\temp\DWHF855.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (08/20/2012 10:24:29 AM) (Source: Symantec AntiVirus) (User: )
Description: Risk Found!Risk: Trojan.Gen.2 in File: C:\Users\bruce.CSASTAFF1\AppData\Local\temp\DWHF855.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (08/20/2012 10:24:29 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan.Gen.2 in File: C:\Users\bruce.CSASTAFF1\AppData\Local\temp\DWHF855.tmp by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Error: (08/20/2012 10:24:08 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan.Gen.2 in File: C:\Users\bruce.CSASTAFF1\AppData\Local\temp\DWHF565.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.


System errors:
=============
Error: (08/17/2012 02:03:24 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (08/17/2012 02:03:22 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain CSASTAFF1 due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (08/17/2012 01:15:15 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (08/17/2012 01:15:13 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain CSASTAFF1 due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (08/16/2012 07:57:21 AM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain CSASTAFF1 due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (08/06/2012 10:23:38 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (08/06/2012 10:23:37 AM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain CSASTAFF1 due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (08/06/2012 09:56:55 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (08/06/2012 09:55:59 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (08/06/2012 09:55:53 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (08/20/2012 10:25:16 AM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan.Gen.2 in File: C:\Users\bruce.CSASTAFF1\AppData\Local\temp\DWHFE7A.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (08/20/2012 10:25:15 AM) (Source: Symantec AntiVirus)(User: )
Description: Risk Found!Risk: Trojan.Gen.2 in File: C:\Users\bruce.CSASTAFF1\AppData\Local\temp\DWHFE7A.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (08/20/2012 10:25:15 AM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan.Gen.2 in File: C:\Users\bruce.CSASTAFF1\AppData\Local\temp\DWHFE7A.tmp by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Error: (08/20/2012 10:24:54 AM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan.Gen.2 in File: C:\Users\bruce.CSASTAFF1\AppData\Local\temp\DWHF8D2.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (08/20/2012 10:24:53 AM) (Source: Symantec AntiVirus)(User: )
Description: Risk Found!Risk: Trojan.Gen.2 in File: C:\Users\bruce.CSASTAFF1\AppData\Local\temp\DWHF8D2.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (08/20/2012 10:24:53 AM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan.Gen.2 in File: C:\Users\bruce.CSASTAFF1\AppData\Local\temp\DWHF8D2.tmp by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Error: (08/20/2012 10:24:30 AM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan.Gen.2 in File: C:\Users\bruce.CSASTAFF1\AppData\Local\temp\DWHF855.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (08/20/2012 10:24:29 AM) (Source: Symantec AntiVirus)(User: )
Description: Risk Found!Risk: Trojan.Gen.2 in File: C:\Users\bruce.CSASTAFF1\AppData\Local\temp\DWHF855.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (08/20/2012 10:24:29 AM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan.Gen.2 in File: C:\Users\bruce.CSASTAFF1\AppData\Local\temp\DWHF855.tmp by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Error: (08/20/2012 10:24:08 AM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan.Gen.2 in File: C:\Users\bruce.CSASTAFF1\AppData\Local\temp\DWHF565.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.


=========================== Installed Programs ============================

AccelerometerP11 (Version: 2.00.00.12)
Adobe Acrobat X Pro - English, Franšais, Deutsch (Version: 10.1.4)
Adobe Download Manager (Version: 1.6.2.102)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
BioAPI Framework (Version: 1.0.2)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Custom (Version: 12.34.56.789)
CyberLink PowerDVD 9.5 (Version: 9.5.1.3225)
D3DX10 (Version: 15.4.2368.0902)
Default (Version: 11.01.006)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell ControlVault Host Components Installer 64 bit (Version: 2.0.20.159)
Dell Data Protection | Access (Version: 01.01.00.085)
Dell Data Protection | Access (Version: 2.0.00000.085)
Dell Data Protection | Access | Drivers (Version: 1.00.011)
Dell Data Protection | Access | Middleware (Version: 1.00.005)
Dell Edoc Viewer (Version: 1.0.0)
Dell System Manager (Version: 1.5.00000)
Dell Touchpad (Version: 7.1107.101.205)
DellAccess (Version: 01.01.00.053)
Descriptions Now 5.13 (Version: 5.13.0003)
DirectX 9 Runtime (Version: 1.00.0000)
doPDF 7.2 printer
Dropbox (Version: 1.4.7)
DW WLAN Card Utility (Version: 5.60.48.35)
EMBASSY Security Center (Version: 04.03.00.067)
eReg (Version: 1.20.138.34)
ESET Online Scanner v3
Gemalto (Version: 01.64.01.0010)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.115)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
HP Software Update (Version: 2.0.37.20031205)
HR Comply
HumanConcepts OrgPlus 4.0
HumanConcepts OrgPlus 6 (Version: 6.0.0)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2182)
Intel® Network Connections 15.2.89.0 (Version: 15.2.89.0)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 23 (64-bit) (Version: 6.0.230)
Java™ 6 Update 26 (Version: 6.0.260)
Junk Mail filter update (Version: 15.4.3502.0922)
Lawson Interface Desktop (200805) 9.0.1.2 (Version: 9.0.1.2)
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.26)
Logitech SetPoint 6.22 (Version: 6.22.24)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Lync 2010 (Version: 4.0.7577.4103)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Online Services Sign-in Assistant (Version: 7.250.4287.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NTRU TCG Software Stack (Version: 2.1.34)
PC-CCID (Version: 2.0.0)
People Manager 3.04 (Version: 3.04)
Performance Now 4.01 (Version: 4.01)
Performance Now 401 (Version: 4.01.0002)
PhotoShowExpress (Version: 2.0.063)
Photosmart 140,240,7200,7600,7700,7900 Series (Version: 2.0)
Policies Now 6.01 (Version: 6.01)
Policies Now 6.01 (Version: 6.01.0002 - (setup build 0002))
Preboot Manager (Version: 03.03.00.049)
Private Information Manager (Version: 07.01.00.007)
PSShortcutsP (Version: 1.01.0000)
PSUsage (Version: 1.30.0000)
QFolder (Version: 1.00.0000)
RBVirtualFolder64Inst (Version: 1.00.0000)
Reader 2.1 (Version: 2.1.2.1143)
Remote Backup (Version: 11.01.006)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
SonicWALL SSL-VPN NetExtender (Version: 4.0.134)
SPBA 5.9 (Version: 5.9.4.6686)
Symantec AntiVirus Win64 (Version: 10.2.298.0)
Trusted Drive Manager (Version: 4.0.0.512)
UltraVNC 1.0.8.2 (Version: 1.0.8.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Upek Touchchip Fingerprint Reader (Version: 1.2.004)
Wave Infrastructure Installer (Version: 07.66.40.0008)
Wave Support Software Installer (Version: 05.13.00.014)
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 55%
Total physical RAM: 3957.83 MB
Available physical RAM: 1748.17 MB
Total Pagefile: 7913.85 MB
Available Pagefile: 4387.45 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.51 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:230.11 GB) (Free:158.39 GB) NTFS
2 Drive d: (READER) (Fixed) (Total:2 GB) (Free:1.55 GB) NTFS
5 Drive g: (SILVER) (Removable) (Total:3.72 GB) (Free:3.7 GB) FAT32

========================= Users: ========================================

User accounts for \\CLARK-B

admin Administrator bruce
back Guest


**** End of log ****

FSS
Farbar Service Scanner Version: 06-08-2012
Ran by BRUCE (administrator) on 20-08-2012 at 13:59:42
Running from "G:\Second Set\3"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

ADWCLEANER
# AdwCleaner v1.801 - Logfile created 08/20/2012 at 14:00:56
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : BRUCE - CLARK-B
# Boot Mode : Normal
# Running from : G:\Second Set\4\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [624 octets] - [20/08/2012 14:00:56]

########## EOF - C:\AdwCleaner[S1].txt - [751 octets] ##########
# AdwCleaner v1.801 - Logfile created 08/20/2012 at 14:00:56
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : BRUCE - CLARK-B
# Boot Mode : Normal
# Running from : G:\Second Set\4\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [624 octets] - [20/08/2012 14:00:56]

########## EOF - C:\AdwCleaner[S1].txt - [751 octets] ##########

RKILL
Rkill 2.2.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/20/2012 02:06:15 PM in x64 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Windows\SysWOW64\hphmon05.exe (PID: 2292) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@" was reset to comfile!


Performing miscellaneous checks.

* No issues found.

Checking Windows Service Integrity:

* atapi => \SystemRoot\system32\drivers\atapi.sys [Incorrect ImagePath]
* pcmcia => system32\DRIVERS\pcmcia.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:
* No issues found.

Program finished at: 08/20/2012 02:06:51 PM
Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:15 AM

Posted 20 August 2012 - 09:00 PM

Press windows+R key and type

%temp% and click ok

Now delete all the files located in the folder

Restart the PC and let me know if symantec detects trojan again

#9 Coldham

Coldham
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 21 August 2012 - 09:01 AM

This happened right after deletion. Its almost like it knows im on its trail.....

Risk Action Count Filename Risk Type Original Location Date
Trojan.Gen.2 Quarantined 2 DWHA363.tmp File C:\Users\bruce.CSASTAFF1\AppData\Local\temp\ 8/21/2012 8:09
Trojan.Gen.2 Quarantined 2 DWHC9B7.tmp File C:\Users\bruce.CSASTAFF1\AppData\Local\temp\ 8/21/2012 8:09
Trojan.Gen.2 Quarantined 2 DWHB8C6.tmp File C:\Users\bruce.CSASTAFF1\AppData\Local\temp\ 8/21/2012 8:08
Trojan.Gen.2 Quarantined 2 DWHCE1A.tmp File C:\Users\bruce.CSASTAFF1\AppData\Local\temp\ 8/21/2012 8:08
Trojan.Gen.2 Quarantined 2 DWHF192.tmp File C:\Users\bruce.CSASTAFF1\AppData\Local\temp\ 8/21/2012 8:08
Trojan.Gen.2 Quarantined 2 DWHF2F8.tmp File C:\Users\bruce.CSASTAFF1\AppData\Local\temp\ 8/21/2012 8:07
Trojan.Gen.2 Quarantined 2 DWH823C.tmp File C:\Users\bruce.CSASTAFF1\AppData\Local\temp\ 8/21/2012 8:07
Trojan.Gen.2 Quarantined 2 DWH140F.tmp File C:\Users\bruce.CSASTAFF1\AppData\Local\temp\ 8/21/2012 8:06
Trojan.Gen.2 Quarantined 2 DWH5E67.tmp File C:\Users\bruce.CSASTAFF1\AppData\Local\temp\ 8/21/2012 8:06
Trojan.Gen.2 Quarantined 2 DWH83B3.tmp File C:\Users\bruce.CSASTAFF1\AppData\Local\temp\ 8/21/2012 8:06
Trojan.Gen.2 Quarantined 2 DWH3D41.tmp File C:\Users\bruce.CSASTAFF1\AppData\Local\temp\ 8/21/2012 8:05
Trojan.Gen.2 Quarantined 2 DWH67E9.tmp File C:\Users\bruce.CSASTAFF1\AppData\Local\temp\ 8/21/2012 8:05
Trojan.Gen.2 Quarantined 2 DWH1C59.tmp File C:\Users\bruce.CSASTAFF1\AppData\Local\temp\ 8/21/2012 8:04
Trojan.Gen.2 Quarantined 2 DWH37F4.tmp File C:\Users\bruce.CSASTAFF1\AppData\Local\temp\ 8/21/2012 8:04
Trojan.Gen.2 Quarantined 2 DWH4923.tmp File C:\Users\bruce.CSASTAFF1\AppData\Local\temp\ 8/21/2012 8:04
Trojan.Gen.2 Quarantined 2 DWH6F5.tmp File C:\Users\bruce.CSASTAFF1\AppData\Local\temp\ 8/21/2012 8:03
Trojan.Gen.2 Quarantined 2 DWH5524.tmp File C:\Users\bruce.CSASTAFF1\AppData\Local\temp\ 8/21/2012 8:03
Trojan.Gen.2 Quarantined 2 DWHA8B0.tmp File C:\Users\bruce.CSASTAFF1\AppData\Local\temp\ 8/21/2012 8:03
Trojan.Gen.2 Quarantined 2 DWH6A88.tmp File C:\Users\bruce.CSASTAFF1\AppData\Local\temp\ 8/21/2012 8:02

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:15 AM

Posted 21 August 2012 - 09:06 AM

Something keeps on recreating files

We need advanced tools to remove this one

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users