Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox 14 opens blank tabs while reading Google RSS feeds


  • This topic is locked This topic is locked
50 replies to this topic

#1 kkoz83

kkoz83

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 20 August 2012 - 12:22 PM

Hi guys, how are you? My laptop is having an issue in Firefox. While using Google's RSS Reader to read my feeds, I get randomly open new tabs that have various different links but are completely blank or have very weird scroll bars inside.

I ran the following in plain safe mode with newest updates: Spybot (clean), Malware full scan (clean), Norton Internet Security full scan (clean) & TSSDKiller (found one threat, rescan was clean).

Should I follow this thread (www.bleepingcomputer.com/forums/topic462907.html/page__p__2790786__hl__firefox+random+tab__fromsearch__1#entry2790786) or post my own logs? Thanks :)

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 AM

Posted 25 August 2012 - 12:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465907 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 25 August 2012 - 08:58 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Owner at 21:53:58 on 2012-08-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.1559 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Management\Engine\3.0.0.133\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\windows\system32\fxssvc.exe
C:\windows\system32\svchost.exe -k bthaudiosvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Program Files (x86)\Norton Management\Engine\3.0.0.133\ccSvcHst.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\Users\Owner\AppData\Local\Temp\Rar$EX90.824\Core Temp.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Users\Owner\Downloads\procexp.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Users\Owner\Downloads\procexp64.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\System32\Magnify.exe
C:\windows\system32\taskeng.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://support.lenovo.com/en_US/default.page?
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - C:\Users\Owner\Desktop\eBay Toolbar2\eBayTB.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: QTTabBar AutoLoader: {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
TB: QTTabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll
TB: QTTab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Gadu-Gadu 10] "C:\Program Files (x86)\Gadu-Gadu 10\gg.exe"
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [ctfmon.exe] C:\windows\system32\ctfmon.exe
uRun: [TabExplorer] "C:\Program Files (x86)\TabExplorer\TabExplorerStarter.exe" /systemstartup
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PROCEX~1.LNK - C:\Users\Owner\Downloads\procexp.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: C:\Users\Owner\Desktop\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 216.144.187.101 204.186.80.251 216.144.187.199
TCP: Interfaces\{97EF8477-0296-4A1D-8BA8-35E7429B0A80} : DhcpNameServer = 216.144.187.101 204.186.80.251 216.144.187.199
TCP: Interfaces\{AB3830B5-3F34-42A6-8F52-87A5C98A976A} : DhcpNameServer = 216.144.187.101 204.186.80.251 216.144.187.199
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
IFEO: taskmgr.exe - "C:\USERS\OWNER\DOWNLOADS\PROCEXP.EXE"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
C:\Users\Owner\Desktop\eBay Toolbar2\eBayTB.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: QTTabBar AutoLoader: {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} - mscoree.dll
BHO-X64: QTTabBar AutoLoader - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
TB-X64: QTTabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll
TB-X64: QTTab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun-x64: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE-X64: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IFEO-X64: taskmgr.exe - "C:\USERS\OWNER\DOWNLOADS\PROCEXP.EXE"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7one8w6i.default\
FF - prefs.js: browser.startup.homepage - ptd.net|ebay.com|logmein.com|mail.google.com|msn.com|yahoo.com|hxxps://encrypted.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7one8w6i.default\extensions\LogMeInClient@logmein.com\plugins\npLMI64.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7one8w6i.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;C:\windows\system32\Drivers\BtHidBus.sys --> C:\windows\system32\Drivers\BtHidBus.sys [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120804.001\BHDrvx64.sys [2012-8-8 1161376]
R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\windows\system32\drivers\MCLIENTx64\0300000.085\ccSetx64.sys --> C:\windows\system32\drivers\MCLIENTx64\0300000.085\ccSetx64.sys [?]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys --> C:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120824.001\IDSviA64.sys [2012-8-24 512672]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-9-24 296808]
R2 HFGService;Handsfree Headset Service;C:\windows\system32\svchost.exe -k bthaudiosvc [2009-7-13 20992]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-5-29 13336]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-7-6 375208]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\windows\system32\drivers\LMIRfsDriver.sys --> C:\windows\system32\drivers\LMIRfsDriver.sys [?]
R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\3.0.0.133\ccSvcHst.exe [2012-7-8 143928]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe [2012-8-14 138272]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-23 1153368]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-16 2673064]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-29 2320920]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 BthAudioHF;BthAudioHF Service;C:\windows\system32\DRIVERS\BthAudioHF.sys --> C:\windows\system32\DRIVERS\BthAudioHF.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-8 138912]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 radpms;Driver for RADPMS Device;C:\windows\system32\DRIVERS\radpms.sys --> C:\windows\system32\DRIVERS\radpms.sys [?]
R3 usbsmi;Lenovo EasyCamera;C:\windows\system32\DRIVERS\SMIksdrv.sys --> C:\windows\system32\DRIVERS\SMIksdrv.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdmirror;wdmirror;C:\windows\system32\DRIVERS\WDMirror.sys --> C:\windows\system32\DRIVERS\WDMirror.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-1-11 15928]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-4 250568]
S3 Bridge0;Bridge0;C:\windows\system32\drivers\WDBridge.sys --> C:\windows\system32\drivers\WDBridge.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;C:\windows\system32\Drivers\btnetBus.sys --> C:\windows\system32\Drivers\btnetBus.sys [?]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 cpuz135;cpuz135;C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-3-8 23816]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-8-13 135584]
S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152]
S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\windows\system32\Drivers\IvtBtBus.sys --> C:\windows\system32\Drivers\IvtBtBus.sys [?]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-5-29 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-5-29 579400]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 113120]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
.
=============== Created Last 30 ================
.
2012-08-26 01:51:18 607260 ------r- C:\Users\Owner\dds.com
2012-08-20 02:37:56 4731392 ----a-w- C:\Users\Owner\aswMBR.exe
2012-08-19 17:45:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-15 02:06:35 552448 ----a-w- C:\windows\System32\drivers\bthport.sys
2012-08-15 02:01:41 67584 ----a-w- C:\windows\splwow64.exe
2012-08-15 02:01:40 751104 ----a-w- C:\windows\System32\win32spl.dll
2012-08-15 02:01:40 559104 ----a-w- C:\windows\System32\spoolsv.exe
2012-08-15 02:01:40 503808 ----a-w- C:\windows\System32\srcore.dll
2012-08-15 02:01:40 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
2012-08-15 02:01:40 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2012-08-15 02:01:40 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-08-15 02:01:39 956416 ----a-w- C:\windows\System32\localspl.dll
2012-08-15 02:01:33 58880 ----a-w- C:\windows\System32\browcli.dll
2012-08-15 02:01:33 41472 ----a-w- C:\windows\SysWow64\browcli.dll
2012-08-15 02:01:33 136704 ----a-w- C:\windows\System32\browser.dll
2012-08-15 01:51:12 405624 ----a-w- C:\windows\System32\drivers\NISx64\1308000.00E\symnets.sys
2012-08-15 01:51:12 1129120 ----a-w- C:\windows\System32\drivers\NISx64\1308000.00E\symefa64.sys
2012-08-15 01:51:11 737952 ----a-w- C:\windows\System32\drivers\NISx64\1308000.00E\srtsp64.sys
2012-08-15 01:51:11 451192 ----a-r- C:\windows\System32\drivers\NISx64\1308000.00E\symds64.sys
2012-08-15 01:51:11 37536 ----a-w- C:\windows\System32\drivers\NISx64\1308000.00E\srtspx64.sys
2012-08-15 01:51:11 190072 ----a-w- C:\windows\System32\drivers\NISx64\1308000.00E\ironx64.sys
2012-08-15 01:51:11 167072 ----a-w- C:\windows\System32\drivers\NISx64\1308000.00E\ccsetx64.sys
2012-08-15 01:49:44 -------- d-----w- C:\windows\System32\drivers\NISx64\1308000.00E
2012-08-14 03:04:50 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-08-14 03:04:23 -------- d-----w- C:\Program Files (x86)\Futuremark
2012-07-30 22:56:34 -------- d-----w- C:\Users\Owner\AppData\Roaming\QTTabBar
2012-07-28 16:15:39 -------- d-----w- C:\Users\Owner\AppData\Roaming\iWesoft
2012-07-28 16:15:32 -------- d-----w- C:\Users\Owner\AppData\Local\iWesoft
2012-07-28 16:12:54 -------- d-----w- C:\Program Files (x86)\QTTabBar
2012-07-28 16:06:43 13259428 ----a-w- C:\Users\Owner\FreeScreenCapturer.exe
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-08-22 02:07:57 73416 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 02:07:57 696520 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-07-23 02:29:51 87488 ----a-w- C:\windows\System32\LMIRfsClientNP.dll
2012-07-23 02:29:51 80800 ----a-w- C:\windows\System32\LMIinit.dll
2012-07-23 02:29:51 34720 ----a-w- C:\windows\System32\LMIport.dll
2012-07-03 17:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-12 02:28:08 158176 ----a-w- C:\Users\Owner\HC2Setup64.exe
2012-06-06 05:50:50 2003968 ----a-w- C:\windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 05:38:26 95088 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
.
============= FINISH: 21:54:41.10 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/27/2010 4:03:57 PM
System Uptime: 8/25/2012 9:16:02 PM (0 hours ago)
.
Motherboard: LENOVO | | Base Board Product Name
Processor: Intel® Core™ i5 CPU M 450 @ 2.40GHz | CPU | 2400/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 254 GiB total, 156.127 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 28.086 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP17: 7/7/2012 4:00:53 PM - ComboFix created restore point
RP18: 7/10/2012 9:49:37 PM - Windows Update
RP19: 7/28/2012 12:12:31 PM - Installed QTTabBar 1.5.0.0 Beta 2
RP20: 7/28/2012 12:15:06 PM - Installed TabExplorer
RP21: 7/28/2012 12:17:54 PM - Removed TabExplorer
RP22: 8/14/2012 10:01:48 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
BDlot DVD ISO Master 2.0.0
Broadcom 802.11 Wireless Driver
Chanalyzer 4
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Device Doctor v1.0
Digsby
DivX Setup
Dragon NaturallySpeaking 11
Energy Management
Foxit PDF Editor
Freeraser
Futuremark SystemInfo
Gadu-Gadu 10
Google Talk Plugin
HiJackThis
Hoyle Casino 2010 (remove only)
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
Lenovo DirectShare
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo ReadyComm 5
Lenovo ReadyComm 5.0 Service
Lenovo Smile Dock
Lenovo YouCam
LogMeIn
Magical Jelly Bean KeyFinder
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MozBackup 1.5.1
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Norton Management
OCCT Perestroika 3.1.0
oDesk Team
Office Tab Free Edition 8.00
Onekey Theater
PC Wizard 2012.2.0
QTTabBar 1.5.0.0 Beta 2
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek USB 2.0 Card Reader
Rylstim Screen Recorder
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
SilentEye
Skype™ 5.10
SopCast 3.4.0
Spybot - Search & Destroy
StreamTorrent 1.0
System Requirements Lab CYRI
System Requirements Lab for Intel
System Update
TeamViewer 7
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Media Player Firefox Plugin
XviD Video Codec (remove only)
.
==== Event Viewer Messages From Past Week ========
.
8/25/2012 9:18:47 PM, Error: Service Control Manager [7000] - The ReadyComm.DirectRouter service failed to start due to the following error: The system cannot find the file specified.
8/25/2012 9:16:40 PM, Error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 10:14:30 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/21/2012 10:14:30 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
8/21/2012 10:14:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
8/19/2012 9:00:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
8/19/2012 9:00:22 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/19/2012 1:48:25 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/19/2012 1:48:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/19/2012 1:48:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/19/2012 1:48:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/19/2012 1:48:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/19/2012 1:48:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/19/2012 1:48:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/19/2012 1:47:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_MCLIENT ccSet_NIS DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS Tcpip tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
8/19/2012 1:47:49 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/19/2012 1:47:49 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/19/2012 1:47:49 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/19/2012 1:47:49 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/19/2012 1:47:49 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/19/2012 1:47:49 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/19/2012 1:47:49 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/19/2012 1:47:49 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/19/2012 1:47:49 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/19/2012 1:47:49 PM, Error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
8/19/2012 1:47:49 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/19/2012 1:47:49 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:48 AM

Posted 26 August 2012 - 01:40 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 26 August 2012 - 11:59 AM

Results of screen317's Security Check version 0.99.46
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

#6 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 26 August 2012 - 01:02 PM

ComboFix 12-08-25.04 - Owner 08/26/2012 13:03:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2449 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Open
c:\program files (x86)\Open\java\jre-windows-i586.exe
c:\program files (x86)\Open\licenses\license_en-US.html
c:\program files (x86)\Open\licenses\license_en-US.txt
c:\program files (x86)\Open\openofficeorg1.cab
c:\program files (x86)\Open\openofficeorg33.msi
c:\program files (x86)\Open\readmes\readme_en-US.html
c:\program files (x86)\Open\readmes\readme_en-US.txt
c:\program files (x86)\Open\redist\vcredist_x64.exe
c:\program files (x86)\Open\redist\vcredist_x86.exe
c:\program files (x86)\Open\setup.exe
c:\program files (x86)\Open\setup.ini
c:\users\Owner\AppData\Local\Temp\Rar$EX90.824\Core Temp.exe
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\procexp.exe.lnk
c:\users\Owner\aswMBR.exe
c:\users\Owner\FreeScreenCapturer.exe
c:\users\Owner\SecurityCheck.exe
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2012-08-26 17:07 . 2012-08-26 17:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-26 17:07 . 2012-08-26 17:07 -------- d-----w- c:\users\Backup\AppData\Local\temp
2012-08-19 17:45 . 2012-08-19 17:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-15 02:06 . 2012-07-06 19:58 552448 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 02:01 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe
2012-08-15 02:01 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 02:01 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 02:01 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 02:01 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 02:01 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 02:01 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 02:01 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 02:01 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 02:01 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 02:01 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 02:01 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 01:49 . 2012-08-16 01:21 -------- d-----w- c:\windows\system32\drivers\NISx64\1308000.00E
2012-08-14 03:04 . 2012-08-14 03:04 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-14 03:04 . 2012-08-14 03:04 -------- d-----w- c:\program files (x86)\Futuremark
2012-07-30 22:56 . 2012-07-30 22:56 -------- d-----w- c:\users\Owner\AppData\Roaming\QTTabBar
2012-07-28 16:15 . 2012-07-28 16:15 -------- d-----w- c:\users\Owner\AppData\Roaming\iWesoft
2012-07-28 16:15 . 2012-07-28 16:15 -------- d-----w- c:\users\Owner\AppData\Local\iWesoft
2012-07-28 16:12 . 2012-07-28 16:12 -------- d-----w- c:\program files (x86)\QTTabBar
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-22 02:07 . 2012-05-05 03:22 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 02:07 . 2012-05-05 03:22 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 02:02 . 2011-07-12 01:13 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-23 02:29 . 2011-07-20 19:02 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-07-23 02:29 . 2011-07-20 19:02 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-23 02:29 . 2011-07-20 19:02 80800 ----a-w- c:\windows\system32\LMIinit.dll
2012-07-03 17:46 . 2011-07-20 16:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 02:28 . 2012-06-12 02:28 158176 ----a-w- c:\users\Owner\HC2Setup64.exe
2012-06-09 05:30 . 2012-07-11 01:49 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 05:50 . 2012-07-11 01:49 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-11 01:49 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-11 01:49 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-11 01:49 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-02 22:19 . 2012-06-23 01:56 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 01:56 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 01:56 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 01:56 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 01:56 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 01:56 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 01:56 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-23 01:55 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-23 01:55 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:38 . 2012-07-11 01:49 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:38 . 2012-07-11 01:49 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37 . 2012-07-11 01:49 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:27 . 2012-07-11 01:49 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:27 . 2012-07-11 01:49 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:48 . 2012-07-11 01:49 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:48 . 2012-07-11 01:49 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:47 . 2012-07-11 01:49 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42 . 2012-07-11 01:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Gadu-Gadu 10"="c:\program files (x86)\Gadu-Gadu 10\gg.exe" [2011-07-04 13374048]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-09-24 222496]
"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-12 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-12 228448]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files (x86)\Digsby\digsby.exe [2010-3-3 141488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 250568]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 35848]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]
R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-02-07 23816]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 31624]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-23 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PORTMON;PORTMON;c:\users\Owner\Desktop\PORTMSYS.SYS [x]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 242720]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-29 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-08 24840]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2011-07-26 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120804.001\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENTx64\0300000.085\ccSetx64.sys [2012-05-25 168608]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-27 283200]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120824.001\IDSvia64.sys [2012-08-22 512672]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-09-24 296808]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-23 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-11 15928]
S2 MCLIENT;Norton Management;c:\program files (x86)\Norton Management\Engine\3.0.0.133\ccSvcHst.exe [2012-06-14 143928]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
S3 ALSysIO;ALSysIO;c:\users\Owner\AppData\Local\Temp\ALSysIO64.sys [x]
S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [2009-12-21 52224]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-12 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [2011-01-11 14944]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2010-01-22 197888]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
*Deregistered* - PROCEXP152
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 02:07]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4068814822-2034975643-3909918309-1002Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-26 18:47]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4068814822-2034975643-3909918309-1002UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-26 18:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-17 4367808]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-01-11 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://support.lenovo.com/en_US/default.page?
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: c:\users\Owner\Desktop\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 216.144.187.101 204.186.80.251 216.144.187.199
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77}
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7one8w6i.default\
FF - prefs.js: browser.startup.homepage - ptd.net|ebay.com|logmein.com|mail.google.com|msn.com|yahoo.com|hxxps://encrypted.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-TabExplorer - c:\program files (x86)\TabExplorer\TabExplorerStarter.exe
Wow6432Node-HKLM-Run-VeriFaceManager - c:\program files (x86)\Lenovo\VeriFace\PManage.exe
SafeBoot-54582020.sys
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MCLIENT]
"ImagePath"="\"c:\program files (x86)\Norton Management\Engine\3.0.0.133\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton Management\Engine\3.0.0.133\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-26 13:09:40
ComboFix-quarantined-files.txt 2012-08-26 17:09
.
Pre-Run: 167,448,866,816 bytes free
Post-Run: 167,063,400,448 bytes free
.
- - End Of File - - 4C4B601A23B687E73B227B868326735B

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:48 AM

Posted 26 August 2012 - 03:17 PM

Greetings kkoz83

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 26 August 2012 - 03:50 PM

16:46:18.0000 5112 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:46:18.0405 5112 ============================================================
16:46:18.0405 5112 Current date / time: 2012/08/26 16:46:18.0405
16:46:18.0405 5112 SystemInfo:
16:46:18.0405 5112
16:46:18.0405 5112 OS Version: 6.1.7600 ServicePack: 0.0
16:46:18.0405 5112 Product type: Workstation
16:46:18.0405 5112 ComputerName: PEGGY
16:46:18.0405 5112 UserName: Owner
16:46:18.0405 5112 Windows directory: C:\windows
16:46:18.0405 5112 System windows directory: C:\windows
16:46:18.0405 5112 Running under WOW64
16:46:18.0405 5112 Processor architecture: Intel x64
16:46:18.0405 5112 Number of processors: 4
16:46:18.0405 5112 Page size: 0x1000
16:46:18.0405 5112 Boot type: Normal boot
16:46:18.0405 5112 ============================================================
16:46:20.0059 5112 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:46:20.0075 5112 ============================================================
16:46:20.0075 5112 \Device\Harddisk0\DR0:
16:46:20.0075 5112 MBR partitions:
16:46:20.0075 5112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
16:46:20.0075 5112 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1FC49800
16:46:20.0090 5112 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1FCAE800, BlocksNum 0x39FD800
16:46:20.0090 5112 ============================================================
16:46:20.0153 5112 C: <-> \Device\Harddisk0\DR0\Partition2
16:46:20.0215 5112 D: <-> \Device\Harddisk0\DR0\Partition3
16:46:20.0215 5112 ============================================================
16:46:20.0215 5112 Initialize success
16:46:20.0215 5112 ============================================================
16:46:33.0459 3812 ============================================================
16:46:33.0459 3812 Scan started
16:46:33.0459 3812 Mode: Manual;
16:46:33.0459 3812 ============================================================
16:46:34.0817 3812 ================ Scan system memory ========================
16:46:34.0817 3812 System memory - ok
16:46:34.0817 3812 ================ Scan services =============================
16:46:35.0035 3812 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
16:46:35.0035 3812 1394ohci - ok
16:46:35.0066 3812 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
16:46:35.0082 3812 ACPI - ok
16:46:35.0113 3812 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
16:46:35.0144 3812 AcpiPmi - ok
16:46:35.0175 3812 [ DC201246A14CB3B274DF59FAF539AB07 ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
16:46:35.0191 3812 ACPIVPC - ok
16:46:35.0316 3812 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:46:35.0331 3812 AdobeARMservice - ok
16:46:35.0487 3812 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:46:35.0519 3812 AdobeFlashPlayerUpdateSvc - ok
16:46:35.0597 3812 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
16:46:35.0612 3812 adp94xx - ok
16:46:35.0659 3812 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
16:46:35.0659 3812 adpahci - ok
16:46:35.0690 3812 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
16:46:35.0706 3812 adpu320 - ok
16:46:35.0737 3812 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
16:46:35.0737 3812 AeLookupSvc - ok
16:46:35.0799 3812 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\windows\system32\drivers\afd.sys
16:46:35.0799 3812 AFD - ok
16:46:35.0846 3812 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\DRIVERS\agp440.sys
16:46:35.0846 3812 agp440 - ok
16:46:35.0909 3812 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
16:46:35.0909 3812 ALG - ok
16:46:35.0940 3812 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\DRIVERS\aliide.sys
16:46:35.0940 3812 aliide - ok
16:46:36.0096 3812 ALSysIO - ok
16:46:36.0158 3812 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\DRIVERS\amdide.sys
16:46:36.0174 3812 amdide - ok
16:46:36.0189 3812 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
16:46:36.0189 3812 AmdK8 - ok
16:46:36.0236 3812 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
16:46:36.0236 3812 AmdPPM - ok
16:46:36.0283 3812 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\windows\system32\drivers\amdsata.sys
16:46:36.0299 3812 amdsata - ok
16:46:36.0361 3812 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
16:46:36.0361 3812 amdsbs - ok
16:46:36.0408 3812 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\windows\system32\drivers\amdxata.sys
16:46:36.0408 3812 amdxata - ok
16:46:36.0657 3812 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\windows\system32\drivers\appid.sys
16:46:36.0657 3812 AppID - ok
16:46:36.0689 3812 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
16:46:36.0689 3812 AppIDSvc - ok
16:46:36.0767 3812 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\windows\System32\appinfo.dll
16:46:36.0767 3812 Appinfo - ok
16:46:36.0969 3812 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
16:46:36.0985 3812 arc - ok
16:46:37.0079 3812 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
16:46:37.0079 3812 arcsas - ok
16:46:37.0141 3812 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
16:46:37.0141 3812 AsyncMac - ok
16:46:37.0266 3812 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\DRIVERS\atapi.sys
16:46:37.0266 3812 atapi - ok
16:46:37.0547 3812 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:46:37.0562 3812 AudioEndpointBuilder - ok
16:46:37.0578 3812 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\windows\System32\Audiosrv.dll
16:46:37.0593 3812 AudioSrv - ok
16:46:37.0843 3812 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\windows\System32\AxInstSV.dll
16:46:37.0843 3812 AxInstSV - ok
16:46:38.0280 3812 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
16:46:38.0280 3812 b06bdrv - ok
16:46:38.0467 3812 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
16:46:38.0467 3812 b57nd60a - ok
16:46:39.0419 3812 [ 5B5C36B2EC500462A715DB6BCBAF5DA7 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
16:46:39.0434 3812 BCM43XX - ok
16:46:39.0512 3812 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
16:46:39.0512 3812 BDESVC - ok
16:46:39.0621 3812 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
16:46:39.0621 3812 Beep - ok
16:46:40.0214 3812 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\windows\System32\bfe.dll
16:46:40.0245 3812 BFE - ok
16:46:41.0135 3812 [ C8AB71A5102D0FC103F6DFC750005137 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120804.001\BHDrvx64.sys
16:46:41.0150 3812 BHDrvx64 - ok
16:46:41.0415 3812 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\windows\system32\qmgr.dll
16:46:41.0462 3812 BITS - ok
16:46:41.0556 3812 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
16:46:41.0556 3812 blbdrive - ok
16:46:41.0618 3812 BlueletSCOAudio - ok
16:46:41.0743 3812 [ 19D20159708E152267E53B66677A4995 ] bowser C:\windows\system32\DRIVERS\bowser.sys
16:46:41.0790 3812 bowser - ok
16:46:41.0868 3812 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
16:46:41.0883 3812 BrFiltLo - ok
16:46:41.0930 3812 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
16:46:41.0961 3812 BrFiltUp - ok
16:46:42.0289 3812 [ 34F786535F9245E4028C57B28248C9D8 ] Bridge0 C:\windows\system32\drivers\WDBridge.sys
16:46:42.0320 3812 Bridge0 - ok
16:46:42.0492 3812 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
16:46:42.0492 3812 BridgeMP - ok
16:46:42.0663 3812 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\windows\System32\browser.dll
16:46:42.0679 3812 Browser - ok
16:46:42.0773 3812 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
16:46:42.0773 3812 Brserid - ok
16:46:42.0819 3812 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
16:46:42.0819 3812 BrSerWdm - ok
16:46:42.0882 3812 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
16:46:42.0897 3812 BrUsbMdm - ok
16:46:42.0960 3812 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
16:46:42.0960 3812 BrUsbSer - ok
16:46:43.0053 3812 Btcsrusb - ok
16:46:43.0131 3812 [ 07DCB3C254D584E3949FE2C0EE3963F2 ] BthAudioHF C:\windows\system32\DRIVERS\BthAudioHF.sys
16:46:43.0131 3812 BthAudioHF - ok
16:46:43.0256 3812 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
16:46:43.0256 3812 BthEnum - ok
16:46:43.0365 3812 [ 992D8C032884DC4C837C40BF52CB5C89 ] BtHidBus C:\windows\system32\Drivers\BtHidBus.sys
16:46:43.0381 3812 BtHidBus - ok
16:46:43.0521 3812 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
16:46:43.0521 3812 BTHMODEM - ok
16:46:43.0599 3812 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
16:46:43.0599 3812 BthPan - ok
16:46:43.0693 3812 [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
16:46:43.0693 3812 BTHPORT - ok
16:46:43.0787 3812 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
16:46:43.0787 3812 bthserv - ok
16:46:43.0849 3812 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
16:46:43.0849 3812 BTHUSB - ok
16:46:44.0255 3812 [ 40AAAB64465E42C72B6411AAEB3EEF0F ] btnetBUs C:\windows\system32\Drivers\btnetBus.sys
16:46:44.0301 3812 btnetBUs - ok
16:46:44.0504 3812 catchme - ok
16:46:44.0707 3812 [ E41F70406C34F1CB667B4B27D81AD162 ] ccSet_MCLIENT C:\windows\system32\drivers\MCLIENTx64\0300000.085\ccSetx64.sys
16:46:44.0723 3812 ccSet_MCLIENT - ok
16:46:45.0050 3812 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys
16:46:45.0066 3812 ccSet_NIS - ok
16:46:45.0144 3812 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
16:46:45.0144 3812 cdfs - ok
16:46:45.0269 3812 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
16:46:45.0269 3812 cdrom - ok
16:46:45.0393 3812 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\windows\System32\certprop.dll
16:46:45.0393 3812 CertPropSvc - ok
16:46:45.0534 3812 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
16:46:45.0565 3812 circlass - ok
16:46:45.0705 3812 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
16:46:45.0705 3812 CLFS - ok
16:46:46.0487 3812 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:46:46.0526 3812 clr_optimization_v2.0.50727_32 - ok
16:46:46.0905 3812 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:46:46.0907 3812 clr_optimization_v2.0.50727_64 - ok
16:46:47.0697 3812 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:46:47.0698 3812 clr_optimization_v4.0.30319_32 - ok
16:46:47.0937 3812 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:46:47.0939 3812 clr_optimization_v4.0.30319_64 - ok
16:46:48.0070 3812 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
16:46:48.0071 3812 clwvd - ok
16:46:48.0175 3812 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
16:46:48.0176 3812 CmBatt - ok
16:46:48.0205 3812 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
16:46:48.0207 3812 cmdide - ok
16:46:48.0456 3812 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\windows\system32\Drivers\cng.sys
16:46:48.0462 3812 CNG - ok
16:46:48.0742 3812 [ 7247A4D0875F5F28919E0787E11B7B57 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
16:46:48.0756 3812 CnxtHdAudService - ok
16:46:48.0865 3812 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
16:46:48.0865 3812 Compbatt - ok
16:46:48.0900 3812 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
16:46:48.0902 3812 CompositeBus - ok
16:46:48.0927 3812 COMSysApp - ok
16:46:48.0980 3812 [ 3CA734CE373E5675FBC15CA2C45228E5 ] cpudrv64 C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
16:46:49.0003 3812 cpudrv64 - ok
16:46:49.0014 3812 cpuz134 - ok
16:46:49.0125 3812 [ 8F5B84350BFC4FE3A65D921B4BD0E737 ] cpuz135 C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys
16:46:49.0137 3812 cpuz135 - ok
16:46:49.0164 3812 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
16:46:49.0166 3812 crcdisk - ok
16:46:49.0227 3812 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\windows\system32\cryptsvc.dll
16:46:49.0234 3812 CryptSvc - ok
16:46:49.0288 3812 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\windows\system32\rpcss.dll
16:46:49.0294 3812 DcomLaunch - ok
16:46:49.0329 3812 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
16:46:49.0333 3812 defragsvc - ok
16:46:49.0375 3812 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\windows\system32\Drivers\dfsc.sys
16:46:49.0377 3812 DfsC - ok
16:46:49.0418 3812 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\windows\system32\dhcpcore.dll
16:46:49.0421 3812 Dhcp - ok
16:46:49.0447 3812 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
16:46:49.0447 3812 discache - ok
16:46:49.0491 3812 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
16:46:49.0492 3812 Disk - ok
16:46:49.0525 3812 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\windows\System32\dnsrslvr.dll
16:46:49.0527 3812 Dnscache - ok
16:46:49.0561 3812 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\windows\System32\dot3svc.dll
16:46:49.0564 3812 dot3svc - ok
16:46:49.0588 3812 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\windows\system32\dps.dll
16:46:49.0589 3812 DPS - ok
16:46:49.0689 3812 [ 0B9D2B8D0C3955EF851A98155C349B59 ] DragonSvc C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
16:46:49.0691 3812 DragonSvc - ok
16:46:49.0726 3812 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
16:46:49.0741 3812 drmkaud - ok
16:46:49.0793 3812 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\windows\system32\DRIVERS\dtsoftbus01.sys
16:46:49.0795 3812 dtsoftbus01 - ok
16:46:49.0836 3812 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
16:46:49.0842 3812 DXGKrnl - ok
16:46:49.0939 3812 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
16:46:50.0165 3812 EapHost - ok
16:46:50.0450 3812 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
16:46:50.0508 3812 ebdrv - ok
16:46:50.0615 3812 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:46:50.0619 3812 eeCtrl - ok
16:46:50.0674 3812 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\windows\System32\lsass.exe
16:46:50.0683 3812 EFS - ok
16:46:50.0738 3812 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
16:46:50.0743 3812 elxstor - ok
16:46:50.0817 3812 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:46:50.0818 3812 EraserUtilRebootDrv - ok
16:46:50.0852 3812 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
16:46:50.0853 3812 ErrDev - ok
16:46:50.0895 3812 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
16:46:50.0898 3812 EventSystem - ok
16:46:50.0932 3812 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
16:46:50.0934 3812 exfat - ok
16:46:50.0941 3812 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
16:46:50.0950 3812 fastfat - ok
16:46:50.0989 3812 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\windows\system32\fxssvc.exe
16:46:50.0993 3812 Fax - ok
16:46:51.0043 3812 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
16:46:51.0045 3812 fdc - ok
16:46:51.0083 3812 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
16:46:51.0084 3812 fdPHost - ok
16:46:51.0099 3812 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
16:46:51.0101 3812 FDResPub - ok
16:46:51.0128 3812 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
16:46:51.0130 3812 FileInfo - ok
16:46:51.0162 3812 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
16:46:51.0163 3812 Filetrace - ok
16:46:51.0177 3812 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
16:46:51.0178 3812 flpydisk - ok
16:46:51.0202 3812 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
16:46:51.0206 3812 FltMgr - ok
16:46:51.0264 3812 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\windows\system32\FntCache.dll
16:46:51.0281 3812 FontCache - ok
16:46:51.0378 3812 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:46:51.0405 3812 FontCache3.0.0.0 - ok
16:46:51.0419 3812 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
16:46:51.0420 3812 FsDepends - ok
16:46:51.0457 3812 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
16:46:51.0458 3812 Fs_Rec - ok
16:46:51.0580 3812 [ AE6F0A6562D3ECCD613DE1FD8612AC4E ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
16:46:51.0582 3812 Futuremark SystemInfo Service - ok
16:46:51.0642 3812 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
16:46:51.0645 3812 fvevol - ok
16:46:51.0699 3812 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
16:46:51.0701 3812 gagp30kx - ok
16:46:51.0754 3812 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\windows\System32\gpsvc.dll
16:46:51.0761 3812 gpsvc - ok
16:46:51.0823 3812 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
16:46:51.0825 3812 hcw85cir - ok
16:46:51.0930 3812 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:46:51.0935 3812 HdAudAddService - ok
16:46:51.0968 3812 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
16:46:51.0969 3812 HDAudBus - ok
16:46:52.0013 3812 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
16:46:52.0015 3812 HECIx64 - ok
16:46:52.0060 3812 [ EE8C05F926521A0E24EDAF40F45D01E6 ] HFGService C:\windows\System32\HFGService.dll
16:46:52.0073 3812 HFGService - ok
16:46:52.0090 3812 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
16:46:52.0091 3812 HidBatt - ok
16:46:52.0099 3812 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
16:46:52.0102 3812 HidBth - ok
16:46:52.0128 3812 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
16:46:52.0130 3812 HidIr - ok
16:46:52.0174 3812 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
16:46:52.0175 3812 hidserv - ok
16:46:52.0228 3812 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
16:46:52.0229 3812 HidUsb - ok
16:46:52.0261 3812 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\windows\system32\kmsvc.dll
16:46:52.0264 3812 hkmsvc - ok
16:46:52.0287 3812 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:46:52.0290 3812 HomeGroupListener - ok
16:46:52.0332 3812 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:46:52.0335 3812 HomeGroupProvider - ok
16:46:52.0371 3812 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
16:46:52.0373 3812 HpSAMD - ok
16:46:52.0426 3812 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\windows\system32\drivers\HTTP.sys
16:46:52.0434 3812 HTTP - ok
16:46:52.0518 3812 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
16:46:52.0518 3812 hwpolicy - ok
16:46:52.0543 3812 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
16:46:52.0545 3812 i8042prt - ok
16:46:52.0586 3812 [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
16:46:52.0589 3812 iaStor - ok
16:46:52.0695 3812 [ 48362E5DB5CB2C000C514EE1F3890ACD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
16:46:52.0696 3812 IAStorDataMgrSvc - ok
16:46:52.0733 3812 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\windows\system32\drivers\iaStorV.sys
16:46:52.0738 3812 iaStorV - ok
16:46:52.0813 3812 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:46:52.0823 3812 idsvc - ok
16:46:52.0981 3812 [ 82AB40147567DE48C405AFE570A2266F ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120824.001\IDSvia64.sys
16:46:52.0994 3812 IDSVia64 - ok
16:46:53.0220 3812 [ 09CE164AFA8483E41808784D7FCA154E ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
16:46:53.0414 3812 igfx - ok
16:46:53.0528 3812 [ D951D20153E51928F9DB2227D6FF5C7A ] IGRS C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
16:46:53.0529 3812 IGRS - ok
16:46:53.0587 3812 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
16:46:53.0589 3812 iirsp - ok
16:46:53.0634 3812 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\windows\System32\ikeext.dll
16:46:53.0642 3812 IKEEXT - ok
16:46:53.0675 3812 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
16:46:53.0678 3812 Impcd - ok
16:46:53.0736 3812 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
16:46:53.0741 3812 IntcDAud - ok
16:46:53.0754 3812 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\DRIVERS\intelide.sys
16:46:53.0756 3812 intelide - ok
16:46:53.0792 3812 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
16:46:53.0793 3812 intelppm - ok
16:46:53.0837 3812 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
16:46:53.0839 3812 IPBusEnum - ok
16:46:53.0877 3812 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
16:46:53.0879 3812 IpFilterDriver - ok
16:46:53.0943 3812 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
16:46:53.0949 3812 iphlpsvc - ok
16:46:54.0012 3812 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
16:46:54.0015 3812 IPMIDRV - ok
16:46:54.0036 3812 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
16:46:54.0042 3812 IPNAT - ok
16:46:54.0070 3812 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
16:46:54.0071 3812 IRENUM - ok
16:46:54.0080 3812 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
16:46:54.0082 3812 isapnp - ok
16:46:54.0098 3812 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
16:46:54.0126 3812 iScsiPrt - ok
16:46:54.0175 3812 [ 1C6D68A0BF108A5B3D40B2E84AE3CCDA ] IvtBtBUs C:\windows\system32\Drivers\IvtBtBus.sys
16:46:54.0176 3812 IvtBtBUs - ok
16:46:54.0206 3812 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\windows\system32\DRIVERS\k57nd60a.sys
16:46:54.0209 3812 k57nd60a - ok
16:46:54.0275 3812 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
16:46:54.0276 3812 kbdclass - ok
16:46:54.0295 3812 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
16:46:54.0297 3812 kbdhid - ok
16:46:54.0341 3812 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\windows\system32\lsass.exe
16:46:54.0342 3812 KeyIso - ok
16:46:54.0386 3812 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
16:46:54.0388 3812 KSecDD - ok
16:46:54.0407 3812 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
16:46:54.0409 3812 KSecPkg - ok
16:46:54.0444 3812 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
16:46:54.0445 3812 ksthunk - ok
16:46:54.0483 3812 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
16:46:54.0527 3812 KtmRm - ok
16:46:54.0574 3812 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\windows\System32\srvsvc.dll
16:46:54.0577 3812 LanmanServer - ok
16:46:54.0616 3812 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:46:54.0618 3812 LanmanWorkstation - ok
16:46:54.0729 3812 [ 7FCB3EC66361F157BCD5B5C33CE2AC16 ] Lenovo ReadyComm AppSvc C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
16:46:54.0753 3812 Lenovo ReadyComm AppSvc - ok
16:46:54.0779 3812 [ 5287074E79E4BA82510886F684DC5F72 ] Lenovo ReadyComm ConnSvc C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
16:46:54.0786 3812 Lenovo ReadyComm ConnSvc - ok
16:46:54.0849 3812 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
16:46:54.0851 3812 lltdio - ok
16:46:54.0886 3812 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
16:46:54.0890 3812 lltdsvc - ok
16:46:54.0924 3812 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
16:46:54.0925 3812 lmhosts - ok
16:46:55.0018 3812 [ 98B0FCC176DFB711B67651BECB88C445 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
16:46:55.0021 3812 LMIGuardianSvc - ok
16:46:55.0069 3812 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
16:46:55.0070 3812 LMIInfo - ok
16:46:55.0127 3812 [ B712511029CBD68645A90A241FD6AE43 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
16:46:55.0129 3812 LMIMaint - ok
16:46:55.0148 3812 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\windows\system32\DRIVERS\lmimirr.sys
16:46:55.0149 3812 lmimirr - ok
16:46:55.0168 3812 LMIRfsClientNP - ok
16:46:55.0182 3812 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\windows\system32\drivers\LMIRfsDriver.sys
16:46:55.0183 3812 LMIRfsDriver - ok
16:46:55.0254 3812 [ 1E2F802846EB944E0333EFEE7C9532A8 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:46:55.0256 3812 LMS - ok
16:46:55.0292 3812 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
16:46:55.0311 3812 LogMeIn - ok
16:46:55.0339 3812 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
16:46:55.0349 3812 LSI_FC - ok
16:46:55.0365 3812 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
16:46:55.0367 3812 LSI_SAS - ok
16:46:55.0387 3812 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
16:46:55.0389 3812 LSI_SAS2 - ok
16:46:55.0399 3812 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
16:46:55.0401 3812 LSI_SCSI - ok
16:46:55.0412 3812 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
16:46:55.0414 3812 luafv - ok
16:46:55.0533 3812 [ C5046BBDBC044EEBC339D800F75A62DB ] MCLIENT C:\Program Files (x86)\Norton Management\Engine\3.0.0.133\ccSvcHst.exe
16:46:55.0535 3812 MCLIENT - ok
16:46:55.0560 3812 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
16:46:55.0561 3812 megasas - ok
16:46:55.0583 3812 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
16:46:55.0587 3812 MegaSR - ok
16:46:55.0620 3812 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
16:46:55.0621 3812 MMCSS - ok
16:46:55.0633 3812 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
16:46:55.0635 3812 Modem - ok
16:46:55.0676 3812 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
16:46:55.0676 3812 monitor - ok
16:46:55.0717 3812 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
16:46:55.0717 3812 mouclass - ok
16:46:55.0747 3812 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
16:46:55.0748 3812 mouhid - ok
16:46:55.0777 3812 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
16:46:55.0779 3812 mountmgr - ok
16:46:55.0852 3812 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:46:55.0855 3812 MozillaMaintenance - ok
16:46:55.0875 3812 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\windows\system32\DRIVERS\mpio.sys
16:46:55.0877 3812 mpio - ok
16:46:55.0905 3812 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
16:46:55.0907 3812 mpsdrv - ok
16:46:55.0963 3812 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\windows\system32\mpssvc.dll
16:46:55.0972 3812 MpsSvc - ok
16:46:56.0033 3812 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
16:46:56.0036 3812 MRxDAV - ok
16:46:56.0080 3812 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
16:46:56.0098 3812 mrxsmb - ok
16:46:56.0135 3812 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
16:46:56.0139 3812 mrxsmb10 - ok
16:46:56.0156 3812 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
16:46:56.0158 3812 mrxsmb20 - ok
16:46:56.0189 3812 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\windows\system32\DRIVERS\msahci.sys
16:46:56.0189 3812 msahci - ok
16:46:56.0216 3812 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
16:46:56.0219 3812 msdsm - ok
16:46:56.0232 3812 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
16:46:56.0235 3812 MSDTC - ok
16:46:56.0272 3812 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
16:46:56.0274 3812 Msfs - ok
16:46:56.0303 3812 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
16:46:56.0304 3812 mshidkmdf - ok
16:46:56.0320 3812 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
16:46:56.0321 3812 msisadrv - ok
16:46:56.0386 3812 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
16:46:56.0397 3812 MSiSCSI - ok
16:46:56.0401 3812 msiserver - ok
16:46:56.0444 3812 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
16:46:56.0446 3812 MSKSSRV - ok
16:46:56.0473 3812 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
16:46:56.0474 3812 MSPCLOCK - ok
16:46:56.0495 3812 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
16:46:56.0496 3812 MSPQM - ok
16:46:56.0519 3812 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
16:46:56.0522 3812 MsRPC - ok
16:46:56.0539 3812 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
16:46:56.0539 3812 mssmbios - ok
16:46:56.0576 3812 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
16:46:56.0577 3812 MSTEE - ok
16:46:56.0607 3812 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
16:46:56.0608 3812 MTConfig - ok
16:46:56.0620 3812 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
16:46:56.0621 3812 Mup - ok
16:46:56.0664 3812 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\windows\system32\qagentRT.dll
16:46:56.0669 3812 napagent - ok
16:46:56.0723 3812 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
16:46:56.0727 3812 NativeWifiP - ok
16:46:56.0851 3812 [ 149A9AD81BB327E892FA1ACB77722442 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120825.007\ENG64.SYS
16:46:56.0853 3812 NAVENG - ok
16:46:56.0921 3812 [ 4AF8750E71B549FEC5F6D1D01398CA69 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120825.007\EX64.SYS
16:46:56.0946 3812 NAVEX15 - ok
16:46:56.0979 3812 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\windows\system32\drivers\ndis.sys
16:46:56.0992 3812 NDIS - ok
16:46:57.0045 3812 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
16:46:57.0047 3812 NdisCap - ok
16:46:57.0065 3812 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
16:46:57.0066 3812 NdisTapi - ok
16:46:57.0101 3812 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
16:46:57.0103 3812 Ndisuio - ok
16:46:57.0119 3812 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
16:46:57.0121 3812 NdisWan - ok
16:46:57.0130 3812 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\windows\system32\drivers\NDProxy.sys
16:46:57.0132 3812 NDProxy - ok
16:46:57.0155 3812 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
16:46:57.0156 3812 NetBIOS - ok
16:46:57.0177 3812 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\windows\system32\DRIVERS\netbt.sys
16:46:57.0180 3812 NetBT - ok
16:46:57.0218 3812 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\windows\system32\lsass.exe
16:46:57.0219 3812 Netlogon - ok
16:46:57.0255 3812 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
16:46:57.0259 3812 Netman - ok
16:46:57.0283 3812 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
16:46:57.0287 3812 netprofm - ok
16:46:57.0314 3812 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:46:57.0316 3812 NetTcpPortSharing - ok
16:46:57.0437 3812 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\windows\system32\DRIVERS\netw5v64.sys
16:46:57.0563 3812 netw5v64 - ok
16:46:57.0597 3812 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
16:46:57.0599 3812 nfrd960 - ok
16:46:57.0780 3812 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
16:46:57.0782 3812 NIS - ok
16:46:57.0827 3812 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\windows\System32\nlasvc.dll
16:46:57.0830 3812 NlaSvc - ok
16:46:57.0847 3812 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
16:46:57.0849 3812 Npfs - ok
16:46:57.0867 3812 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
16:46:57.0868 3812 nsi - ok
16:46:57.0898 3812 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
16:46:57.0899 3812 nsiproxy - ok
16:46:57.0959 3812 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\windows\system32\drivers\Ntfs.sys
16:46:58.0013 3812 Ntfs - ok
16:46:58.0054 3812 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
16:46:58.0055 3812 Null - ok
16:46:58.0117 3812 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\windows\system32\drivers\nvraid.sys
16:46:58.0119 3812 nvraid - ok
16:46:58.0134 3812 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\windows\system32\drivers\nvstor.sys
16:46:58.0136 3812 nvstor - ok
16:46:58.0178 3812 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
16:46:58.0181 3812 nv_agp - ok
16:46:58.0200 3812 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
16:46:58.0202 3812 ohci1394 - ok
16:46:58.0303 3812 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:46:58.0306 3812 ose - ok
16:46:58.0462 3812 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:46:58.0585 3812 osppsvc - ok
16:46:58.0640 3812 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
16:46:58.0645 3812 p2pimsvc - ok
16:46:58.0683 3812 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
16:46:58.0690 3812 p2psvc - ok
16:46:58.0738 3812 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
16:46:58.0741 3812 Parport - ok
16:46:58.0774 3812 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\windows\system32\drivers\partmgr.sys
16:46:58.0775 3812 partmgr - ok
16:46:58.0790 3812 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
16:46:58.0792 3812 PcaSvc - ok
16:46:58.0807 3812 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\windows\system32\DRIVERS\pci.sys
16:46:58.0809 3812 pci - ok
16:46:58.0825 3812 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
16:46:58.0827 3812 pciide - ok
16:46:58.0843 3812 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
16:46:58.0846 3812 pcmcia - ok
16:46:58.0867 3812 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
16:46:58.0868 3812 pcw - ok
16:46:58.0894 3812 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
16:46:58.0901 3812 PEAUTH - ok
16:46:59.0021 3812 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
16:46:59.0022 3812 PerfHost - ok
16:46:59.0079 3812 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\windows\system32\pla.dll
16:46:59.0111 3812 pla - ok
16:46:59.0177 3812 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\windows\system32\umpnpmgr.dll
16:46:59.0180 3812 PlugPlay - ok
16:46:59.0198 3812 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
16:46:59.0200 3812 PNRPAutoReg - ok
16:46:59.0218 3812 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
16:46:59.0220 3812 PNRPsvc - ok
16:46:59.0256 3812 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
16:46:59.0261 3812 PolicyAgent - ok
16:46:59.0360 3812 PORTMON - ok
16:46:59.0399 3812 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
16:46:59.0401 3812 Power - ok
16:46:59.0450 3812 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
16:46:59.0452 3812 PptpMiniport - ok
16:46:59.0467 3812 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
16:46:59.0478 3812 Processor - ok
16:46:59.0527 3812 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\windows\system32\profsvc.dll
16:46:59.0529 3812 ProfSvc - ok
16:46:59.0540 3812 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\windows\system32\lsass.exe
16:46:59.0542 3812 ProtectedStorage - ok
16:46:59.0572 3812 [ 05A4779E4994B21473EDBE85AABE8030 ] psadd C:\windows\system32\DRIVERS\psadd.sys
16:46:59.0573 3812 psadd - ok
16:46:59.0597 3812 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\windows\system32\DRIVERS\pacer.sys
16:46:59.0599 3812 Psched - ok
16:46:59.0602 3812 PS_MDP - ok
16:46:59.0666 3812 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
16:46:59.0706 3812 ql2300 - ok
16:46:59.0723 3812 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
16:46:59.0726 3812 ql40xx - ok
16:46:59.0759 3812 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
16:46:59.0763 3812 QWAVE - ok
16:46:59.0809 3812 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
16:46:59.0810 3812 QWAVEdrv - ok
16:46:59.0845 3812 [ 58435613C2537715A9423597EC6635CC ] radpms C:\windows\system32\DRIVERS\radpms.sys
16:46:59.0847 3812 radpms - ok
16:46:59.0873 3812 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
16:46:59.0874 3812 RasAcd - ok
16:46:59.0928 3812 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
16:46:59.0929 3812 RasAgileVpn - ok
16:46:59.0965 3812 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
16:46:59.0968 3812 RasAuto - ok
16:46:59.0981 3812 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
16:46:59.0983 3812 Rasl2tp - ok
16:47:00.0009 3812 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\windows\System32\rasmans.dll
16:47:00.0013 3812 RasMan - ok
16:47:00.0032 3812 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
16:47:00.0034 3812 RasPppoe - ok
16:47:00.0057 3812 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
16:47:00.0058 3812 RasSstp - ok
16:47:00.0070 3812 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
16:47:00.0073 3812 rdbss - ok
16:47:00.0100 3812 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
16:47:00.0101 3812 rdpbus - ok
16:47:00.0146 3812 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
16:47:00.0147 3812 RDPCDD - ok
16:47:00.0165 3812 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
16:47:00.0165 3812 RDPENCDD - ok
16:47:00.0171 3812 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
16:47:00.0171 3812 RDPREFMP - ok
16:47:00.0210 3812 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
16:47:00.0227 3812 RDPWD - ok
16:47:00.0258 3812 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\windows\system32\drivers\rdyboost.sys
16:47:00.0288 3812 rdyboost - ok
16:47:00.0292 3812 ReadyComm.DirectRouter - ok
16:47:00.0317 3812 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
16:47:00.0320 3812 RemoteAccess - ok
16:47:00.0351 3812 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
16:47:00.0368 3812 RemoteRegistry - ok
16:47:00.0404 3812 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
16:47:00.0408 3812 RFCOMM - ok
16:47:00.0444 3812 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
16:47:00.0446 3812 RpcEptMapper - ok
16:47:00.0489 3812 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
16:47:00.0491 3812 RpcLocator - ok
16:47:00.0510 3812 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\windows\system32\rpcss.dll
16:47:00.0513 3812 RpcSs - ok
16:47:00.0555 3812 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
16:47:00.0557 3812 rspndr - ok
16:47:00.0639 3812 [ 5AAB4808E8CCAE8C2ECDA5B791260616 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
16:47:00.0671 3812 RSUSBSTOR - ok
16:47:00.0707 3812 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
16:47:00.0710 3812 RTL8167 - ok
16:47:00.0718 3812 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\windows\system32\lsass.exe
16:47:00.0719 3812 SamSs - ok
16:47:00.0755 3812 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
16:47:00.0757 3812 sbp2port - ok
16:47:00.0854 3812 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:47:00.0863 3812 SBSDWSCService - ok
16:47:00.0888 3812 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
16:47:00.0908 3812 SCardSvr - ok
16:47:00.0927 3812 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
16:47:00.0928 3812 scfilter - ok
16:47:00.0982 3812 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\windows\system32\schedsvc.dll
16:47:00.0999 3812 Schedule - ok
16:47:01.0084 3812 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\windows\System32\certprop.dll
16:47:01.0085 3812 SCPolicySvc - ok
16:47:01.0110 3812 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\windows\System32\SDRSVC.dll
16:47:01.0114 3812 SDRSVC - ok
16:47:01.0155 3812 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
16:47:01.0156 3812 secdrv - ok
16:47:01.0178 3812 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\windows\system32\seclogon.dll
16:47:01.0180 3812 seclogon - ok
16:47:01.0191 3812 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
16:47:01.0192 3812 SENS - ok
16:47:01.0247 3812 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
16:47:01.0249 3812 SensrSvc - ok
16:47:01.0273 3812 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
16:47:01.0274 3812 Serenum - ok
16:47:01.0283 3812 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
16:47:01.0300 3812 Serial - ok
16:47:01.0329 3812 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
16:47:01.0330 3812 sermouse - ok
16:47:01.0377 3812 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\windows\system32\sessenv.dll
16:47:01.0380 3812 SessionEnv - ok
16:47:01.0407 3812 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
16:47:01.0407 3812 sffdisk - ok
16:47:01.0424 3812 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
16:47:01.0425 3812 sffp_mmc - ok
16:47:01.0447 3812 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
16:47:01.0448 3812 sffp_sd - ok
16:47:01.0468 3812 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
16:47:01.0469 3812 sfloppy - ok
16:47:01.0538 3812 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
16:47:01.0543 3812 SharedAccess - ok
16:47:01.0576 3812 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:47:01.0580 3812 ShellHWDetection - ok
16:47:01.0609 3812 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
16:47:01.0611 3812 SiSRaid2 - ok
16:47:01.0653 3812 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
16:47:01.0655 3812 SiSRaid4 - ok
16:47:01.0736 3812 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:47:01.0737 3812 SkypeUpdate - ok
16:47:01.0782 3812 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
16:47:01.0784 3812 Smb - ok
16:47:01.0849 3812 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
16:47:01.0874 3812 SNMPTRAP - ok
16:47:01.0899 3812 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
16:47:01.0900 3812 spldr - ok
16:47:01.0951 3812 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\windows\System32\spoolsv.exe
16:47:01.0955 3812 Spooler - ok
16:47:02.0029 3812 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\windows\system32\sppsvc.exe
16:47:02.0045 3812 sppsvc - ok
16:47:02.0087 3812 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
16:47:02.0089 3812 sppuinotify - ok
16:47:02.0213 3812 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS
16:47:02.0217 3812 SRTSP - ok
16:47:02.0251 3812 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\windows\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS
16:47:02.0252 3812 SRTSPX - ok
16:47:02.0297 3812 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\windows\system32\DRIVERS\srv.sys
16:47:02.0303 3812 srv - ok
16:47:02.0339 3812 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
16:47:02.0350 3812 srv2 - ok
16:47:02.0385 3812 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
16:47:02.0388 3812 srvnet - ok
16:47:02.0431 3812 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
16:47:02.0434 3812 SSDPSRV - ok
16:47:02.0450 3812 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
16:47:02.0452 3812 SstpSvc - ok
16:47:02.0482 3812 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
16:47:02.0484 3812 stexstor - ok
16:47:02.0502 3812 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\windows\System32\wiaservc.dll
16:47:02.0509 3812 stisvc - ok
16:47:02.0623 3812 [ 59B5A060A31BD4BAB030C4FCD1048292 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
16:47:02.0623 3812 SUService - ok
16:47:02.0649 3812 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
16:47:02.0651 3812 swenum - ok
16:47:02.0685 3812 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
16:47:02.0693 3812 swprv - ok
16:47:02.0753 3812 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS
16:47:02.0768 3812 SymDS - ok
16:47:02.0858 3812 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS
16:47:02.0892 3812 SymEFA - ok
16:47:02.0947 3812 [ 894579207E39C465737E850A252CE4F2 ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
16:47:02.0965 3812 SymEvent - ok
16:47:03.0028 3812 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS
16:47:03.0030 3812 SymIRON - ok
16:47:03.0085 3812 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS
16:47:03.0088 3812 SymNetS - ok
16:47:03.0146 3812 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\windows\system32\sysmain.dll
16:47:03.0179 3812 SysMain - ok
16:47:03.0217 3812 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\windows\System32\TabSvc.dll
16:47:03.0219 3812 TabletInputService - ok
16:47:03.0231 3812 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\windows\System32\tapisrv.dll
16:47:03.0235 3812 TapiSrv - ok
16:47:03.0246 3812 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
16:47:03.0247 3812 TBS - ok
16:47:03.0331 3812 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
16:47:03.0348 3812 Tcpip - ok
16:47:03.0408 3812 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
16:47:03.0417 3812 TCPIP6 - ok
16:47:03.0466 3812 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
16:47:03.0468 3812 tcpipreg - ok
16:47:03.0489 3812 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
16:47:03.0505 3812 TDPIPE - ok
16:47:03.0539 3812 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
16:47:03.0553 3812 TDTCP - ok
16:47:03.0569 3812 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\windows\system32\DRIVERS\tdx.sys
16:47:03.0571 3812 tdx - ok
16:47:03.0926 3812 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
16:47:03.0970 3812 TeamViewer7 - ok
16:47:04.0011 3812 [ C448651339196C0E869A355171875522 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
16:47:04.0013 3812 TermDD - ok
16:47:04.0064 3812 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\windows\System32\termsrv.dll
16:47:04.0073 3812 TermService - ok
16:47:04.0086 3812 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
16:47:04.0088 3812 Themes - ok
16:47:04.0130 3812 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
16:47:04.0132 3812 THREADORDER - ok
16:47:04.0149 3812 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
16:47:04.0152 3812 TrkWks - ok
16:47:04.0226 3812 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:47:04.0227 3812 TrustedInstaller - ok
16:47:04.0241 3812 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
16:47:04.0242 3812 tssecsrv - ok
16:47:04.0286 3812 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
16:47:04.0288 3812 tunnel - ok
16:47:04.0303 3812 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
16:47:04.0305 3812 uagp35 - ok
16:47:04.0323 3812 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\windows\system32\DRIVERS\udfs.sys
16:47:04.0328 3812 udfs - ok
16:47:04.0363 3812 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
16:47:04.0365 3812 UI0Detect - ok
16:47:04.0391 3812 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
16:47:04.0392 3812 uliagpkx - ok
16:47:04.0421 3812 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\windows\system32\DRIVERS\umbus.sys
16:47:04.0422 3812 umbus - ok
16:47:04.0430 3812 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
16:47:04.0432 3812 UmPass - ok
16:47:04.0528 3812 [ AF905F4966CFC8B973623AB150CD4B2B ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:47:04.0539 3812 UNS - ok
16:47:04.0579 3812 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
16:47:04.0584 3812 upnphost - ok
16:47:04.0622 3812 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
16:47:04.0629 3812 usbccgp - ok
16:47:04.0674 3812 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
16:47:04.0676 3812 usbcir - ok
16:47:04.0691 3812 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\windows\system32\drivers\usbehci.sys
16:47:04.0693 3812 usbehci - ok
16:47:04.0718 3812 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
16:47:04.0722 3812 usbhub - ok
16:47:04.0758 3812 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\windows\system32\drivers\usbohci.sys
16:47:04.0780 3812 usbohci - ok
16:47:04.0799 3812 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
16:47:04.0818 3812 usbprint - ok
16:47:04.0879 3812 [ 0F0C72A657C622286013788B886968AD ] usbser C:\windows\system32\DRIVERS\usbser.sys
16:47:04.0881 3812 usbser - ok
16:47:04.0937 3812 [ F379A62017F92A7D60002D53000DD126 ] usbsmi C:\windows\system32\DRIVERS\SMIksdrv.sys
16:47:04.0958 3812 usbsmi - ok
16:47:04.0990 3812 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
16:47:04.0992 3812 USBSTOR - ok
16:47:04.0999 3812 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\windows\system32\drivers\usbuhci.sys
16:47:05.0000 3812 usbuhci - ok
16:47:05.0052 3812 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
16:47:05.0055 3812 usbvideo - ok
16:47:05.0097 3812 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
16:47:05.0099 3812 UxSms - ok
16:47:05.0107 3812 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\windows\system32\lsass.exe
16:47:05.0108 3812 VaultSvc - ok
16:47:05.0121 3812 VComm - ok
16:47:05.0127 3812 VcommMgr - ok
16:47:05.0166 3812 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
16:47:05.0167 3812 vdrvroot - ok
16:47:05.0211 3812 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\windows\System32\vds.exe
16:47:05.0264 3812 vds - ok
16:47:05.0303 3812 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
16:47:05.0305 3812 vga - ok
16:47:05.0314 3812 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
16:47:05.0315 3812 VgaSave - ok
16:47:05.0328 3812 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
16:47:05.0331 3812 vhdmp - ok
16:47:05.0347 3812 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\DRIVERS\viaide.sys
16:47:05.0348 3812 viaide - ok
16:47:05.0361 3812 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
16:47:05.0362 3812 volmgr - ok
16:47:05.0386 3812 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\windows\system32\drivers\volmgrx.sys
16:47:05.0390 3812 volmgrx - ok
16:47:05.0403 3812 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
16:47:05.0406 3812 volsnap - ok
16:47:05.0438 3812 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
16:47:05.0441 3812 vsmraid - ok
16:47:05.0504 3812 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\windows\system32\vssvc.exe
16:47:05.0537 3812 VSS - ok
16:47:05.0565 3812 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
16:47:05.0566 3812 vwifibus - ok
16:47:05.0584 3812 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
16:47:05.0586 3812 vwififlt - ok
16:47:05.0618 3812 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
16:47:05.0619 3812 vwifimp - ok
16:47:05.0664 3812 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
16:47:05.0669 3812 W32Time - ok
16:47:05.0697 3812 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
16:47:05.0698 3812 WacomPen - ok
16:47:05.0743 3812 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
16:47:05.0744 3812 WANARP - ok
16:47:05.0748 3812 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
16:47:05.0749 3812 Wanarpv6 - ok
16:47:05.0823 3812 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
16:47:05.0867 3812 WatAdminSvc - ok
16:47:05.0953 3812 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\windows\system32\wbengine.exe
16:47:05.0986 3812 wbengine - ok
16:47:06.0061 3812 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
16:47:06.0066 3812 WbioSrvc - ok
16:47:06.0102 3812 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\windows\System32\wcncsvc.dll
16:47:06.0107 3812 wcncsvc - ok
16:47:06.0150 3812 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:47:06.0153 3812 WcsPlugInService - ok
16:47:06.0187 3812 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
16:47:06.0189 3812 Wd - ok
16:47:06.0214 3812 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
16:47:06.0221 3812 Wdf01000 - ok
16:47:06.0238 3812 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
16:47:06.0239 3812 WdiServiceHost - ok
16:47:06.0243 3812 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
16:47:06.0245 3812 WdiSystemHost - ok
16:47:06.0290 3812 [ 2A444ACF7DD446505BCC801F8F6AE5FD ] wdmirror C:\windows\system32\DRIVERS\WDMirror.sys
16:47:06.0291 3812 wdmirror - ok
16:47:06.0330 3812 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\windows\System32\webclnt.dll
16:47:06.0335 3812 WebClient - ok
16:47:06.0353 3812 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
16:47:06.0357 3812 Wecsvc - ok
16:47:06.0369 3812 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
16:47:06.0371 3812 wercplsupport - ok
16:47:06.0401 3812 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
16:47:06.0403 3812 WerSvc - ok
16:47:06.0456 3812 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
16:47:06.0458 3812 WfpLwf - ok
16:47:06.0496 3812 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
16:47:06.0512 3812 WimFltr - ok
16:47:06.0527 3812 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
16:47:06.0528 3812 WIMMount - ok
16:47:06.0576 3812 WinDefend - ok
16:47:06.0581 3812 WinHttpAutoProxySvc - ok
16:47:06.0649 3812 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
16:47:06.0652 3812 Winmgmt - ok
16:47:06.0708 3812 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\windows\system32\WsmSvc.dll
16:47:06.0754 3812 WinRM - ok
16:47:06.0793 3812 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
16:47:06.0803 3812 Wlansvc - ok
16:47:06.0839 3812 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
16:47:06.0840 3812 WmiAcpi - ok
16:47:06.0884 3812 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
16:47:06.0886 3812 wmiApSrv - ok
16:47:06.0906 3812 WMPNetworkSvc - ok
16:47:06.0945 3812 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
16:47:06.0948 3812 WPCSvc - ok
16:47:06.0959 3812 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
16:47:06.0961 3812 WPDBusEnum - ok
16:47:06.0985 3812 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
16:47:06.0986 3812 ws2ifsl - ok
16:47:07.0033 3812 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\windows\system32\wscsvc.dll
16:47:07.0035 3812 wscsvc - ok
16:47:07.0039 3812 WSearch - ok
16:47:07.0084 3812 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
16:47:07.0099 3812 wsvd - ok
16:47:07.0180 3812 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
16:47:07.0222 3812 wuauserv - ok
16:47:07.0233 3812 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
16:47:07.0247 3812 WudfPf - ok
16:47:07.0275 3812 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
16:47:07.0277 3812 WUDFRd - ok
16:47:07.0315 3812 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\windows\System32\WUDFSvc.dll
16:47:07.0317 3812 wudfsvc - ok
16:47:07.0341 3812 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
16:47:07.0345 3812 WwanSvc - ok
16:47:07.0406 3812 ================ Scan global ===============================
16:47:07.0433 3812 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
16:47:07.0466 3812 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\windows\system32\winsrv.dll
16:47:07.0489 3812 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\windows\system32\winsrv.dll
16:47:07.0511 3812 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
16:47:07.0554 3812 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
16:47:07.0557 3812 [Global] - ok
16:47:07.0557 3812 ================ Scan MBR ==================================
16:47:07.0570 3812 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:47:07.0861 3812 \Device\Harddisk0\DR0 - ok
16:47:07.0862 3812 ================ Scan VBR ==================================
16:47:07.0864 3812 [ EDD3EDA173E55B4473D9FF4F3E0BCB53 ] \Device\Harddisk0\DR0\Partition1
16:47:07.0866 3812 \Device\Harddisk0\DR0\Partition1 - ok
16:47:07.0912 3812 [ 206FC1726B5A6DF93E424AFD24A3AAE9 ] \Device\Harddisk0\DR0\Partition2
16:47:07.0914 3812 \Device\Harddisk0\DR0\Partition2 - ok
16:47:07.0948 3812 [ 2D563A1C2252025F09E627962F35DB32 ] \Device\Harddisk0\DR0\Partition3
16:47:07.0951 3812 \Device\Harddisk0\DR0\Partition3 - ok
16:47:07.0952 3812 ============================================================
16:47:07.0952 3812 Scan finished
16:47:07.0952 3812 ============================================================
16:47:07.0963 2152 Detected object count: 0
16:47:07.0963 2152 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:48 AM

Posted 26 August 2012 - 04:06 PM

Greetings

did you try and run the aswMBR report?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 26 August 2012 - 04:12 PM

Do you need MBR.dat?


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-26 16:50:55
-----------------------------
16:50:55.547 OS Version: Windows x64 6.1.7600
16:50:55.548 Number of processors: 4 586 0x2505
16:50:55.549 ComputerName: PEGGY UserName: Owner
16:50:56.751 Initialize success
16:52:53.296 AVAST engine defs: 12082601
16:53:01.455 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:53:01.471 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
16:53:01.471 Disk 0 MBR read successfully
16:53:01.486 Disk 0 MBR scan
16:53:01.486 Disk 0 Windows 7 default MBR code
16:53:01.486 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
16:53:01.502 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 260243 MB offset 411648
16:53:01.502 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 533389312
16:53:01.533 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 594198528
16:53:01.564 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 533391360
16:53:01.611 Disk 0 scanning C:\windows\system32\drivers
16:53:11.564 Service scanning
16:53:54.277 Modules scanning
16:53:54.792 Disk 0 trace - called modules:
16:53:54.823 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:53:54.838 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a88060]
16:53:54.838 3 CLASSPNP.SYS[fffff880013cc43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004950050]
16:53:56.196 AVAST engine scan C:\windows
16:53:59.144 AVAST engine scan C:\windows\system32
16:56:28.046 AVAST engine scan C:\windows\system32\drivers
16:56:44.972 AVAST engine scan C:\Users\Owner
17:01:14.276 AVAST engine scan C:\ProgramData
17:02:40.013 Scan finished successfully
17:09:19.031 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
17:09:19.031 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:48 AM

Posted 26 August 2012 - 04:27 PM

Greetings kkoz83

No I don't need the MBR.dat file but save it for now, what i do need is a status update of the computer after you run this

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 26 August 2012 - 04:53 PM

Firefox seems fine, but Notepad is weird - it sometimes automatically to the far right or to bottom.

ComboFix 12-08-25.04 - Owner 08/26/2012 17:35:47.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2153 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2012-08-26 21:40 . 2012-08-26 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-26 21:40 . 2012-08-26 21:40 -------- d-----w- c:\users\Backup\AppData\Local\temp
2012-08-19 17:45 . 2012-08-19 17:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-15 02:06 . 2012-07-06 19:58 552448 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 02:01 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe
2012-08-15 02:01 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 02:01 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 02:01 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 02:01 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 02:01 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 02:01 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 02:01 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 02:01 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 02:01 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 02:01 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 02:01 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 01:49 . 2012-08-16 01:21 -------- d-----w- c:\windows\system32\drivers\NISx64\1308000.00E
2012-08-14 03:04 . 2012-08-14 03:04 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-14 03:04 . 2012-08-14 03:04 -------- d-----w- c:\program files (x86)\Futuremark
2012-07-30 22:56 . 2012-07-30 22:56 -------- d-----w- c:\users\Owner\AppData\Roaming\QTTabBar
2012-07-28 16:15 . 2012-07-28 16:15 -------- d-----w- c:\users\Owner\AppData\Roaming\iWesoft
2012-07-28 16:15 . 2012-07-28 16:15 -------- d-----w- c:\users\Owner\AppData\Local\iWesoft
2012-07-28 16:12 . 2012-07-28 16:12 -------- d-----w- c:\program files (x86)\QTTabBar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-22 02:07 . 2012-05-05 03:22 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 02:07 . 2012-05-05 03:22 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 02:02 . 2011-07-12 01:13 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-23 02:29 . 2011-07-20 19:02 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-07-23 02:29 . 2011-07-20 19:02 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-23 02:29 . 2011-07-20 19:02 80800 ----a-w- c:\windows\system32\LMIinit.dll
2012-07-03 17:46 . 2011-07-20 16:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 02:28 . 2012-06-12 02:28 158176 ----a-w- c:\users\Owner\HC2Setup64.exe
2012-06-09 05:30 . 2012-07-11 01:49 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 05:50 . 2012-07-11 01:49 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-11 01:49 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-11 01:49 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-11 01:49 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-02 22:19 . 2012-06-23 01:56 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 01:56 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 01:56 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 01:56 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 01:56 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 01:56 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 01:56 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-23 01:55 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-23 01:55 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:38 . 2012-07-11 01:49 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:38 . 2012-07-11 01:49 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37 . 2012-07-11 01:49 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:27 . 2012-07-11 01:49 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:27 . 2012-07-11 01:49 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:48 . 2012-07-11 01:49 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:48 . 2012-07-11 01:49 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:47 . 2012-07-11 01:49 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42 . 2012-07-11 01:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-26_17.07.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-08-26 16:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-26 20:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-26 16:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-26 20:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-26 16:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-26 20:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-29 19:38 . 2012-08-26 20:40 74656 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-26 20:40 37622 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-08-26 16:31 37622 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-12 00:38 . 2012-08-26 20:40 22276 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4068814822-2034975643-3909918309-1002_UserData.bin
- 2011-07-12 00:38 . 2012-08-26 16:31 22276 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4068814822-2034975643-3909918309-1002_UserData.bin
- 2012-08-26 16:27 . 2012-08-26 16:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-26 20:37 . 2012-08-26 20:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-26 16:27 . 2012-08-26 16:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-26 20:37 . 2012-08-26 20:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-29 12:15 . 2012-08-26 16:31 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-12-29 12:15 . 2012-08-26 20:40 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-08-26 03:36 317212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-26 18:40 317212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-20 16:51 . 2012-08-26 18:40 9852883 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4068814822-2034975643-3909918309-1002-12288.dat
- 2011-07-20 16:51 . 2012-08-26 03:36 9852883 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4068814822-2034975643-3909918309-1002-12288.dat
+ 2009-07-14 02:34 . 2012-08-26 20:54 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-08-26 01:29 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Gadu-Gadu 10"="c:\program files (x86)\Gadu-Gadu 10\gg.exe" [2011-07-04 13374048]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-09-24 222496]
"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-12 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-12 228448]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files (x86)\Digsby\digsby.exe [2010-3-3 141488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 250568]
R3 ALSysIO;ALSysIO;c:\users\Owner\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 35848]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]
R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-02-07 23816]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 31624]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-23 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PORTMON;PORTMON;c:\users\Owner\Desktop\PORTMSYS.SYS [x]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 242720]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-29 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-08 24840]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2011-07-26 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120804.001\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENTx64\0300000.085\ccSetx64.sys [2012-05-25 168608]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-27 283200]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120824.001\IDSvia64.sys [2012-08-22 512672]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-09-24 296808]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-23 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-11 15928]
S2 MCLIENT;Norton Management;c:\program files (x86)\Norton Management\Engine\3.0.0.133\ccSvcHst.exe [2012-06-14 143928]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [2009-12-21 52224]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-12 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [2011-01-11 14944]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2010-01-22 197888]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 12012816
*Deregistered* - 12012816
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 02:07]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4068814822-2034975643-3909918309-1002Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-26 18:47]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4068814822-2034975643-3909918309-1002UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-26 18:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-17 4367808]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-01-11 57928]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://support.lenovo.com/en_US/default.page?
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: c:\users\Owner\Desktop\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 216.144.187.101 204.186.80.251 216.144.187.199
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77}
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7one8w6i.default\
FF - prefs.js: browser.startup.homepage - ptd.net|ebay.com|logmein.com|mail.google.com|msn.com|yahoo.com|hxxps://encrypted.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MCLIENT]
"ImagePath"="\"c:\program files (x86)\Norton Management\Engine\3.0.0.133\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton Management\Engine\3.0.0.133\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-26 17:42:33
ComboFix-quarantined-files.txt 2012-08-26 21:42
ComboFix2.txt 2012-08-26 17:09
.
Pre-Run: 166,784,774,144 bytes free
Post-Run: 166,831,063,040 bytes free
.
- - End Of File - - 7BDDAC75ADD69F4AA127E6D714B15576

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:48 AM

Posted 26 August 2012 - 05:08 PM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 26 August 2012 - 05:29 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.26.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: PEGGY [administrator]

8/26/2012 6:16:25 PM
mbam-log-2012-08-26 (18-16-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224429
Time elapsed: 2 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 26 August 2012 - 05:30 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:29:55 PM, on 8/26/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Management\Engine\3.0.0.133\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Norton Management\Engine\3.0.0.133\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hijack\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://support.lenovo.com/en_US/default.page?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {22D8E815-4A5E-4dfb-845E-AAB64207F5BD} - C:\Users\Owner\Desktop\eBay Toolbar2\eBayTB.dll (file missing)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: QTTabBar AutoLoader - {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} - mscoree.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
O3 - Toolbar: QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QTTab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Gadu-Gadu 10] "C:\Program Files (x86)\Gadu-Gadu 10\gg.exe"
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'Default user')
O4 - Startup: Digsby.lnk = C:\Program Files (x86)\Digsby\digsby.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Norton Management (MCLIENT) - Symantec Corporation - C:\Program Files (x86)\Norton Management\Engine\3.0.0.133\ccSvcHst.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12360 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users