Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack/Redirect


  • This topic is locked This topic is locked
15 replies to this topic

#1 DevzFan15

DevzFan15

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 03 September 2012 - 12:35 AM

Hey I've had a redirect problem for a few days now. Norton found a few trojans but it failed to fix the problem.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Scott at 1:30:47 on 2012-09-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5420 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Apple Computer] rundll32.exe "C:\Users\Scott\AppData\Local\ATI\Apple Computer\fokuzeyjp.dll",CreateInstance
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [<NO NAME>]
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [Apple Computer] rundll32.exe "C:\Users\Scott\AppData\Local\ATI\Apple Computer\fokuzeyjp.dll",CreateInstance
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0C70F0D0-3638-464E-B116-EDE1E6BD8F6B} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0C70F0D0-3638-464E-B116-EDE1E6BD8F6B}\64C454453402241383630275966496 : DhcpNameServer = 10.7.254.0
TCP: Interfaces\{15E930FA-0460-49E3-ACB2-DD5B2E49EF5C} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [(Default)]
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SMR310;Symantec SMR Utility Service 3.1.0;C:\Windows\system32\drivers\SMR310.SYS --> C:\Windows\system32\drivers\SMR310.SYS [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120823.007\BHDrvx64.sys [2012-6-18 1161376]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120831.001\IDSviA64.sys [2012-8-31 512672]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-29 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-4-8 514232]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-25 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-5 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-29 2413056]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe [2012-8-14 138272]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SlingAgentService;SlingAgentService;C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2009-9-25 93960]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-5 2656280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-11 138912]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/11/22 18:35:09;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-2-24 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-03 04:52:03 388096 ----a-r- C:\Users\Scott\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2012-09-03 04:52:02 -------- d-----w- C:\Program Files (x86)\TrendMicro
2012-08-31 16:01:59 95392 ----a-w- C:\Windows\System32\drivers\SMR310.SYS
2012-08-31 16:01:52 -------- d-----w- C:\Users\Scott\AppData\Local\NPE
2012-08-30 03:24:42 -------- d-----w- C:\Users\Scott\AppData\Local\{601AABCB-1ED8-41AE-AD00-F34FF478F5DF}
2012-08-29 04:20:17 -------- d-----w- C:\Users\Scott\AppData\Local\{B9982D35-6C68-49DC-B946-097DA2D8E1FF}
2012-08-27 01:56:57 -------- d-----w- C:\Users\Scott\AppData\Local\{10DABFFA-4E58-41C9-85B1-0474CDF06B59}
2012-08-25 16:11:09 -------- d-----w- C:\Users\Scott\AppData\Local\{08C884CC-93A6-4376-B899-D9185A64A6AF}
2012-08-25 01:23:36 -------- d-----w- C:\Users\Scott\AppData\Local\{708D2AD5-6DB8-4A48-9073-CEE656807464}
2012-08-24 03:14:15 -------- d-----w- C:\Users\Scott\AppData\Local\{90E1FA73-77EE-4A98-B77E-750E22D7077B}
2012-08-23 15:14:04 -------- d-----w- C:\Users\Scott\AppData\Local\{3CFCFB32-D99A-4D7D-B814-0022A5E69082}
2012-08-23 02:40:44 -------- d-----w- C:\Users\Scott\AppData\Local\{09FC7565-7E5D-47BC-A703-B758DE8C7433}
2012-08-22 13:28:20 -------- d-----w- C:\Users\Scott\AppData\Local\{D20E9DDB-7ED7-4F64-AFC8-95DC9691E66D}
2012-08-22 01:28:09 -------- d-----w- C:\Users\Scott\AppData\Local\{ACD85B82-B37B-4892-8EBA-78B4EC8DAA9F}
2012-08-21 13:27:58 -------- d-----w- C:\Users\Scott\AppData\Local\{0D6D8C00-901A-4903-91E7-FB59AB9CDC1C}
2012-08-17 02:06:16 -------- d-----w- C:\Users\Scott\AppData\Local\{3879883D-414E-4086-ADA6-8377045CEE28}
2012-08-17 02:06:04 -------- d-----w- C:\Users\Scott\AppData\Local\{63626AEE-9525-45E2-8C00-D0605B736BFD}
2012-08-16 02:45:35 -------- d-----w- C:\Users\Scott\AppData\Local\{4AFF61A7-4957-47FF-BC6D-8B1F2C69E280}
2012-08-16 02:45:24 -------- d-----w- C:\Users\Scott\AppData\Local\{8C578182-F06F-49AC-A8F5-F45AB610E22D}
2012-08-15 14:45:13 -------- d-----w- C:\Users\Scott\AppData\Local\{58377952-55E9-4604-9807-3A2361151F3D}
2012-08-15 14:45:02 -------- d-----w- C:\Users\Scott\AppData\Local\{131DA6CD-C8C0-4473-B52E-B9B8023C7099}
2012-08-15 02:42:38 -------- d-----w- C:\Users\Scott\AppData\Local\{02877DE2-2601-4D3D-8F11-3AEBE488CB32}
2012-08-15 02:42:28 -------- d-----w- C:\Users\Scott\AppData\Local\{609BA3DD-1131-4134-82A4-B5322AFCF52F}
2012-08-15 02:12:20 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1308000.00E\symds64.sys
2012-08-15 02:12:20 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symnets.sys
2012-08-15 02:12:20 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symefa64.sys
2012-08-15 02:12:19 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtsp64.sys
2012-08-15 02:12:19 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtspx64.sys
2012-08-15 02:12:19 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\ironx64.sys
2012-08-15 02:12:19 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\ccsetx64.sys
2012-08-15 02:12:12 -------- d-----w- C:\Windows\System32\drivers\NISx64\1308000.00E
2012-08-14 14:42:16 -------- d-----w- C:\Users\Scott\AppData\Local\{DB31744A-1B15-44B5-AE04-2E17C8D59512}
2012-08-14 14:42:06 -------- d-----w- C:\Users\Scott\AppData\Local\{0A94D1AF-419C-4484-B36C-0B5B7DE93A83}
2012-08-14 02:41:53 -------- d-----w- C:\Users\Scott\AppData\Local\{40D1CAD1-7FF6-4DAA-9FC3-22B652C2B08C}
2012-08-14 02:41:42 -------- d-----w- C:\Users\Scott\AppData\Local\{DB882206-6FC9-4965-9ADF-0B783B974174}
2012-08-13 14:41:29 -------- d-----w- C:\Users\Scott\AppData\Local\{3A2560F4-E40A-4F37-8836-4551DAE406CD}
2012-08-13 14:41:18 -------- d-----w- C:\Users\Scott\AppData\Local\{CF33885F-CADD-4E29-802F-89F466AECCF2}
2012-08-13 02:41:07 -------- d-----w- C:\Users\Scott\AppData\Local\{1EE2244D-35E9-4436-9DA0-99EF5000D53E}
2012-08-13 02:40:53 -------- d-----w- C:\Users\Scott\AppData\Local\{BF20F85B-845F-479A-A81B-90FBF6E59019}
2012-08-12 14:40:40 -------- d-----w- C:\Users\Scott\AppData\Local\{341F5817-EBA7-4AA2-B379-33A3174DDBEB}
2012-08-12 14:40:29 -------- d-----w- C:\Users\Scott\AppData\Local\{1B2B3DED-CC77-4C00-A478-98DA571A748A}
2012-08-11 18:18:13 -------- d-----w- C:\Users\Scott\AppData\Local\{067E5A7D-1B96-46CA-A886-92994A20B3E5}
2012-08-11 18:18:03 -------- d-----w- C:\Users\Scott\AppData\Local\{77C799DC-06C1-4191-853D-ADBE5E1C820F}
2012-08-11 06:17:50 -------- d-----w- C:\Users\Scott\AppData\Local\{6D2DD348-4A4C-4FDB-BC3E-E488E61E6A1A}
2012-08-11 06:17:40 -------- d-----w- C:\Users\Scott\AppData\Local\{D5FCE5CD-BC08-4B57-A958-05B32EFB4494}
2012-08-10 18:17:27 -------- d-----w- C:\Users\Scott\AppData\Local\{F0C4CB04-47E4-44D4-96A3-E818B7F16C86}
2012-08-10 18:17:17 -------- d-----w- C:\Users\Scott\AppData\Local\{8B512631-2C07-444D-8A01-5A04189F6C2B}
2012-08-09 18:24:51 -------- d-----w- C:\Users\Scott\AppData\Local\{58320235-6443-4BD3-B6B8-CA80E0E1BF26}
2012-08-09 18:24:41 -------- d-----w- C:\Users\Scott\AppData\Local\{84A206FE-114E-4573-A0CD-F0E44C9BF719}
2012-08-08 23:24:22 -------- d-----w- C:\Users\Scott\AppData\Local\{46C1FF7B-9B4E-4FCB-ABD8-CDB4410820E7}
2012-08-08 23:24:11 -------- d-----w- C:\Users\Scott\AppData\Local\{B819B62E-7EDE-49B2-9FA7-35575ED4C548}
2012-08-07 08:34:28 -------- d-----w- C:\Users\Scott\AppData\Local\{C8F9CC80-5AE1-4A7C-BD19-8FFBD31186D1}
2012-08-07 08:34:17 -------- d-----w- C:\Users\Scott\AppData\Local\{528A045D-D9D5-474C-AE06-410A673A3EA8}
2012-08-06 18:04:38 -------- d-----w- C:\Users\Scott\AppData\Local\{5CE3EE97-0099-4E86-90CD-A61BA4750262}
2012-08-06 18:04:28 -------- d-----w- C:\Users\Scott\AppData\Local\{508BCFD5-7F07-47FB-83CD-E99A614CDCA3}
2012-08-06 01:12:40 -------- d-----w- C:\Users\Scott\AppData\Local\{27D54EE6-68B2-4293-A8CE-910BA2D43F78}
2012-08-04 16:01:37 -------- d-----w- C:\Users\Scott\AppData\Local\{4A60BF7B-A412-4E84-9F80-339ECBB09F10}
2012-08-04 16:01:25 -------- d-----w- C:\Users\Scott\AppData\Local\{4DBEE83D-FF07-4B3F-97E5-9750ABD77A8E}
2012-08-04 16:00:26 -------- d-----w- C:\Windows\en
2012-08-04 15:56:11 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ab4012371cd725902\DSETUP.dll
2012-08-04 15:56:11 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ab4012371cd725902\DXSETUP.exe
2012-08-04 15:56:11 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ab4012371cd725902\dsetup32.dll
2012-08-04 15:56:11 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ab6093011cd725903\MeshBetaRemover.exe
.
==================== Find3M ====================
.
2012-08-16 02:00:17 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 02:00:17 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-07 00:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
.
============= FINISH: 1:31:18.28 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:30 PM

Posted 03 September 2012 - 09:31 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 DevzFan15

DevzFan15
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 03 September 2012 - 11:12 AM

Had trouble turning off Norton, I disabled it completly but it still said it was running. Heres the combofix log

ComboFix 12-09-03.06 - Scott 09/03/2012 11:29:00.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5415 [GMT -4:00]
Running from: c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5FMHP2T4\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Scott\AppData\Local\ATI\Apple Computer\fokuzeyjp.dll
c:\windows\Installer\{17fa1868-de07-0457-3d17-6e3b055b5d80}\@
c:\windows\Installer\{17fa1868-de07-0457-3d17-6e3b055b5d80}\U\00000008.@
.
.
((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-03 15:42 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-09-03 15:38 . 2012-09-03 15:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-03 04:52 . 2012-09-03 04:52 388096 ----a-r- c:\users\Scott\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2012-09-03 04:52 . 2012-09-03 04:52 -------- d-----w- c:\program files (x86)\TrendMicro
2012-08-31 16:01 . 2012-09-01 02:03 -------- d-----w- c:\users\Scott\AppData\Local\NPE
2012-08-15 02:12 . 2012-08-17 02:03 -------- d-----w- c:\windows\system32\drivers\NISx64\1308000.00E
2012-08-11 18:58 . 2012-08-17 02:04 -------- d-----w- c:\users\TEMP
2012-08-04 16:00 . 2012-08-04 16:00 -------- d-----w- c:\windows\en
2012-08-04 15:56 . 2012-08-04 15:56 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab4012371cd725902\DSETUP.dll
2012-08-04 15:56 . 2012-08-04 15:56 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab4012371cd725902\DXSETUP.exe
2012-08-04 15:56 . 2012-08-04 15:56 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab4012371cd725902\dsetup32.dll
2012-08-04 15:56 . 2012-08-04 15:56 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab6093011cd725903\MeshBetaRemover.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 07:00 . 2011-09-26 21:12 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-16 02:00 . 2012-04-03 10:38 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-16 02:00 . 2011-10-01 00:52 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 05:43 . 2012-07-11 04:50 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-08 22:17 . 2012-06-08 22:18 376832 ----a-w- c:\windows\system32\iglhsip64.dll
2012-06-08 22:17 . 2012-06-08 22:18 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-06-08 22:17 . 2012-06-08 22:18 98304 ----a-w- c:\windows\system32\iglhcp64.dll
2012-06-08 22:17 . 2012-06-08 22:18 510232 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-06-08 22:17 . 2012-06-08 22:18 378368 ----a-w- c:\windows\system32\igfxTMM.dll
2012-06-08 22:17 . 2012-06-08 22:18 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-06-08 22:17 . 2012-06-08 22:18 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-06-08 22:17 . 2012-06-08 22:18 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-06-08 22:17 . 2012-06-08 22:18 167704 ----a-w- c:\windows\system32\igfxtray.exe
2012-06-08 22:17 . 2011-08-05 12:17 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-06-08 22:17 . 2012-06-08 22:18 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-06-08 22:17 . 2012-06-08 22:18 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-06-08 22:17 . 2012-06-08 22:18 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-06-08 22:17 . 2012-06-08 22:18 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-06-08 22:17 . 2011-08-05 12:17 9014784 ----a-w- c:\windows\system32\igfxress.dll
2012-06-08 22:17 . 2012-06-08 22:18 416024 ----a-w- c:\windows\system32\igfxpers.exe
2012-06-08 22:17 . 2012-06-08 22:18 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-06-08 22:17 . 2012-06-08 22:18 375808 ----a-w- c:\windows\system32\igfxpph.dll
2012-06-08 22:17 . 2012-06-08 22:18 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-06-08 22:17 . 2012-06-08 22:18 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2012-06-08 22:17 . 2012-06-08 22:18 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-06-08 22:17 . 2012-06-08 22:18 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-06-08 22:17 . 2012-06-08 22:18 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-06-08 22:17 . 2012-06-08 22:18 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-06-08 22:17 . 2012-06-08 22:18 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2012-06-08 22:17 . 2012-06-08 22:18 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-06-08 22:17 . 2012-06-08 22:18 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-06-08 22:17 . 2012-06-08 22:18 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-06-08 22:17 . 2012-06-08 22:18 239896 ----a-w- c:\windows\system32\igfxext.exe
2012-06-08 22:17 . 2012-06-08 22:18 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-06-08 22:17 . 2012-06-08 22:18 75776 ----a-w- c:\windows\system32\igdde64.dll
2012-06-08 22:17 . 2012-06-08 22:18 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2012-06-08 22:17 . 2012-06-08 22:18 390144 ----a-w- c:\windows\system32\igfxdev.dll
2012-06-08 22:17 . 2012-06-08 22:18 216000 ----a-w- c:\windows\system32\igfcg600m.bin
2012-06-08 22:17 . 2012-06-08 22:18 162816 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-06-08 22:17 . 2012-06-08 22:18 140288 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-06-08 22:17 . 2012-06-08 22:18 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-06-08 22:17 . 2012-06-08 22:18 12289472 ----a-w- c:\windows\system32\drivers\igdpmd64.sys
2012-06-08 22:17 . 2012-06-08 22:18 12289472 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-06-08 22:17 . 2011-08-05 12:17 8311808 ----a-w- c:\windows\system32\igdumd64.dll
2012-06-08 22:17 . 2011-03-26 02:12 6322688 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-06-08 22:17 . 2012-06-08 22:18 56832 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-06-08 22:17 . 2012-06-08 22:18 4378392 ----a-w- c:\windows\system32\GfxUI.exe
2012-06-08 22:17 . 2012-06-08 22:18 392472 ----a-w- c:\windows\system32\hkcmd.exe
2012-06-08 22:17 . 2012-06-08 22:18 18640384 ----a-w- c:\windows\system32\ig4icd64.dll
2012-06-08 22:17 . 2012-06-08 22:18 13903872 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-06-08 22:17 . 2011-08-05 12:17 14598144 ----a-w- c:\windows\system32\igd10umd64.dll
2012-06-08 22:17 . 2011-08-05 12:17 110080 ----a-w- c:\windows\system32\hccutils.dll
2012-06-08 22:17 . 2011-03-26 02:02 12339712 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-06-08 22:17 . 2012-06-08 22:18 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-06-08 22:17 . 2012-06-08 22:18 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2012-06-08 22:17 . 2012-06-08 22:18 179992 ----a-w- c:\windows\system32\difx64.exe
2012-06-08 22:17 . 2012-06-08 22:18 423424 ----a-w- c:\windows\system32\atipdl64.dll
2012-06-08 22:17 . 2012-06-08 22:18 4056064 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-08 22:17 . 2012-06-08 22:18 3871744 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-08 22:17 . 2012-06-08 22:18 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2012-06-08 22:17 . 2012-06-08 22:18 18388480 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-08 22:17 . 2012-06-08 22:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-06-08 22:17 . 2012-06-08 22:18 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-08 22:17 . 2012-06-08 22:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-06-08 22:17 . 2011-08-05 12:17 58880 ----a-w- c:\windows\system32\coinst.dll
2012-06-08 22:17 . 2011-08-05 12:17 5399040 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-08 22:17 . 2011-08-05 12:17 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-08 22:17 . 2011-08-05 12:17 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-08 22:17 . 2011-04-13 06:32 4256768 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-08 22:17 . 2011-04-13 06:16 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-08 22:17 . 2011-04-13 06:16 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-08 22:17 . 2012-06-08 22:18 9981952 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-08 22:17 . 2012-06-08 22:18 9644544 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-08 22:17 . 2012-06-08 22:18 8247296 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-08 22:17 . 2012-06-08 22:18 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-08 22:17 . 2012-06-08 22:18 53760 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-08 22:17 . 2012-06-08 22:18 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-08 22:17 . 2012-06-08 22:18 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-08 22:17 . 2012-06-08 22:18 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-08 22:17 . 2012-06-08 22:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-08 22:17 . 2012-06-08 22:18 485376 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-08 22:17 . 2012-06-08 22:18 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-08 22:17 . 2012-06-08 22:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-08 22:17 . 2012-06-08 22:18 44544 ----a-w- c:\windows\system32\aticalcl64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-11-29 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-11-22 75048]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-01 343168]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/11/22 18:35;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-26 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2011-07-26 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120823.007\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120831.001\IDSvia64.sys [2012-08-22 512672]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-11-29 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-08 204288]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-31 1166848]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-25 260424]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-29 2413056]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2009-09-25 93960]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-08 9981952]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-08 310272]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-11 138912]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2012-06-08 12289472]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-11-29 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-11-29 208896]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-11-29 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-02-17 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:00]
.
2012-08-30 c:\windows\Tasks\HPCeeScheduleForScott.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-29 1128448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-06-08 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-06-08 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-06-08 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Apple Computer - c:\users\Scott\AppData\Local\ATI\Apple Computer\fokuzeyjp.dll
Wow6432Node-HKU-Default-Run-Apple Computer - c:\users\Scott\AppData\Local\ATI\Apple Computer\fokuzeyjp.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-NHL Eastside Hockey Manager 2005 - c:\program files (x86)\SEGA\NHL Eastside Hockey Manager 2005\Uninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-09-03 11:59:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-03 15:59
.
Pre-Run: 363,093,045,248 bytes free
Post-Run: 365,173,202,944 bytes free
.
- - End Of File - - CD5720195FC29B7CF66CE888F36623D9

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:30 PM

Posted 03 September 2012 - 11:17 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 DevzFan15

DevzFan15
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 03 September 2012 - 09:29 PM

12:26:32.0015 5256 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
12:26:32.0873 5256 ============================================================
12:26:32.0873 5256 Current date / time: 2012/09/03 12:26:32.0873
12:26:32.0873 5256 SystemInfo:
12:26:32.0873 5256
12:26:32.0873 5256 OS Version: 6.1.7601 ServicePack: 1.0
12:26:32.0873 5256 Product type: Workstation
12:26:32.0873 5256 ComputerName: SCOTT-HP
12:26:32.0873 5256 UserName: Scott
12:26:32.0873 5256 Windows directory: C:\Windows
12:26:32.0873 5256 System windows directory: C:\Windows
12:26:32.0873 5256 Running under WOW64
12:26:32.0873 5256 Processor architecture: Intel x64
12:26:32.0873 5256 Number of processors: 8
12:26:32.0873 5256 Page size: 0x1000
12:26:32.0873 5256 Boot type: Normal boot
12:26:32.0873 5256 ============================================================
12:26:33.0825 5256 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:26:33.0825 5256 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:26:33.0841 5256 ============================================================
12:26:33.0841 5256 \Device\Harddisk0\DR0:
12:26:33.0841 5256 MBR partitions:
12:26:33.0841 5256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
12:26:33.0841 5256 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x385FD800
12:26:33.0841 5256 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38661800, BlocksNum 0x1CF0800
12:26:33.0841 5256 \Device\Harddisk1\DR1:
12:26:33.0841 5256 MBR partitions:
12:26:33.0841 5256 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
12:26:33.0841 5256 ============================================================
12:26:33.0887 5256 C: <-> \Device\Harddisk0\DR0\Partition2
12:26:34.0246 5256 D: <-> \Device\Harddisk1\DR1\Partition1
12:26:34.0340 5256 E: <-> \Device\Harddisk0\DR0\Partition3
12:26:34.0340 5256 ============================================================
12:26:34.0340 5256 Initialize success
12:26:34.0340 5256 ============================================================
12:26:37.0444 4304 ============================================================
12:26:37.0444 4304 Scan started
12:26:37.0444 4304 Mode: Manual;
12:26:37.0444 4304 ============================================================
12:26:38.0458 4304 ================ Scan system memory ========================
12:26:38.0458 4304 System memory - ok
12:26:38.0458 4304 ================ Scan services =============================
12:26:38.0724 4304 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:26:38.0724 4304 1394ohci - ok
12:26:38.0755 4304 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
12:26:38.0786 4304 Accelerometer - ok
12:26:38.0833 4304 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:26:38.0864 4304 ACPI - ok
12:26:38.0895 4304 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:26:38.0895 4304 AcpiPmi - ok
12:26:39.0036 4304 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:26:39.0036 4304 AdobeARMservice - ok
12:26:39.0254 4304 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:26:39.0270 4304 AdobeFlashPlayerUpdateSvc - ok
12:26:39.0332 4304 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:26:39.0394 4304 adp94xx - ok
12:26:39.0457 4304 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:26:39.0504 4304 adpahci - ok
12:26:39.0566 4304 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:26:39.0582 4304 adpu320 - ok
12:26:39.0613 4304 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:26:39.0613 4304 AeLookupSvc - ok
12:26:39.0722 4304 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
12:26:39.0722 4304 AESTFilters - ok
12:26:39.0784 4304 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:26:39.0831 4304 AFD - ok
12:26:39.0878 4304 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:26:39.0878 4304 agp440 - ok
12:26:39.0925 4304 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:26:39.0940 4304 ALG - ok
12:26:39.0987 4304 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:26:40.0003 4304 aliide - ok
12:26:40.0065 4304 [ C53D784D7303C463D004C0D5782917B4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:26:40.0081 4304 AMD External Events Utility - ok
12:26:40.0096 4304 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:26:40.0096 4304 amdide - ok
12:26:40.0143 4304 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:26:40.0159 4304 AmdK8 - ok
12:26:40.0440 4304 [ 06778049A44C316E8D016039B9D14667 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:26:40.0658 4304 amdkmdag - ok
12:26:40.0689 4304 [ 94B4028F0EEA1F166D78186A254676B5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:26:40.0705 4304 amdkmdap - ok
12:26:40.0736 4304 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
12:26:40.0736 4304 AmdPPM - ok
12:26:40.0798 4304 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:26:40.0830 4304 amdsata - ok
12:26:40.0861 4304 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:26:40.0876 4304 amdsbs - ok
12:26:40.0923 4304 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:26:40.0939 4304 amdxata - ok
12:26:41.0001 4304 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
12:26:41.0032 4304 AMPPAL - ok
12:26:41.0048 4304 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
12:26:41.0048 4304 AMPPALP - ok
12:26:41.0188 4304 [ 576134E43169810B560F0BB6FDEE13F5 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
12:26:41.0220 4304 AMPPALR3 - ok
12:26:41.0298 4304 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:26:41.0298 4304 AppID - ok
12:26:41.0329 4304 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:26:41.0329 4304 AppIDSvc - ok
12:26:41.0344 4304 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:26:41.0360 4304 Appinfo - ok
12:26:41.0438 4304 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:26:41.0438 4304 Apple Mobile Device - ok
12:26:41.0500 4304 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
12:26:41.0532 4304 arc - ok
12:26:41.0594 4304 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:26:41.0594 4304 arcsas - ok
12:26:41.0625 4304 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:26:41.0625 4304 AsyncMac - ok
12:26:41.0656 4304 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:26:41.0656 4304 atapi - ok
12:26:41.0734 4304 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:26:41.0766 4304 AudioEndpointBuilder - ok
12:26:41.0797 4304 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:26:41.0797 4304 AudioSrv - ok
12:26:41.0844 4304 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:26:41.0875 4304 AxInstSV - ok
12:26:41.0922 4304 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:26:41.0968 4304 b06bdrv - ok
12:26:42.0000 4304 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:26:42.0015 4304 b57nd60a - ok
12:26:42.0093 4304 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
12:26:42.0093 4304 BBSvc - ok
12:26:42.0171 4304 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
12:26:42.0218 4304 BCM43XX - ok
12:26:42.0234 4304 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:26:42.0249 4304 BDESVC - ok
12:26:42.0280 4304 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:26:42.0280 4304 Beep - ok
12:26:42.0343 4304 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:26:42.0358 4304 BFE - ok
12:26:42.0577 4304 [ C8AB71A5102D0FC103F6DFC750005137 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120823.007\BHDrvx64.sys
12:26:42.0592 4304 BHDrvx64 - ok
12:26:42.0624 4304 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
12:26:42.0639 4304 BITS - ok
12:26:42.0702 4304 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
12:26:42.0702 4304 blbdrive - ok
12:26:42.0780 4304 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:26:42.0795 4304 Bonjour Service - ok
12:26:42.0826 4304 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:26:42.0826 4304 bowser - ok
12:26:42.0858 4304 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:26:42.0858 4304 BrFiltLo - ok
12:26:42.0889 4304 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:26:42.0904 4304 BrFiltUp - ok
12:26:42.0951 4304 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:26:42.0967 4304 BridgeMP - ok
12:26:43.0029 4304 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:26:43.0029 4304 Browser - ok
12:26:43.0076 4304 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:26:43.0092 4304 Brserid - ok
12:26:43.0123 4304 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:26:43.0123 4304 BrSerWdm - ok
12:26:43.0138 4304 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:26:43.0154 4304 BrUsbMdm - ok
12:26:43.0170 4304 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:26:43.0170 4304 BrUsbSer - ok
12:26:43.0201 4304 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:26:43.0216 4304 BTHMODEM - ok
12:26:43.0279 4304 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:26:43.0310 4304 bthserv - ok
12:26:43.0372 4304 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
12:26:43.0372 4304 BTHSSecurityMgr - ok
12:26:43.0404 4304 catchme - ok
12:26:43.0497 4304 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys
12:26:43.0497 4304 ccSet_NIS - ok
12:26:43.0560 4304 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:26:43.0575 4304 cdfs - ok
12:26:43.0638 4304 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:26:43.0653 4304 cdrom - ok
12:26:43.0716 4304 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:26:43.0731 4304 CertPropSvc - ok
12:26:43.0762 4304 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
12:26:43.0762 4304 circlass - ok
12:26:43.0778 4304 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:26:43.0794 4304 CLFS - ok
12:26:43.0903 4304 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
12:26:43.0903 4304 CLKMSVC10_38F51D56 - ok
12:26:43.0996 4304 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:26:44.0012 4304 clr_optimization_v2.0.50727_32 - ok
12:26:44.0059 4304 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:26:44.0090 4304 clr_optimization_v2.0.50727_64 - ok
12:26:44.0168 4304 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:26:44.0168 4304 clr_optimization_v4.0.30319_32 - ok
12:26:44.0215 4304 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:26:44.0215 4304 clr_optimization_v4.0.30319_64 - ok
12:26:44.0262 4304 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
12:26:44.0262 4304 clwvd - ok
12:26:44.0293 4304 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
12:26:44.0293 4304 CmBatt - ok
12:26:44.0324 4304 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:26:44.0324 4304 cmdide - ok
12:26:44.0418 4304 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:26:44.0464 4304 CNG - ok
12:26:44.0511 4304 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:26:44.0511 4304 Compbatt - ok
12:26:44.0542 4304 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:26:44.0542 4304 CompositeBus - ok
12:26:44.0558 4304 COMSysApp - ok
12:26:44.0605 4304 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:26:44.0620 4304 crcdisk - ok
12:26:44.0698 4304 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:26:44.0698 4304 CryptSvc - ok
12:26:44.0745 4304 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:26:44.0761 4304 DcomLaunch - ok
12:26:44.0808 4304 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:26:44.0839 4304 defragsvc - ok
12:26:44.0870 4304 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:26:44.0870 4304 DfsC - ok
12:26:44.0901 4304 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:26:44.0917 4304 Dhcp - ok
12:26:44.0932 4304 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:26:44.0932 4304 discache - ok
12:26:44.0979 4304 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
12:26:44.0995 4304 Disk - ok
12:26:45.0042 4304 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:26:45.0042 4304 Dnscache - ok
12:26:45.0073 4304 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:26:45.0088 4304 dot3svc - ok
12:26:45.0104 4304 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:26:45.0104 4304 DPS - ok
12:26:45.0151 4304 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:26:45.0182 4304 drmkaud - ok
12:26:45.0229 4304 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:26:45.0244 4304 DXGKrnl - ok
12:26:45.0307 4304 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:26:45.0307 4304 EapHost - ok
12:26:45.0432 4304 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:26:45.0525 4304 ebdrv - ok
12:26:45.0588 4304 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:26:45.0603 4304 eeCtrl - ok
12:26:45.0650 4304 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:26:45.0650 4304 EFS - ok
12:26:45.0728 4304 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:26:45.0790 4304 ehRecvr - ok
12:26:45.0822 4304 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:26:45.0822 4304 ehSched - ok
12:26:45.0884 4304 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:26:45.0900 4304 elxstor - ok
12:26:45.0962 4304 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:26:45.0993 4304 EraserUtilRebootDrv - ok
12:26:46.0024 4304 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:26:46.0024 4304 ErrDev - ok
12:26:46.0087 4304 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:26:46.0102 4304 EventSystem - ok
12:26:46.0180 4304 [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:26:46.0212 4304 EvtEng - ok
12:26:46.0258 4304 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:26:46.0258 4304 exfat - ok
12:26:46.0274 4304 ezSharedSvc - ok
12:26:46.0305 4304 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:26:46.0305 4304 fastfat - ok
12:26:46.0477 4304 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:26:46.0851 4304 Fax - ok
12:26:46.0914 4304 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
12:26:46.0914 4304 fdc - ok
12:26:46.0929 4304 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:26:46.0945 4304 fdPHost - ok
12:26:46.0945 4304 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:26:46.0945 4304 FDResPub - ok
12:26:46.0976 4304 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:26:46.0976 4304 FileInfo - ok
12:26:46.0992 4304 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:26:47.0007 4304 Filetrace - ok
12:26:47.0085 4304 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:26:47.0148 4304 FLEXnet Licensing Service - ok
12:26:47.0179 4304 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:26:47.0179 4304 flpydisk - ok
12:26:47.0226 4304 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:26:47.0241 4304 FltMgr - ok
12:26:47.0304 4304 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:26:47.0335 4304 FontCache - ok
12:26:47.0382 4304 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:26:47.0413 4304 FontCache3.0.0.0 - ok
12:26:47.0491 4304 [ 6AA4E6B4EA50620AB622A048394C4AA2 ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
12:26:47.0506 4304 FPLService - ok
12:26:47.0522 4304 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:26:47.0538 4304 FsDepends - ok
12:26:47.0569 4304 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:26:47.0600 4304 Fs_Rec - ok
12:26:47.0647 4304 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:26:47.0647 4304 fvevol - ok
12:26:47.0694 4304 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:26:47.0694 4304 gagp30kx - ok
12:26:47.0740 4304 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
12:26:47.0772 4304 GamesAppService - ok
12:26:47.0850 4304 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:26:47.0850 4304 GEARAspiWDM - ok
12:26:47.0912 4304 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:26:47.0943 4304 gpsvc - ok
12:26:47.0959 4304 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:26:47.0974 4304 hcw85cir - ok
12:26:48.0021 4304 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:26:48.0021 4304 HdAudAddService - ok
12:26:48.0052 4304 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:26:48.0068 4304 HDAudBus - ok
12:26:48.0084 4304 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:26:48.0099 4304 HidBatt - ok
12:26:48.0115 4304 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:26:48.0115 4304 HidBth - ok
12:26:48.0146 4304 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
12:26:48.0146 4304 HidIr - ok
12:26:48.0177 4304 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
12:26:48.0177 4304 hidserv - ok
12:26:48.0240 4304 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:26:48.0240 4304 HidUsb - ok
12:26:48.0255 4304 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:26:48.0255 4304 hkmsvc - ok
12:26:48.0286 4304 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:26:48.0302 4304 HomeGroupListener - ok
12:26:48.0318 4304 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:26:48.0333 4304 HomeGroupProvider - ok
12:26:48.0427 4304 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
12:26:48.0442 4304 HP Support Assistant Service - ok
12:26:48.0505 4304 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
12:26:48.0505 4304 HPClientSvc - ok
12:26:48.0598 4304 [ E040F0064D39F73BB4995D494F3DCBB8 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
12:26:48.0661 4304 hpCMSrv - ok
12:26:48.0754 4304 [ B19FF523B533A3F198B9239E1749C940 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
12:26:48.0770 4304 HPDrvMntSvc.exe - ok
12:26:48.0801 4304 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
12:26:48.0817 4304 hpdskflt - ok
12:26:48.0864 4304 [ 01091B900E15878B4434F9C726C4541D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
12:26:48.0926 4304 hpqwmiex - ok
12:26:48.0957 4304 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:26:48.0957 4304 HpSAMD - ok
12:26:48.0988 4304 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
12:26:48.0988 4304 hpsrv - ok
12:26:49.0020 4304 [ 491CE9B6321FB74E4B37AF2C47F98434 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
12:26:49.0020 4304 HPWMISVC - ok
12:26:49.0066 4304 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:26:49.0129 4304 HTTP - ok
12:26:49.0144 4304 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:26:49.0144 4304 hwpolicy - ok
12:26:49.0207 4304 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:26:49.0222 4304 i8042prt - ok
12:26:49.0269 4304 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:26:49.0285 4304 iaStor - ok
12:26:49.0347 4304 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:26:49.0347 4304 IAStorDataMgrSvc - ok
12:26:49.0394 4304 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:26:49.0410 4304 iaStorV - ok
12:26:49.0534 4304 [ D72BF0AE484F88399E8343E821C10D6A ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
12:26:49.0628 4304 IconMan_R - ok
12:26:49.0690 4304 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:26:49.0737 4304 idsvc - ok
12:26:49.0831 4304 [ 82AB40147567DE48C405AFE570A2266F ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120831.001\IDSvia64.sys
12:26:49.0846 4304 IDSVia64 - ok
12:26:49.0878 4304 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:26:49.0893 4304 iirsp - ok
12:26:49.0956 4304 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:26:49.0987 4304 IKEEXT - ok
12:26:50.0034 4304 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
12:26:50.0096 4304 IntcDAud - ok
12:26:50.0127 4304 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:26:50.0127 4304 intelide - ok
12:26:50.0455 4304 [ 33FAA40B288002C89529DBD14F3AB72C ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
12:26:50.0829 4304 intelkmd - ok
12:26:50.0860 4304 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:26:50.0860 4304 intelppm - ok
12:26:50.0907 4304 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:26:50.0923 4304 IPBusEnum - ok
12:26:50.0985 4304 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:26:50.0985 4304 IpFilterDriver - ok
12:26:51.0001 4304 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:26:51.0016 4304 iphlpsvc - ok
12:26:51.0032 4304 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:26:51.0079 4304 IPMIDRV - ok
12:26:51.0094 4304 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:26:51.0094 4304 IPNAT - ok
12:26:51.0157 4304 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:26:51.0219 4304 iPod Service - ok
12:26:51.0235 4304 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:26:51.0235 4304 IRENUM - ok
12:26:51.0266 4304 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:26:51.0282 4304 isapnp - ok
12:26:51.0313 4304 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:26:51.0313 4304 iScsiPrt - ok
12:26:51.0344 4304 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:26:51.0344 4304 kbdclass - ok
12:26:51.0375 4304 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:26:51.0391 4304 kbdhid - ok
12:26:51.0406 4304 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:26:51.0406 4304 KeyIso - ok
12:26:51.0469 4304 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:26:51.0484 4304 KSecDD - ok
12:26:51.0531 4304 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:26:51.0531 4304 KSecPkg - ok
12:26:51.0578 4304 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:26:51.0594 4304 ksthunk - ok
12:26:51.0640 4304 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:26:51.0687 4304 KtmRm - ok
12:26:51.0734 4304 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:26:51.0734 4304 LanmanServer - ok
12:26:51.0781 4304 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:26:51.0781 4304 LanmanWorkstation - ok
12:26:51.0812 4304 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:26:51.0812 4304 lltdio - ok
12:26:51.0843 4304 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:26:51.0859 4304 lltdsvc - ok
12:26:51.0890 4304 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:26:51.0890 4304 lmhosts - ok
12:26:51.0937 4304 [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:26:51.0952 4304 LMS - ok
12:26:51.0999 4304 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:26:52.0015 4304 LSI_FC - ok
12:26:52.0030 4304 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:26:52.0062 4304 LSI_SAS - ok
12:26:52.0093 4304 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:26:52.0093 4304 LSI_SAS2 - ok
12:26:52.0108 4304 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:26:52.0108 4304 LSI_SCSI - ok
12:26:52.0140 4304 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:26:52.0140 4304 luafv - ok
12:26:52.0171 4304 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:26:52.0202 4304 Mcx2Svc - ok
12:26:52.0233 4304 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
12:26:52.0249 4304 megasas - ok
12:26:52.0296 4304 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:26:52.0296 4304 MegaSR - ok
12:26:52.0342 4304 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:26:52.0358 4304 MEIx64 - ok
12:26:52.0389 4304 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:26:52.0405 4304 MMCSS - ok
12:26:52.0420 4304 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:26:52.0436 4304 Modem - ok
12:26:52.0452 4304 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:26:52.0498 4304 monitor - ok
12:26:52.0545 4304 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:26:52.0576 4304 mouclass - ok
12:26:52.0608 4304 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:26:52.0608 4304 mouhid - ok
12:26:52.0639 4304 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:26:52.0639 4304 mountmgr - ok
12:26:52.0686 4304 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:26:52.0701 4304 mpio - ok
12:26:52.0732 4304 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:26:52.0732 4304 mpsdrv - ok
12:26:52.0779 4304 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:26:52.0795 4304 MpsSvc - ok
12:26:52.0826 4304 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:26:52.0826 4304 MRxDAV - ok
12:26:52.0857 4304 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:26:52.0873 4304 mrxsmb - ok
12:26:52.0888 4304 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:26:52.0935 4304 mrxsmb10 - ok
12:26:52.0966 4304 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:26:52.0966 4304 mrxsmb20 - ok
12:26:52.0998 4304 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:26:52.0998 4304 msahci - ok
12:26:53.0044 4304 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:26:53.0076 4304 msdsm - ok
12:26:53.0107 4304 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:26:53.0122 4304 MSDTC - ok
12:26:53.0138 4304 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:26:53.0138 4304 Msfs - ok
12:26:53.0169 4304 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:26:53.0169 4304 mshidkmdf - ok
12:26:53.0200 4304 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:26:53.0200 4304 msisadrv - ok
12:26:53.0232 4304 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:26:53.0247 4304 MSiSCSI - ok
12:26:53.0247 4304 msiserver - ok
12:26:53.0294 4304 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:26:53.0325 4304 MSKSSRV - ok
12:26:53.0341 4304 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:26:53.0341 4304 MSPCLOCK - ok
12:26:53.0356 4304 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:26:53.0356 4304 MSPQM - ok
12:26:53.0372 4304 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:26:53.0388 4304 MsRPC - ok
12:26:53.0419 4304 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:26:53.0419 4304 mssmbios - ok
12:26:53.0419 4304 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:26:53.0434 4304 MSTEE - ok
12:26:53.0450 4304 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:26:53.0450 4304 MTConfig - ok
12:26:53.0466 4304 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:26:53.0481 4304 Mup - ok
12:26:53.0544 4304 [ 8F57DB74BF5407A4CDA6C8B005DC8DD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:26:53.0559 4304 MyWiFiDHCPDNS - ok
12:26:53.0606 4304 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:26:53.0637 4304 napagent - ok
12:26:53.0700 4304 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:26:53.0700 4304 NativeWifiP - ok
12:26:53.0762 4304 [ 149A9AD81BB327E892FA1ACB77722442 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120902.007\ENG64.SYS
12:26:53.0778 4304 NAVENG - ok
12:26:53.0856 4304 [ 4AF8750E71B549FEC5F6D1D01398CA69 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120902.007\EX64.SYS
12:26:53.0871 4304 NAVEX15 - ok
12:26:53.0918 4304 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:26:53.0918 4304 NDIS - ok
12:26:53.0949 4304 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:26:53.0949 4304 NdisCap - ok
12:26:53.0980 4304 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:26:53.0980 4304 NdisTapi - ok
12:26:53.0996 4304 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:26:53.0996 4304 Ndisuio - ok
12:26:54.0027 4304 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:26:54.0027 4304 NdisWan - ok
12:26:54.0058 4304 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:26:54.0058 4304 NDProxy - ok
12:26:54.0074 4304 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:26:54.0090 4304 NetBIOS - ok
12:26:54.0105 4304 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:26:54.0105 4304 NetBT - ok
12:26:54.0121 4304 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:26:54.0121 4304 Netlogon - ok
12:26:54.0152 4304 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:26:54.0168 4304 Netman - ok
12:26:54.0168 4304 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:26:54.0183 4304 netprofm - ok
12:26:54.0214 4304 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:26:54.0214 4304 NetTcpPortSharing - ok
12:26:54.0448 4304 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
12:26:54.0667 4304 NETwNs64 - ok
12:26:54.0729 4304 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:26:54.0745 4304 nfrd960 - ok
12:26:54.0854 4304 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
12:26:54.0854 4304 NIS - ok
12:26:54.0901 4304 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:26:54.0916 4304 NlaSvc - ok
12:26:54.0948 4304 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:26:54.0948 4304 Npfs - ok
12:26:54.0963 4304 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:26:54.0979 4304 nsi - ok
12:26:54.0979 4304 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:26:54.0979 4304 nsiproxy - ok
12:26:55.0057 4304 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:26:55.0072 4304 Ntfs - ok
12:26:55.0182 4304 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:26:55.0182 4304 Null - ok
12:26:55.0244 4304 [ 9A33100AC62A0463C49E47EE8E77083A ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
12:26:55.0260 4304 nusb3hub - ok
12:26:55.0291 4304 [ 87C321F7BEE646B7EC6EEDD6EB725741 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:26:55.0322 4304 nusb3xhc - ok
12:26:55.0384 4304 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
12:26:55.0400 4304 NVENETFD - ok
12:26:55.0447 4304 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:26:55.0447 4304 nvraid - ok
12:26:55.0509 4304 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:26:55.0509 4304 nvstor - ok
12:26:55.0540 4304 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:26:55.0540 4304 nv_agp - ok
12:26:55.0650 4304 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:26:55.0696 4304 odserv - ok
12:26:55.0743 4304 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:26:55.0759 4304 ohci1394 - ok
12:26:55.0790 4304 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:26:55.0806 4304 ose - ok
12:26:55.0852 4304 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:26:55.0852 4304 p2pimsvc - ok
12:26:55.0884 4304 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:26:55.0930 4304 p2psvc - ok
12:26:55.0977 4304 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
12:26:55.0977 4304 Parport - ok
12:26:56.0008 4304 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:26:56.0040 4304 partmgr - ok
12:26:56.0055 4304 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:26:56.0071 4304 PcaSvc - ok
12:26:56.0102 4304 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:26:56.0102 4304 pci - ok
12:26:56.0118 4304 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:26:56.0118 4304 pciide - ok
12:26:56.0149 4304 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:26:56.0180 4304 pcmcia - ok
12:26:56.0196 4304 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:26:56.0211 4304 pcw - ok
12:26:56.0242 4304 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:26:56.0258 4304 PEAUTH - ok
12:26:56.0352 4304 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:26:56.0367 4304 PerfHost - ok
12:26:56.0414 4304 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:26:56.0492 4304 pla - ok
12:26:56.0554 4304 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:26:56.0554 4304 PlugPlay - ok
12:26:56.0601 4304 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:26:56.0601 4304 PNRPAutoReg - ok
12:26:56.0632 4304 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:26:56.0632 4304 PNRPsvc - ok
12:26:56.0695 4304 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:26:56.0695 4304 PolicyAgent - ok
12:26:56.0757 4304 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:26:56.0757 4304 Power - ok
12:26:56.0804 4304 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:26:56.0820 4304 PptpMiniport - ok
12:26:56.0866 4304 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
12:26:56.0866 4304 Processor - ok
12:26:56.0913 4304 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:26:56.0929 4304 ProfSvc - ok
12:26:56.0944 4304 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:26:56.0944 4304 ProtectedStorage - ok
12:26:56.0976 4304 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:26:56.0976 4304 Psched - ok
12:26:57.0054 4304 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:26:57.0116 4304 ql2300 - ok
12:26:57.0132 4304 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:26:57.0132 4304 ql40xx - ok
12:26:57.0178 4304 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:26:57.0178 4304 QWAVE - ok
12:26:57.0225 4304 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:26:57.0225 4304 QWAVEdrv - ok
12:26:57.0241 4304 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:26:57.0241 4304 RasAcd - ok
12:26:57.0272 4304 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:26:57.0288 4304 RasAgileVpn - ok
12:26:57.0350 4304 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:26:57.0366 4304 RasAuto - ok
12:26:57.0397 4304 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:26:57.0412 4304 Rasl2tp - ok
12:26:57.0428 4304 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:26:57.0428 4304 RasMan - ok
12:26:57.0444 4304 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:26:57.0444 4304 RasPppoe - ok
12:26:57.0490 4304 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:26:57.0506 4304 RasSstp - ok
12:26:57.0522 4304 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:26:57.0537 4304 rdbss - ok
12:26:57.0537 4304 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
12:26:57.0553 4304 rdpbus - ok
12:26:57.0584 4304 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:26:57.0600 4304 RDPCDD - ok
12:26:57.0600 4304 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:26:57.0615 4304 RDPENCDD - ok
12:26:57.0646 4304 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:26:57.0646 4304 RDPREFMP - ok
12:26:57.0678 4304 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:26:57.0709 4304 RDPWD - ok
12:26:57.0756 4304 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:26:57.0771 4304 rdyboost - ok
12:26:57.0865 4304 [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:26:57.0896 4304 RegSrvc - ok
12:26:57.0927 4304 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:26:57.0927 4304 RemoteAccess - ok
12:26:57.0958 4304 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:26:57.0958 4304 RemoteRegistry - ok
12:26:58.0005 4304 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
12:26:58.0021 4304 RoxioNow Service - ok
12:26:58.0036 4304 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:26:58.0036 4304 RpcEptMapper - ok
12:26:58.0068 4304 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:26:58.0099 4304 RpcLocator - ok
12:26:58.0130 4304 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:26:58.0146 4304 RpcSs - ok
12:26:58.0192 4304 [ 1F5E7AF59B390261A85F5BEDB1BB88B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
12:26:58.0224 4304 RSPCIESTOR - ok
12:26:58.0270 4304 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:26:58.0270 4304 rspndr - ok
12:26:58.0302 4304 [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:26:58.0333 4304 RTL8167 - ok
12:26:58.0364 4304 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:26:58.0364 4304 SamSs - ok
12:26:58.0411 4304 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:26:58.0411 4304 sbp2port - ok
12:26:58.0458 4304 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:26:58.0473 4304 SCardSvr - ok
12:26:58.0504 4304 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:26:58.0504 4304 scfilter - ok
12:26:58.0567 4304 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:26:58.0582 4304 Schedule - ok
12:26:58.0614 4304 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:26:58.0614 4304 SCPolicySvc - ok
12:26:58.0645 4304 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
12:26:58.0645 4304 sdbus - ok
12:26:58.0692 4304 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:26:58.0738 4304 SDRSVC - ok
12:26:58.0801 4304 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
12:26:58.0801 4304 SeaPort - ok
12:26:58.0848 4304 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:26:58.0863 4304 secdrv - ok
12:26:58.0910 4304 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:26:58.0910 4304 seclogon - ok
12:26:58.0926 4304 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
12:26:58.0926 4304 SENS - ok
12:26:58.0972 4304 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:26:58.0988 4304 SensrSvc - ok
12:26:59.0019 4304 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
12:26:59.0019 4304 Serenum - ok
12:26:59.0050 4304 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
12:26:59.0050 4304 Serial - ok
12:26:59.0097 4304 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:26:59.0128 4304 sermouse - ok
12:26:59.0160 4304 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:26:59.0160 4304 SessionEnv - ok
12:26:59.0191 4304 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:26:59.0191 4304 sffdisk - ok
12:26:59.0206 4304 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:26:59.0222 4304 sffp_mmc - ok
12:26:59.0222 4304 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:26:59.0222 4304 sffp_sd - ok
12:26:59.0253 4304 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:26:59.0253 4304 sfloppy - ok
12:26:59.0300 4304 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:26:59.0300 4304 SharedAccess - ok
12:26:59.0331 4304 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:26:59.0347 4304 ShellHWDetection - ok
12:26:59.0362 4304 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:26:59.0378 4304 SiSRaid2 - ok
12:26:59.0378 4304 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:26:59.0394 4304 SiSRaid4 - ok
12:26:59.0487 4304 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:26:59.0487 4304 SkypeUpdate - ok
12:26:59.0550 4304 [ 0973BD0931BF4D0DFB1885BD464E9766 ] SlingAgentService C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
12:26:59.0550 4304 SlingAgentService - ok
12:26:59.0596 4304 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:26:59.0596 4304 Smb - ok
12:26:59.0643 4304 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:26:59.0643 4304 SNMPTRAP - ok
12:26:59.0659 4304 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:26:59.0674 4304 spldr - ok
12:26:59.0721 4304 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:26:59.0737 4304 Spooler - ok
12:26:59.0830 4304 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:26:59.0940 4304 sppsvc - ok
12:27:00.0002 4304 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:27:00.0002 4304 sppuinotify - ok
12:27:00.0096 4304 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS
12:27:00.0127 4304 SRTSP - ok
12:27:00.0158 4304 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS
12:27:00.0174 4304 SRTSPX - ok
12:27:00.0220 4304 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:27:00.0267 4304 srv - ok
12:27:00.0283 4304 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:27:00.0298 4304 srv2 - ok
12:27:00.0361 4304 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
12:27:00.0376 4304 SrvHsfHDA - ok
12:27:00.0439 4304 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
12:27:00.0501 4304 SrvHsfV92 - ok
12:27:00.0532 4304 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
12:27:00.0564 4304 SrvHsfWinac - ok
12:27:00.0595 4304 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:27:00.0610 4304 srvnet - ok
12:27:00.0626 4304 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:27:00.0626 4304 SSDPSRV - ok
12:27:00.0642 4304 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:27:00.0657 4304 SstpSvc - ok
12:27:00.0751 4304 [ 20E27AA5BCC01C2149830C05FE22F675 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
12:27:00.0766 4304 STacSV - ok
12:27:00.0782 4304 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:27:00.0782 4304 stexstor - ok
12:27:00.0829 4304 [ BEB37CE4E7456F5EFA52D783D1E06D8C ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
12:27:00.0844 4304 STHDA - ok
12:27:00.0891 4304 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:27:00.0907 4304 stisvc - ok
12:27:00.0922 4304 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:27:00.0938 4304 swenum - ok
12:27:00.0985 4304 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:27:01.0016 4304 swprv - ok
12:27:01.0078 4304 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS
12:27:01.0094 4304 SymDS - ok
12:27:01.0172 4304 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS
12:27:01.0219 4304 SymEFA - ok
12:27:01.0234 4304 [ 894579207E39C465737E850A252CE4F2 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:27:01.0266 4304 SymEvent - ok
12:27:01.0312 4304 [ B681D1B0F9596684225DCC9B94C6BACF ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
12:27:01.0312 4304 SymIM - ok
12:27:01.0375 4304 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS
12:27:01.0375 4304 SymIRON - ok
12:27:01.0406 4304 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS
12:27:01.0422 4304 SymNetS - ok
12:27:01.0468 4304 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:27:01.0500 4304 SynTP - ok
12:27:01.0578 4304 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:27:01.0640 4304 SysMain - ok
12:27:01.0656 4304 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:27:01.0671 4304 TabletInputService - ok
12:27:01.0687 4304 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:27:01.0687 4304 TapiSrv - ok
12:27:01.0702 4304 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:27:01.0718 4304 TBS - ok
12:27:01.0812 4304 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:27:01.0812 4304 Tcpip - ok
12:27:01.0905 4304 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:27:01.0905 4304 TCPIP6 - ok
12:27:01.0952 4304 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:27:01.0952 4304 tcpipreg - ok
12:27:01.0952 4304 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:27:01.0968 4304 TDPIPE - ok
12:27:01.0999 4304 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:27:02.0014 4304 TDTCP - ok
12:27:02.0061 4304 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:27:02.0061 4304 tdx - ok
12:27:02.0092 4304 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:27:02.0092 4304 TermDD - ok
12:27:02.0139 4304 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:27:02.0139 4304 TermService - ok
12:27:02.0155 4304 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:27:02.0155 4304 Themes - ok
12:27:02.0186 4304 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:27:02.0186 4304 THREADORDER - ok
12:27:02.0202 4304 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:27:02.0217 4304 TrkWks - ok
12:27:02.0264 4304 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:27:02.0264 4304 TrustedInstaller - ok
12:27:02.0295 4304 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:27:02.0295 4304 tssecsrv - ok
12:27:02.0326 4304 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:27:02.0342 4304 TsUsbFlt - ok
12:27:02.0358 4304 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
12:27:02.0358 4304 TsUsbGD - ok
12:27:02.0389 4304 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:27:02.0404 4304 tunnel - ok
12:27:02.0436 4304 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:27:02.0451 4304 uagp35 - ok
12:27:02.0467 4304 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:27:02.0482 4304 udfs - ok
12:27:02.0498 4304 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:27:02.0529 4304 UI0Detect - ok
12:27:02.0560 4304 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:27:02.0576 4304 uliagpkx - ok
12:27:02.0623 4304 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:27:02.0623 4304 umbus - ok
12:27:02.0654 4304 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
12:27:02.0654 4304 UmPass - ok
12:27:02.0810 4304 [ A678E5DDD974903DD71F503BDCACA218 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:27:02.0872 4304 UNS - ok
12:27:02.0904 4304 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:27:02.0919 4304 upnphost - ok
12:27:02.0966 4304 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:27:02.0982 4304 USBAAPL64 - ok
12:27:03.0028 4304 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:27:03.0044 4304 usbccgp - ok
12:27:03.0106 4304 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:27:03.0122 4304 usbcir - ok
12:27:03.0231 4304 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:27:03.0247 4304 usbehci - ok
12:27:03.0278 4304 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:27:03.0294 4304 usbhub - ok
12:27:03.0309 4304 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:27:03.0309 4304 usbohci - ok
12:27:03.0325 4304 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
12:27:03.0356 4304 usbprint - ok
12:27:03.0403 4304 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:27:03.0403 4304 USBSTOR - ok
12:27:03.0450 4304 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:27:03.0450 4304 usbuhci - ok
12:27:03.0481 4304 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:27:03.0481 4304 usbvideo - ok
12:27:03.0512 4304 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:27:03.0528 4304 UxSms - ok
12:27:03.0559 4304 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:27:03.0559 4304 VaultSvc - ok
12:27:03.0574 4304 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:27:03.0590 4304 vdrvroot - ok
12:27:03.0606 4304 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:27:03.0652 4304 vds - ok
12:27:03.0684 4304 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:27:03.0699 4304 vga - ok
12:27:03.0715 4304 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:27:03.0730 4304 VgaSave - ok
12:27:03.0762 4304 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:27:03.0762 4304 vhdmp - ok
12:27:03.0808 4304 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:27:03.0808 4304 viaide - ok
12:27:03.0855 4304 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:27:03.0886 4304 volmgr - ok
12:27:03.0933 4304 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:27:03.0933 4304 volmgrx - ok
12:27:03.0964 4304 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:27:03.0980 4304 volsnap - ok
12:27:04.0011 4304 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:27:04.0011 4304 vsmraid - ok
12:27:04.0074 4304 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:27:04.0136 4304 VSS - ok
12:27:04.0152 4304 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:27:04.0167 4304 vwifibus - ok
12:27:04.0183 4304 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:27:04.0198 4304 vwififlt - ok
12:27:04.0230 4304 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:27:04.0230 4304 vwifimp - ok
12:27:04.0292 4304 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:27:04.0308 4304 W32Time - ok
12:27:04.0323 4304 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:27:04.0339 4304 WacomPen - ok
12:27:04.0386 4304 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:27:04.0386 4304 WANARP - ok
12:27:04.0401 4304 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:27:04.0401 4304 Wanarpv6 - ok
12:27:04.0448 4304 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:27:04.0526 4304 WatAdminSvc - ok
12:27:04.0604 4304 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:27:04.0682 4304 wbengine - ok
12:27:04.0698 4304 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:27:04.0698 4304 WbioSrvc - ok
12:27:04.0713 4304 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:27:04.0729 4304 wcncsvc - ok
12:27:04.0744 4304 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:27:04.0744 4304 WcsPlugInService - ok
12:27:04.0760 4304 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
12:27:04.0760 4304 Wd - ok
12:27:04.0807 4304 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:27:04.0822 4304 Wdf01000 - ok
12:27:04.0838 4304 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:27:04.0854 4304 WdiServiceHost - ok
12:27:04.0854 4304 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:27:04.0854 4304 WdiSystemHost - ok
12:27:04.0900 4304 [ 5E1640435DD54D00451156CA5340B109 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
12:27:04.0900 4304 wdkmd - ok
12:27:04.0916 4304 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:27:04.0963 4304 WebClient - ok
12:27:04.0994 4304 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:27:05.0010 4304 Wecsvc - ok
12:27:05.0025 4304 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:27:05.0025 4304 wercplsupport - ok
12:27:05.0056 4304 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:27:05.0056 4304 WerSvc - ok
12:27:05.0103 4304 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:27:05.0134 4304 WfpLwf - ok
12:27:05.0150 4304 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:27:05.0150 4304 WIMMount - ok
12:27:05.0181 4304 WinDefend - ok
12:27:05.0181 4304 WinHttpAutoProxySvc - ok
12:27:05.0244 4304 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:27:05.0244 4304 Winmgmt - ok
12:27:05.0337 4304 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:27:05.0431 4304 WinRM - ok
12:27:05.0462 4304 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
12:27:05.0478 4304 WinUsb - ok
12:27:05.0556 4304 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:27:05.0587 4304 Wlansvc - ok
12:27:05.0634 4304 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:27:05.0665 4304 wlcrasvc - ok
12:27:05.0790 4304 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:27:05.0868 4304 wlidsvc - ok
12:27:05.0899 4304 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:27:05.0899 4304 WmiAcpi - ok
12:27:05.0946 4304 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:27:05.0946 4304 wmiApSrv - ok
12:27:05.0961 4304 WMPNetworkSvc - ok
12:27:06.0008 4304 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:27:06.0024 4304 WPCSvc - ok
12:27:06.0039 4304 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:27:06.0055 4304 WPDBusEnum - ok
12:27:06.0086 4304 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:27:06.0086 4304 ws2ifsl - ok
12:27:06.0102 4304 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
12:27:06.0102 4304 wscsvc - ok
12:27:06.0102 4304 WSearch - ok
12:27:06.0226 4304 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:27:06.0289 4304 wuauserv - ok
12:27:06.0304 4304 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:27:06.0304 4304 WudfPf - ok
12:27:06.0320 4304 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:27:06.0320 4304 WUDFRd - ok
12:27:06.0336 4304 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:27:06.0336 4304 wudfsvc - ok
12:27:06.0351 4304 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:27:06.0382 4304 WwanSvc - ok
12:27:06.0398 4304 ================ Scan global ===============================
12:27:06.0429 4304 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:27:06.0476 4304 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:27:06.0492 4304 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:27:06.0585 4304 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:27:06.0648 4304 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:27:06.0648 4304 [Global] - ok
12:27:06.0648 4304 ================ Scan MBR ==================================
12:27:06.0663 4304 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:27:06.0663 4304 Suspicious mbr (Forged): \Device\Harddisk0\DR0
12:27:06.0741 4304 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
12:27:06.0741 4304 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
12:27:07.0038 4304 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
12:27:07.0131 4304 \Device\Harddisk1\DR1 - ok
12:27:07.0131 4304 ================ Scan VBR ==================================
12:27:07.0131 4304 [ BAB42C08FAE5C794DAF160B2AF07DBF5 ] \Device\Harddisk0\DR0\Partition1
12:27:07.0131 4304 \Device\Harddisk0\DR0\Partition1 - ok
12:27:07.0287 4304 [ 9F307886941BAB9F5B847B4BB8740E0B ] \Device\Harddisk0\DR0\Partition2
12:27:07.0365 4304 \Device\Harddisk0\DR0\Partition2 - ok
12:27:07.0396 4304 [ A81415725D3667E864B303C871723D74 ] \Device\Harddisk0\DR0\Partition3
12:27:07.0396 4304 \Device\Harddisk0\DR0\Partition3 - ok
12:27:07.0552 4304 [ EB212249A222559DBEC320D172FB0B17 ] \Device\Harddisk1\DR1\Partition1
12:27:07.0568 4304 \Device\Harddisk1\DR1\Partition1 - ok
12:27:07.0568 4304 ============================================================
12:27:07.0568 4304 Scan finished
12:27:07.0568 4304 ============================================================
12:27:07.0584 2948 Detected object count: 1
12:27:07.0584 2948 Actual detected object count: 1
12:28:35.0945 2948 \Device\Harddisk0\DR0\# - copied to quarantine
12:28:35.0961 2948 \Device\Harddisk0\DR0 - copied to quarantine
12:28:36.0148 2948 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
12:28:36.0164 2948 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
12:28:36.0179 2948 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:28:36.0195 2948 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:28:36.0257 2948 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
12:28:36.0382 2948 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:28:36.0382 2948 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
12:28:36.0398 2948 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
12:28:36.0413 2948 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
12:28:36.0413 2948 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:28:36.0429 2948 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:28:36.0429 2948 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
12:28:36.0429 2948 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
12:28:36.0491 2948 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
12:28:36.0491 2948 \Device\Harddisk0\DR0 - ok
12:28:37.0240 2948 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
12:28:40.0719 5388 Deinitialize success



------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-03 21:48:39
-----------------------------
21:48:39.449 OS Version: Windows x64 6.1.7601 Service Pack 1
21:48:39.449 Number of processors: 8 586 0x2A07
21:48:39.449 ComputerName: SCOTT-HP UserName: Scott
21:48:41.883 Initialize success
21:49:27.645 AVAST engine defs: 12090301
21:49:41.059 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:49:41.059 Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 3
21:49:41.059 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
21:49:41.074 Disk 1 Vendor: ST950032 0005 Size: 476940MB BusType: 3
21:49:41.152 Disk 0 MBR read successfully
21:49:41.168 Disk 0 MBR scan
21:49:41.168 Disk 0 Windows 7 default MBR code
21:49:41.230 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:49:41.246 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461819 MB offset 409600
21:49:41.293 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14817 MB offset 946214912
21:49:41.371 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
21:49:41.527 Disk 0 scanning C:\Windows\system32\drivers
21:49:56.206 Service scanning
21:50:30.979 Modules scanning
21:50:30.994 Disk 0 trace - called modules:
21:50:31.072 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
21:50:31.072 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800838a790]
21:50:31.088 3 CLASSPNP.SYS[fffff88001f9943f] -> nt!IofCallDriver -> [0xfffffa800828fb10]
21:50:31.104 5 hpdskflt.sys[fffff88001f40189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008164050]
21:50:32.664 AVAST engine scan C:\Windows
21:50:36.080 AVAST engine scan C:\Windows\system32
21:53:38.902 AVAST engine scan C:\Windows\system32\drivers
21:54:07.337 AVAST engine scan C:\Users\Scott
22:05:54.865 AVAST engine scan C:\ProgramData
22:24:59.863 Scan finished successfully
22:28:09.639 Disk 0 MBR has been saved successfully to "C:\Users\Scott\Documents\MBR.dat"
22:28:09.654 The log file has been saved successfully to "C:\Users\Scott\Documents\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:30 PM

Posted 03 September 2012 - 09:41 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 DevzFan15

DevzFan15
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 03 September 2012 - 11:32 PM

ComboFix 12-09-03.07 - Scott 09/04/2012 0:13.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.4998 [GMT -4:00]
Running from: c:\users\Scott\AppData\Roaming\Microsoft\Windows\Network Shortcuts\ComboFix.exe
Command switches used :: c:\users\Scott\Documents\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-04 to 2012-09-04 )))))))))))))))))))))))))))))))
.
.
2012-09-04 04:19 . 2012-09-04 04:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-04 04:10 . 2012-09-04 04:10 4742575 ------r- c:\users\Scott\AppData\Roaming\Microsoft\Windows\Network Shortcuts\ComboFix.exe
2012-09-03 16:28 . 2012-09-03 16:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-03 16:25 . 2012-09-03 16:26 2211928 ----a-w- c:\users\Scott\AppData\Roaming\Microsoft\Windows\Network Shortcuts\tdsskiller.exe
2012-09-03 04:52 . 2012-09-03 04:52 388096 ----a-r- c:\users\Scott\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2012-09-03 04:52 . 2012-09-03 04:52 -------- d-----w- c:\program files (x86)\TrendMicro
2012-08-31 16:01 . 2012-09-01 02:03 -------- d-----w- c:\users\Scott\AppData\Local\NPE
2012-08-15 02:12 . 2012-08-17 02:03 -------- d-----w- c:\windows\system32\drivers\NISx64\1308000.00E
2012-08-11 18:58 . 2012-08-17 02:04 -------- d-----w- c:\users\TEMP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 07:00 . 2011-09-26 21:12 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-16 02:00 . 2012-04-03 10:38 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-16 02:00 . 2011-10-01 00:52 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 05:43 . 2012-07-11 04:50 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-08 22:17 . 2012-06-08 22:18 376832 ----a-w- c:\windows\system32\iglhsip64.dll
2012-06-08 22:17 . 2012-06-08 22:18 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-06-08 22:17 . 2012-06-08 22:18 98304 ----a-w- c:\windows\system32\iglhcp64.dll
2012-06-08 22:17 . 2012-06-08 22:18 510232 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-06-08 22:17 . 2012-06-08 22:18 378368 ----a-w- c:\windows\system32\igfxTMM.dll
2012-06-08 22:17 . 2012-06-08 22:18 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-06-08 22:17 . 2012-06-08 22:18 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-06-08 22:17 . 2012-06-08 22:18 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-06-08 22:17 . 2012-06-08 22:18 167704 ----a-w- c:\windows\system32\igfxtray.exe
2012-06-08 22:17 . 2011-08-05 12:17 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-06-08 22:17 . 2012-06-08 22:18 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-06-08 22:17 . 2012-06-08 22:18 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-06-08 22:17 . 2012-06-08 22:18 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-06-08 22:17 . 2012-06-08 22:18 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-06-08 22:17 . 2011-08-05 12:17 9014784 ----a-w- c:\windows\system32\igfxress.dll
2012-06-08 22:17 . 2012-06-08 22:18 416024 ----a-w- c:\windows\system32\igfxpers.exe
2012-06-08 22:17 . 2012-06-08 22:18 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-06-08 22:17 . 2012-06-08 22:18 375808 ----a-w- c:\windows\system32\igfxpph.dll
2012-06-08 22:17 . 2012-06-08 22:18 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-06-08 22:17 . 2012-06-08 22:18 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2012-06-08 22:17 . 2012-06-08 22:18 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-06-08 22:17 . 2012-06-08 22:18 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-06-08 22:17 . 2012-06-08 22:18 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-06-08 22:17 . 2012-06-08 22:18 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-06-08 22:17 . 2012-06-08 22:18 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-06-08 22:17 . 2012-06-08 22:18 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2012-06-08 22:17 . 2012-06-08 22:18 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-06-08 22:17 . 2012-06-08 22:18 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-06-08 22:17 . 2012-06-08 22:18 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-06-08 22:17 . 2012-06-08 22:18 239896 ----a-w- c:\windows\system32\igfxext.exe
2012-06-08 22:17 . 2012-06-08 22:18 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-06-08 22:17 . 2012-06-08 22:18 75776 ----a-w- c:\windows\system32\igdde64.dll
2012-06-08 22:17 . 2012-06-08 22:18 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2012-06-08 22:17 . 2012-06-08 22:18 390144 ----a-w- c:\windows\system32\igfxdev.dll
2012-06-08 22:17 . 2012-06-08 22:18 216000 ----a-w- c:\windows\system32\igfcg600m.bin
2012-06-08 22:17 . 2012-06-08 22:18 162816 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-06-08 22:17 . 2012-06-08 22:18 140288 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-06-08 22:17 . 2012-06-08 22:18 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-06-08 22:17 . 2012-06-08 22:18 12289472 ----a-w- c:\windows\system32\drivers\igdpmd64.sys
2012-06-08 22:17 . 2012-06-08 22:18 12289472 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-06-08 22:17 . 2011-08-05 12:17 8311808 ----a-w- c:\windows\system32\igdumd64.dll
2012-06-08 22:17 . 2011-03-26 02:12 6322688 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-06-08 22:17 . 2012-06-08 22:18 56832 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-06-08 22:17 . 2012-06-08 22:18 4378392 ----a-w- c:\windows\system32\GfxUI.exe
2012-06-08 22:17 . 2012-06-08 22:18 392472 ----a-w- c:\windows\system32\hkcmd.exe
2012-06-08 22:17 . 2012-06-08 22:18 18640384 ----a-w- c:\windows\system32\ig4icd64.dll
2012-06-08 22:17 . 2012-06-08 22:18 13903872 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-06-08 22:17 . 2011-08-05 12:17 14598144 ----a-w- c:\windows\system32\igd10umd64.dll
2012-06-08 22:17 . 2011-08-05 12:17 110080 ----a-w- c:\windows\system32\hccutils.dll
2012-06-08 22:17 . 2011-03-26 02:02 12339712 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-06-08 22:17 . 2012-06-08 22:18 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-06-08 22:17 . 2012-06-08 22:18 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2012-06-08 22:17 . 2012-06-08 22:18 179992 ----a-w- c:\windows\system32\difx64.exe
2012-06-08 22:17 . 2012-06-08 22:18 423424 ----a-w- c:\windows\system32\atipdl64.dll
2012-06-08 22:17 . 2012-06-08 22:18 4056064 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-08 22:17 . 2012-06-08 22:18 3871744 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-08 22:17 . 2012-06-08 22:18 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2012-06-08 22:17 . 2012-06-08 22:18 18388480 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-08 22:17 . 2012-06-08 22:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-06-08 22:17 . 2012-06-08 22:18 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-08 22:17 . 2012-06-08 22:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-06-08 22:17 . 2011-08-05 12:17 58880 ----a-w- c:\windows\system32\coinst.dll
2012-06-08 22:17 . 2011-08-05 12:17 5399040 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-08 22:17 . 2011-08-05 12:17 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-08 22:17 . 2011-08-05 12:17 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-08 22:17 . 2011-04-13 06:32 4256768 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-08 22:17 . 2011-04-13 06:16 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-08 22:17 . 2011-04-13 06:16 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-08 22:17 . 2012-06-08 22:18 9981952 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-08 22:17 . 2012-06-08 22:18 9644544 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-08 22:17 . 2012-06-08 22:18 8247296 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-08 22:17 . 2012-06-08 22:18 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-08 22:17 . 2012-06-08 22:18 53760 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-08 22:17 . 2012-06-08 22:18 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-08 22:17 . 2012-06-08 22:18 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-08 22:17 . 2012-06-08 22:18 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-08 22:17 . 2012-06-08 22:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-08 22:17 . 2012-06-08 22:18 485376 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-08 22:17 . 2012-06-08 22:18 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-08 22:17 . 2012-06-08 22:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-08 22:17 . 2012-06-08 22:18 44544 ----a-w- c:\windows\system32\aticalcl64.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-03_15.42.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-09-03 16:32 55594 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-03 16:32 41988 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-26 15:49 . 2012-09-03 16:32 13754 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1795461947-3782098041-2373616223-1000_UserData.bin
- 2011-09-26 09:56 . 2012-09-02 15:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-26 09:56 . 2012-09-04 02:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-26 09:56 . 2012-09-02 15:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-26 09:56 . 2012-09-04 02:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-02 15:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-04 02:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-09-03 15:41 . 2012-09-03 15:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-04 04:21 . 2012-09-04 04:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-04 04:21 . 2012-09-04 04:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-03 15:41 . 2012-09-03 15:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-27 01:52 . 2012-09-04 04:01 284614 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-09-03 15:40 276376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-04 04:20 276376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-05 12:45 . 2012-09-04 04:20 2538584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-05 12:45 . 2012-09-03 15:40 2538584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-09-26 04:17 . 2012-08-31 16:02 12563744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1795461947-3782098041-2373616223-1000-8192.dat
+ 2011-09-26 04:17 . 2012-09-04 04:20 12563744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1795461947-3782098041-2373616223-1000-8192.dat
+ 2011-09-26 03:45 . 2012-09-04 04:20 56496600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1795461947-3782098041-2373616223-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-11-29 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-11-22 75048]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-01 343168]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/11/22 18:35;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-26 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2011-07-26 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120823.007\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120831.001\IDSvia64.sys [2012-08-22 512672]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-11-29 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-08 204288]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-31 1166848]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-25 260424]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-29 2413056]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2009-09-25 93960]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-08 9981952]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-08 310272]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-11 138912]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2012-06-08 12289472]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-11-29 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-11-29 208896]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-11-29 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-02-17 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:00]
.
2012-08-30 c:\windows\Tasks\HPCeeScheduleForScott.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-29 1128448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-06-08 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-06-08 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-06-08 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-11941307.sys
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-09-04 00:26:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-04 04:26
ComboFix2.txt 2012-09-03 15:59
.
Pre-Run: 362,117,214,208 bytes free
Post-Run: 362,334,502,912 bytes free
.
- - End Of File - - 6A9D1D49F54E0DFA457233CE7DCBE13F

As far as any other problems I havent noticed any yet but I havent tested it out yet

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:30 PM

Posted 03 September 2012 - 11:41 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 DevzFan15

DevzFan15
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 04 September 2012 - 12:12 AM

Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4) MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
AIM - Preview
AIM 7
Apple Application Support
Apple Software Update
Bejeweled 2 Deluxe
Bejeweled 3
Bing Bar
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Diablo III
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Download Updater (AOL LLC)
Energy Star Digital Logo
ESU for Microsoft Windows 7
Evernote v. 4.2.2
Farm Frenzy
FATE - The Traitor Soul
Hewlett-Packard ACLM.NET v1.1.2.0
HiJackThis
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Product Detection
HP Quick Launch
HP Setup
HP Setup Manager
HP SimplePass 2011
HP Software Framework
HP Support Assistant
IDT Audio
Intel PROSet Wireless
Intel® Control Center
Intel® Display Audio Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® Wireless Display
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
Magic Desktop
Mah Jong Medley
Mesh Runtime
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
NHL Eastside Hockey Manager 2005 (remove only)
Norton Internet Security
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
PX Profile Update
QuickTime
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
Renesas Electronics USB 3.0 Host Controller Driver
Rosetta Stone Version 3
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 5.10
Slingo Supreme
SlingPlayer
StarCraft II
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
WebSlingPlayer ActiveX
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:30 PM

Posted 04 September 2012 - 08:52 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 31 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 DevzFan15

DevzFan15
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 07 September 2012 - 11:40 PM

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.08.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Scott :: SCOTT-HP [administrator]

Protection: Enabled

9/8/2012 12:33:37 AM
mbam-log-2012-09-08 (00-33-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210066
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:39:04 AM, on 9/8/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\NHL Eastside Hockey Manager 2005\ehm2005.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: CyberLink Product - 2011/11/22 18:35:09 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15566 bytes

Havent had a redirect in a while but now the computer is acting slower than it was

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:30 PM

Posted 08 September 2012 - 02:25 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
      O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
      O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:30 PM

Posted 10 September 2012 - 11:48 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 DevzFan15

DevzFan15
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 14 September 2012 - 10:36 AM

Sorry for the long time to reply

C:\TDSSKiller_Quarantine\03.09.2012_12.26.32\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\03.09.2012_12.26.32\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NP trojan
C:\TDSSKiller_Quarantine\03.09.2012_12.26.32\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\03.09.2012_12.26.32\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:30 PM

Posted 14 September 2012 - 04:34 PM

Hello

The Online scan looks very good!! It is only reporting backups created during the course of this fix!!


C:\TDSSKiller_Quarantine\<-- TDSSKiller


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users