Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect ads and repeated Norton reports of blocked attacks


  • This topic is locked This topic is locked
18 replies to this topic

#1 Shreud

Shreud

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 06 September 2012 - 05:41 PM

As of a few weeks ago, my computer's memory often got used up by a single svchost.exe under the netsvcs group, causing the computer to freeze often whenever the internet was connected to this computer. As of a side note, the themes service for Windows 7 (the operating system I use, 32 bit) are also of a rather unstable and glitchy nature. A Trojan.Tracur.C!inf was later discovered under the spoof name mibhoh.dll, which was always trying to be accessed whenever the computer went through a reboot, but denied. The file was later deleted, and the computer is now largely operable. However, as of recently, attacks reported by the computer's protection system, Norton Security Suite, have been blocked, but the attack is reportedly resulting from the svchost.exe file located system32 folder under windows with this current drive partition. Upon further research, the trojan horse virus originated from another .dll file known as "rundll32." I suspect that my computer is therefore infected with a rootkit, and all scanning attempts through Norton and other means have since came up empty of any results, as well as possible solutions on the internet. Some professional level help would be, at this point, deeply appreciated.

As requested, here are the files for preliminary analysis.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Yips at 12:20:51 on 2012-09-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3063.1672 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Yips\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Yips\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: HP Smart Print BHO: {1658d3a1-9e13-4196-a82a-d70d70880f36} - c:\program files\hewlett-packard\smartprint\QuickPrintBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.2.3\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
uRun: [Akamai NetSession Interface] "c:\users\yips\appdata\local\akamai\netsession_win.exe"
uRun: [Spotify Web Helper] "c:\users\yips\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: apple.com\www
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 75.75.75.75
TCP: Interfaces\{3F22A3E3-69B4-4A38-809B-5FD1801C1694} : DhcpNameServer = 208.67.222.222 208.67.220.220 75.75.75.75
TCP: Interfaces\{3F22A3E3-69B4-4A38-809B-5FD1801C1694}\4495D205279667D25383 : DhcpNameServer = 208.67.222.222 208.67.220.220 75.75.75.75
TCP: Interfaces\{F1D5EF30-364E-433C-9BA9-55498F822558} : DhcpNameServer = 208.67.222.222 208.67.220.220 75.75.75.75
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120823.007\BHDrvx86.sys [2012-8-23 821920]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120905.001\IDSvix86.sys [2012-9-5 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0502020.003\symnets.sys [2012-7-16 299640]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-28 1262400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-15 106656]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-5-27 148800]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-28 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 250568]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-7 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-28 136176]
S3 Kinetic Books License Service;Kinetic Books License Service;c:\program files\common files\kinetic books shared\service\KineticBooksLicenseService.exe [2010-8-30 79360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-9 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-9 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-28 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2074-05-08 01:38:48 203576 ------w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe
2012-09-05 04:53:30 -------- d-----w- c:\users\yips\appdata\roaming\Malwarebytes
2012-09-05 04:53:22 -------- d-----w- c:\programdata\Malwarebytes
2012-09-02 03:18:40 -------- d-----w- c:\users\yips\appdata\local\NPE
2012-09-01 09:16:36 -------- d-----w- c:\windows\system32\wbem\repositoryTempBackup.0
2012-09-01 07:34:37 6100328 ----a-w- c:\windows\system32\nvopencl.dll
2012-09-01 07:34:37 19828584 ----a-w- c:\windows\system32\nvoglv32.dll
2012-09-01 07:34:36 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-09-01 07:34:36 202600 ----a-w- c:\windows\system32\nvinit.dll
2012-09-01 07:34:36 10790760 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-09-01 07:34:35 7626088 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-01 07:34:35 2573672 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-01 07:34:35 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-01 07:34:35 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-01 07:34:35 15291752 ----a-w- c:\windows\system32\nvd3dum.dll
2012-08-18 18:33:44 -------- d-----w- c:\users\yips\appdata\local\{E9CE8811-6792-4193-B732-2C84E11E14A7}
2012-08-16 00:13:15 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 23:58:07 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 23:58:05 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 23:58:03 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 23:58:02 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 23:58:01 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 23:58:01 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 23:57:40 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-09 23:22:41 -------- d-----w- c:\users\yips\appdata\local\{7F6EA5EF-99CD-4334-B2FC-6072A26D753F}
2012-08-09 23:22:31 -------- d-----w- c:\users\yips\appdata\local\{8CEBA8D0-C9BA-4B2F-93F7-D511FD5F94D8}
2012-08-07 20:14:29 -------- d-----w- c:\users\yips\appdata\local\{34DD7632-C71F-4C90-ACC2-064EEBCAD062}
2012-08-07 20:14:18 -------- d-----w- c:\users\yips\appdata\local\{8356007C-0673-4048-8A2F-6F16386A4596}
2012-08-07 19:33:01 -------- d-----w- C:\ts3overlay
.
==================== Find3M ====================
.
2012-08-26 06:06:53 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-26 06:06:52 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-25 21:00:57 140800 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-25 21:00:49 283304 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-25 21:00:49 283304 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-25 21:00:39 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-22 13:45:00 830312 ----a-w- c:\windows\system32\nvumdshim.dll
2012-08-22 13:45:00 2422120 ----a-w- c:\windows\system32\nvapi.dll
2012-08-22 13:45:00 12465512 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-08-22 13:45:00 1010536 ----a-w- c:\windows\system32\nvdispco32.dll
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 12:23:17.12 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 06 September 2012 - 06:54 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Shreud

Shreud
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 06 September 2012 - 08:01 PM

As requested, here are the copies of the logs made. Incidentally, it might be important to add that prior to the restart, the computer bluescreened with an error code 0x0000007e, something that the computer reportedly successfully recovered from when it booted to make the reply shown here. Additionally, the restart failed to display the error message that it could not find the trojan file, something it did frequently as of late. The Windows 7 Aero theme is also working normally thus far.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) (x86) Version: 05-09-2012
Ran by SYSTEM at 06-09-2012 17:23:20
Running from G:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1797008 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] [x]
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Yips\...\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide [x]
HKU\Yips\...\Run: [Akamai NetSession Interface] "C:\Users\Yips\AppData\Local\Akamai\netsession_win.exe" [x]
HKU\Yips\...\Run: [Spotify Web Helper] "C:\Users\Yips\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1192664 2012-07-07] ()
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 75.75.75.75
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services ================================

3 Kinetic Books License Service; "C:\Program Files\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe" [79360 2010-08-30] (Kinetic Books)
2 N360; "C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-05-31] ()

==================== Drivers =================================

3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [15232 2009-02-17] (ASUSTeK Computer Inc.)
3 atkdisplf; C:\Windows\System32\drivers\ATKDispLowFilter.sys [30976 2009-02-17] (ASUSTeK Computer Inc.)
1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120905.001\BHDrvx86.sys [995488 2012-08-31] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-08] (Symantec Corporation)
1 EIO; C:\Windows\System32\DRIVERS\EIO.sys [14336 2012-04-20] (ASUSTeK Computer Inc.)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-08] (Symantec Corporation)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120906.002\IDSvix86.sys [386720 2012-09-06] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120906.002\NAVENG.SYS [92704 2012-09-03] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120906.002\NAVEX15.SYS [1601184 2012-09-03] (Symantec Corporation)
1 SRTSP; C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360\0502020.003\SYMDS.SYS [340088 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360\0502020.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2012-01-24] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS [136312 2010-11-15] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\N360\0502020.003\SYMNETS.SYS [299640 2011-04-20] (Symantec Corporation)
3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [60160 2009-08-13] (Microsoft Corporation)
3 cdrmkaun; \??\C:\Users\Yips\AppData\Local\Temp\cdrmkaun.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
3 vtany; \??\C:\Windows\vtany.sys [x]
3 xhunter1; \??\C:\Windows\xhunter1.sys [x]

==================== NetSvcs (Whitelisted) =================


============ One Month Created Files and Folders ==============

2012-09-06 17:22 - 2012-09-06 17:23 - 00000000 ____D C:\FRST
2012-09-06 13:53 - 2012-09-06 13:53 - 00019749 ____A C:\Users\Yips\Desktop\ark.txt
2012-09-06 11:26 - 2012-09-06 11:26 - 00000000 ____D C:\Users\Yips\Desktop\gmer
2012-09-06 11:25 - 2012-09-06 11:25 - 00294216 ____A C:\Users\Yips\Desktop\gmer.zip
2012-09-06 11:24 - 2012-09-06 11:24 - 00045373 ____A C:\Users\Yips\Desktop\Attach.txt
2012-09-06 11:24 - 2012-09-06 11:24 - 00017019 ____A C:\Users\Yips\Desktop\DDS.txt
2012-09-06 11:18 - 2012-09-06 11:20 - 00607260 ____R (Swearware) C:\Users\Yips\Desktop\dds.com
2012-09-06 11:17 - 2012-09-06 11:17 - 00000470 ____A C:\Users\Yips\Desktop\defogger_disable.log
2012-09-06 11:17 - 2012-09-06 11:17 - 00000000 ____A C:\Users\Yips\defogger_reenable
2012-09-06 11:15 - 2012-09-06 11:15 - 00050477 ____A C:\Users\Yips\Desktop\Defogger.exe
2012-09-04 20:53 - 2012-09-04 20:53 - 00000000 ____D C:\Users\Yips\AppData\Roaming\Malwarebytes
2012-09-04 20:53 - 2012-09-04 20:53 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-03 23:07 - 2012-09-03 23:07 - 00002052 ____A C:\Windows\epplauncher.mif
2012-09-03 11:55 - 2012-09-03 11:55 - 00000280 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{5C57E179-3C58-4DED-8280-E0134CF147E2}.job
2012-09-01 19:38 - 2012-09-01 19:38 - 02892816 ____A (Symantec Corporation) C:\Users\Yips\Documents\NPE.exe
2012-09-01 19:18 - 2012-09-01 19:25 - 00000000 ____D C:\Users\Yips\AppData\Local\NPE
2012-08-31 23:34 - 2012-08-22 05:45 - 19828584 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-08-31 23:34 - 2012-08-22 05:45 - 17559912 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-08-31 23:34 - 2012-08-22 05:45 - 15291752 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dum.dll
2012-08-31 23:34 - 2012-08-22 05:45 - 10790760 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-08-31 23:34 - 2012-08-22 05:45 - 07626088 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-08-31 23:34 - 2012-08-22 05:45 - 06100328 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2012-08-31 23:34 - 2012-08-22 05:45 - 02573672 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-08-31 23:34 - 2012-08-22 05:45 - 01866088 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-08-31 23:34 - 2012-08-22 05:45 - 00888168 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco32.dll
2012-08-31 23:34 - 2012-08-22 05:45 - 00202600 ____A (NVIDIA Corporation) C:\Windows\System32\nvinit.dll
2012-08-31 23:13 - 2012-08-31 23:20 - 00001908 ____A C:\Windows\diagwrn.xml
2012-08-31 23:13 - 2012-08-31 23:20 - 00001908 ____A C:\Windows\diagerr.xml
2012-08-30 10:39 - 2012-08-30 10:39 - 00000000 ____A C:\Users\Yips\Downloads\1202.tmp
2012-08-18 10:33 - 2012-08-18 10:34 - 00000000 ____D C:\Users\Yips\AppData\Local\{E9CE8811-6792-4193-B732-2C84E11E14A7}
2012-08-15 16:13 - 2012-07-06 11:23 - 00393728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-08-15 16:12 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-15 16:12 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-15 16:12 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-15 16:12 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-15 16:12 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-15 16:12 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-15 16:12 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-15 16:12 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-15 16:12 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-15 16:12 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-15 16:12 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-15 16:12 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-15 16:12 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-15 16:12 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-15 15:58 - 2012-07-18 09:47 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-15 15:58 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 15:58 - 2012-07-04 13:14 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-15 15:58 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-15 15:58 - 2012-05-04 23:46 - 00400896 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-15 15:58 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-15 15:58 - 2012-02-10 21:37 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-15 15:57 - 2012-05-13 20:33 - 00769024 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-09 15:22 - 2012-08-09 15:22 - 00000000 ____D C:\Users\Yips\AppData\Local\{8CEBA8D0-C9BA-4B2F-93F7-D511FD5F94D8}
2012-08-09 15:22 - 2012-08-09 15:22 - 00000000 ____D C:\Users\Yips\AppData\Local\{7F6EA5EF-99CD-4334-B2FC-6072A26D753F}
2012-08-07 12:14 - 2012-08-07 12:14 - 00000000 ____D C:\Users\Yips\AppData\Local\{8356007C-0673-4048-8A2F-6F16386A4596}
2012-08-07 12:14 - 2012-08-07 12:14 - 00000000 ____D C:\Users\Yips\AppData\Local\{34DD7632-C71F-4C90-ACC2-064EEBCAD062}
2012-08-07 11:33 - 2012-08-07 11:33 - 00000000 ____D C:\ts3overlay

============ 3 Months Modified Files ========================

2012-09-06 15:13 - 2009-07-13 20:34 - 00014816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-06 15:13 - 2009-07-13 20:34 - 00014816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-06 13:53 - 2012-09-06 13:53 - 00019749 ____A C:\Users\Yips\Desktop\ark.txt
2012-09-06 11:25 - 2012-09-06 11:25 - 00294216 ____A C:\Users\Yips\Desktop\gmer.zip
2012-09-06 11:24 - 2012-09-06 11:24 - 00045373 ____A C:\Users\Yips\Desktop\Attach.txt
2012-09-06 11:24 - 2012-09-06 11:24 - 00017019 ____A C:\Users\Yips\Desktop\DDS.txt
2012-09-06 11:20 - 2012-09-06 11:18 - 00607260 ____R (Swearware) C:\Users\Yips\Desktop\dds.com
2012-09-06 11:17 - 2012-09-06 11:17 - 00000470 ____A C:\Users\Yips\Desktop\defogger_disable.log
2012-09-06 11:17 - 2012-09-06 11:17 - 00000000 ____A C:\Users\Yips\defogger_reenable
2012-09-06 11:15 - 2012-09-06 11:15 - 00050477 ____A C:\Users\Yips\Desktop\Defogger.exe
2012-09-05 01:24 - 2009-07-13 20:53 - 00032578 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-05 01:20 - 2010-08-28 18:05 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-05 01:20 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-05 01:19 - 2011-04-16 11:22 - 00007609 ____A C:\Users\Yips\AppData\Local\Resmon.ResmonCfg
2012-09-05 01:19 - 2010-08-28 11:27 - 01249063 ____A C:\Windows\WindowsUpdate.log
2012-09-05 01:09 - 2009-07-13 20:39 - 00002479 ____A C:\Windows\setupact.log
2012-09-04 23:00 - 2010-08-28 18:05 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-04 21:25 - 2012-04-11 05:35 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-04 19:07 - 2010-09-16 18:07 - 00035417 ____A C:\Windows\IE9_main.log
2012-09-04 18:43 - 2012-06-27 15:55 - 00000024 ____A C:\Users\Yips\random.dat
2012-09-04 18:41 - 2011-10-29 16:11 - 00000032 ____A C:\Users\Yips\jagex_cl_runescape_LIVE.dat
2012-09-04 18:18 - 2011-09-07 05:57 - 00625500 ____A C:\Windows\System32\perfh01D.dat
2012-09-04 18:18 - 2011-09-07 05:57 - 00123668 ____A C:\Windows\System32\perfc01D.dat
2012-09-04 18:18 - 2011-09-07 05:46 - 00407668 ____A C:\Windows\System32\perfh012.dat
2012-09-04 18:18 - 2011-09-07 05:46 - 00104604 ____A C:\Windows\System32\perfc012.dat
2012-09-04 18:18 - 2011-09-07 05:03 - 00369700 ____A C:\Windows\System32\prfh0804.dat
2012-09-04 18:18 - 2011-09-07 05:03 - 00104176 ____A C:\Windows\System32\prfc0804.dat
2012-09-04 18:18 - 2011-09-07 04:41 - 00396450 ____A C:\Windows\System32\perfh011.dat
2012-09-04 18:18 - 2011-09-07 04:41 - 00106316 ____A C:\Windows\System32\perfc011.dat
2012-09-04 18:18 - 2011-09-07 04:01 - 00699124 ____A C:\Windows\System32\perfh013.dat
2012-09-04 18:18 - 2011-09-07 04:01 - 00132868 ____A C:\Windows\System32\perfc013.dat
2012-09-04 18:18 - 2011-09-07 03:52 - 00456518 ____A C:\Windows\System32\perfh014.dat
2012-09-04 18:18 - 2011-09-07 03:52 - 00077024 ____A C:\Windows\System32\perfc014.dat
2012-09-04 18:18 - 2011-09-07 03:16 - 00697040 ____A C:\Windows\System32\perfh010.dat
2012-09-04 18:18 - 2011-09-07 03:16 - 00127072 ____A C:\Windows\System32\perfc010.dat
2012-09-04 18:18 - 2011-09-07 02:38 - 00687274 ____A C:\Windows\System32\prfh0816.dat
2012-09-04 18:18 - 2011-09-07 02:38 - 00133680 ____A C:\Windows\System32\prfc0816.dat
2012-09-04 18:18 - 2011-09-07 02:16 - 00385802 ____A C:\Windows\System32\prfh0404.dat
2012-09-04 18:18 - 2011-09-07 02:16 - 00099262 ____A C:\Windows\System32\prfc0404.dat
2012-09-04 18:18 - 2011-09-07 02:07 - 00697658 ____A C:\Windows\System32\perfh015.dat
2012-09-04 18:18 - 2011-09-07 02:07 - 00134768 ____A C:\Windows\System32\perfc015.dat
2012-09-04 18:18 - 2011-09-07 02:01 - 00683890 ____A C:\Windows\System32\perfh019.dat
2012-09-04 18:18 - 2011-09-07 02:01 - 00132444 ____A C:\Windows\System32\perfc019.dat
2012-09-04 18:18 - 2011-09-07 01:54 - 00671736 ____A C:\Windows\System32\prfh0416.dat
2012-09-04 18:18 - 2011-09-07 01:54 - 00128022 ____A C:\Windows\System32\prfc0416.dat
2012-09-04 18:18 - 2011-09-07 01:18 - 00618134 ____A C:\Windows\System32\perfh01F.dat
2012-09-04 18:18 - 2011-09-07 01:18 - 00121454 ____A C:\Windows\System32\perfc01F.dat
2012-09-04 18:18 - 2010-08-28 11:47 - 16093662 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-03 23:07 - 2012-09-03 23:07 - 00002052 ____A C:\Windows\epplauncher.mif
2012-09-03 11:55 - 2012-09-03 11:55 - 00000280 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{5C57E179-3C58-4DED-8280-E0134CF147E2}.job
2012-09-01 19:38 - 2012-09-01 19:38 - 02892816 ____A (Symantec Corporation) C:\Users\Yips\Documents\NPE.exe
2012-09-01 17:33 - 2010-08-28 18:17 - 00441996 ____A C:\Windows\PFRO.log
2012-09-01 09:55 - 2011-12-03 01:27 - 00165888 __ASH C:\Users\Yips\Thumbs.db
2012-08-31 23:20 - 2012-08-31 23:13 - 00001908 ____A C:\Windows\diagwrn.xml
2012-08-31 23:20 - 2012-08-31 23:13 - 00001908 ____A C:\Windows\diagerr.xml
2012-08-31 23:13 - 2009-07-13 20:39 - 00000000 ____A C:\Windows\setuperr.log
2012-08-30 10:39 - 2012-08-30 10:39 - 00000000 ____A C:\Users\Yips\Downloads\1202.tmp
2012-08-25 22:06 - 2012-04-11 05:35 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-25 22:06 - 2011-05-16 20:47 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-25 13:00 - 2012-05-29 14:53 - 00283304 ____A C:\Windows\System32\PnkBstrB.xtr
2012-08-25 13:00 - 2012-05-29 05:17 - 00140800 ____A C:\Windows\System32\Drivers\PnkBstrK.sys
2012-08-25 13:00 - 2012-05-29 05:16 - 00283304 ____A C:\Windows\System32\PnkBstrB.exe
2012-08-25 13:00 - 2012-05-29 05:16 - 00280904 ____A C:\Windows\System32\PnkBstrB.ex0
2012-08-22 05:45 - 2012-08-31 23:34 - 19828584 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-08-22 05:45 - 2012-08-31 23:34 - 17559912 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-08-22 05:45 - 2012-08-31 23:34 - 15291752 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dum.dll
2012-08-22 05:45 - 2012-08-31 23:34 - 10790760 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-08-22 05:45 - 2012-08-31 23:34 - 07626088 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-08-22 05:45 - 2012-08-31 23:34 - 06100328 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2012-08-22 05:45 - 2012-08-31 23:34 - 02573672 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-08-22 05:45 - 2012-08-31 23:34 - 01866088 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-08-22 05:45 - 2012-08-31 23:34 - 00888168 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco32.dll
2012-08-22 05:45 - 2012-08-31 23:34 - 00202600 ____A (NVIDIA Corporation) C:\Windows\System32\nvinit.dll
2012-08-22 05:45 - 2012-04-03 18:42 - 01010536 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2012-08-22 05:45 - 2012-02-28 12:52 - 00830312 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshim.dll
2012-08-22 05:45 - 2011-05-21 05:01 - 12465512 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2um.dll
2012-08-22 05:45 - 2011-05-21 05:01 - 02422120 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
2012-08-22 05:45 - 2011-05-21 05:01 - 00012956 ____A C:\Windows\System32\nvinfo.pb
2012-08-15 17:33 - 2009-07-13 20:33 - 00415184 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 16:15 - 2010-08-28 18:27 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-15 16:14 - 2009-07-13 18:04 - 00000534 ____A C:\Windows\win.ini
2012-08-06 19:21 - 2012-08-06 19:21 - 00001720 ____A C:\Users\Public\Desktop\League of Legends.lnk
2012-07-31 11:55 - 2010-08-30 06:43 - 00001100 ____A C:\Users\Public\Desktop\StarCraft II.lnk
2012-07-22 19:59 - 2012-05-28 22:12 - 00002001 ____A C:\Windows\KB893803v2.log
2012-07-19 16:09 - 2012-06-27 15:55 - 00000048 ____A C:\Users\Yips\jagex_cl_runescape_LIVE_BETA.dat
2012-07-18 09:47 - 2012-08-15 15:58 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-16 20:40 - 2012-07-16 20:40 - 00001815 ____A C:\Users\Public\Desktop\ooVoo.lnk
2012-07-06 20:09 - 2012-07-06 20:04 - 177164651 ____A C:\Users\Yips\Downloads\ME3ECSoundtrack.zip
2012-07-06 11:23 - 2012-08-15 16:13 - 00393728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-04 13:16 - 2012-08-15 15:58 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 13:14 - 2012-08-15 15:58 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 13:14 - 2012-08-15 15:58 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-01 07:35 - 2012-07-01 07:35 - 00131072 ___AH C:\Windows\DUMP7b5c.DMP
2012-06-28 16:52 - 2012-08-15 16:12 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 16:27 - 2012-08-15 16:12 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 16:16 - 2012-08-15 16:12 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 16:09 - 2012-08-15 16:12 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 16:09 - 2012-08-15 16:12 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 16:08 - 2012-08-15 16:12 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 16:07 - 2012-08-15 16:12 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 16:06 - 2012-08-15 16:12 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 16:04 - 2012-08-15 16:12 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 16:04 - 2012-08-15 16:12 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 16:01 - 2012-08-15 16:12 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 16:01 - 2012-08-15 16:12 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 16:00 - 2012-08-15 16:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 15:57 - 2012-08-15 16:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-27 15:56 - 2010-08-28 19:31 - 00000129 ____A C:\Users\Yips\jagex_runescape_preferences2.dat
2012-06-27 15:55 - 2010-08-28 19:30 - 00000046 ____A C:\Users\Yips\jagex_runescape_preferences.dat
2012-06-22 21:12 - 2012-06-22 21:09 - 169657794 ____A C:\Users\Yips\Downloads\VisualRealityMod_0.3alpha.1.zip


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-03 23:06:26
Restore point made on: 2012-09-04 18:50:48
Restore point made on: 2012-09-04 20:12:04

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3063.12 MB
Available physical RAM: 2526.23 MB
Total Pagefile: 3059.33 MB
Available Pagefile: 2530.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.7 MB

==================== Partitions ============================

1 Drive c: (Windows 7 32 bit) (Fixed) (Total:976.46 GB) (Free:819.46 GB) NTFS
2 Drive e: (Windows 7 64 bit) (Fixed) (Total:420.7 GB) (Free:331.32 GB) NTFS
3 Drive f: (EAWX_1) (CDROM) (Total:0.31 GB) (Free:0 GB) CDFS
4 Drive g: (USB Stick) (Removable) (Total:1.86 GB) (Free:0.7 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1397 GB 1024 KB
Disk 1 Online 1906 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 976 GB 101 MB
Partition 3 Primary 420 GB 976 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows 7 3 NTFS Partition 976 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Windows 7 6 NTFS Partition 420 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1905 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G USB Stick NTFS Removable 1905 MB Healthy

==================================================================================

Last Boot: 2012-08-29 22:06

==================== End Of Log =============================

And the search.txt

Farbar Recovery Scan Tool (x86) Version: 05-09-2012
Ran by SYSTEM at 2012-09-06 17:30:40
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

Edited by Shreud, 06 September 2012 - 08:04 PM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 06 September 2012 - 08:15 PM

Please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Shreud

Shreud
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 06 September 2012 - 09:15 PM

As requested, here are the following logs (there are two.) Incidentally, at the time of running TDSSKiller, Norton detected and blocked four instances of a Trojan.Gen, three of which were reportedly "Trojan.Gen2", all located at File: c:\tdsskiller_quarantine\06.09.2012_18.59.8\mbr0000\tdlfs0000\(file names ended here with tsk0000(2-6). One Malicious item was found, and another, a TDSS file system, had no cure option and was skipped. The reboot was successful.

18:59:07.0301 5040 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:59:08.0801 5040 ============================================================
18:59:08.0801 5040 Current date / time: 2012/09/06 18:59:08.0801
18:59:08.0801 5040 SystemInfo:
18:59:08.0801 5040
18:59:08.0801 5040 OS Version: 6.1.7601 ServicePack: 1.0
18:59:08.0801 5040 Product type: Workstation
18:59:08.0801 5040 ComputerName: YIP02-CARSON
18:59:08.0801 5040 UserName: Yips
18:59:08.0801 5040 Windows directory: C:\Windows
18:59:08.0801 5040 System windows directory: C:\Windows
18:59:08.0801 5040 Processor architecture: Intel x86
18:59:08.0801 5040 Number of processors: 8
18:59:08.0801 5040 Page size: 0x1000
18:59:08.0801 5040 Boot type: Normal boot
18:59:08.0801 5040 ============================================================
18:59:09.0864 5040 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:59:09.0864 5040 Drive \Device\Harddisk1\DR1 - Size: 0x77200000 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:59:09.0864 5040 ============================================================
18:59:09.0864 5040 \Device\Harddisk0\DR0:
18:59:09.0864 5040 MBR partitions:
18:59:09.0864 5040 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:59:09.0864 5040 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7A0EE000
18:59:09.0864 5040 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7A120800, BlocksNum 0x34966000
18:59:09.0864 5040 \Device\Harddisk1\DR1:
18:59:09.0864 5040 MBR partitions:
18:59:09.0864 5040 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0x3B8FE0
18:59:09.0864 5040 ============================================================
18:59:09.0895 5040 C: <-> \Device\Harddisk0\DR0\Partition2
18:59:09.0942 5040 B: <-> \Device\Harddisk0\DR0\Partition3
18:59:09.0942 5040 ============================================================
18:59:09.0942 5040 Initialize success
18:59:09.0942 5040 ============================================================
18:59:50.0491 3948 ============================================================
18:59:50.0491 3948 Scan started
18:59:50.0491 3948 Mode: Manual; TDLFS;
18:59:50.0491 3948 ============================================================
18:59:51.0569 3948 ================ Scan system memory ========================
18:59:51.0569 3948 System memory - ok
18:59:51.0569 3948 ================ Scan services =============================
18:59:51.0678 3948 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:59:51.0678 3948 1394ohci - ok
18:59:51.0709 3948 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:59:51.0709 3948 ACPI - ok
18:59:51.0725 3948 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:59:51.0725 3948 AcpiPmi - ok
18:59:51.0803 3948 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:59:51.0803 3948 AdobeARMservice - ok
18:59:51.0850 3948 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:59:51.0850 3948 AdobeFlashPlayerUpdateSvc - ok
18:59:51.0897 3948 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:59:51.0897 3948 adp94xx - ok
18:59:51.0913 3948 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:59:51.0928 3948 adpahci - ok
18:59:51.0928 3948 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:59:51.0928 3948 adpu320 - ok
18:59:51.0959 3948 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:59:51.0959 3948 AeLookupSvc - ok
18:59:52.0006 3948 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
18:59:52.0006 3948 AFD - ok
18:59:52.0022 3948 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
18:59:52.0022 3948 agp440 - ok
18:59:52.0038 3948 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
18:59:52.0038 3948 aic78xx - ok
18:59:52.0053 3948 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
18:59:52.0069 3948 ALG - ok
18:59:52.0069 3948 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
18:59:52.0084 3948 aliide - ok
18:59:52.0084 3948 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:59:52.0100 3948 amdagp - ok
18:59:52.0100 3948 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
18:59:52.0116 3948 amdide - ok
18:59:52.0194 3948 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:59:52.0225 3948 AmdK8 - ok
18:59:52.0256 3948 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:59:52.0272 3948 AmdPPM - ok
18:59:52.0334 3948 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:59:52.0334 3948 amdsata - ok
18:59:52.0350 3948 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:59:52.0350 3948 amdsbs - ok
18:59:52.0350 3948 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:59:52.0350 3948 amdxata - ok
18:59:52.0381 3948 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
18:59:52.0381 3948 AppID - ok
18:59:52.0397 3948 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:59:52.0397 3948 AppIDSvc - ok
18:59:52.0413 3948 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
18:59:52.0413 3948 Appinfo - ok
18:59:52.0522 3948 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:59:52.0522 3948 Apple Mobile Device - ok
18:59:52.0538 3948 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
18:59:52.0553 3948 AppMgmt - ok
18:59:52.0569 3948 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
18:59:52.0569 3948 arc - ok
18:59:52.0569 3948 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:59:52.0569 3948 arcsas - ok
18:59:52.0600 3948 [ B6E6B264E9C4D0AD0E97AF8434C8754D ] asusgsb C:\Windows\system32\drivers\asusgsb.sys
18:59:52.0616 3948 asusgsb - ok
18:59:52.0631 3948 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:59:52.0631 3948 AsyncMac - ok
18:59:52.0647 3948 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
18:59:52.0647 3948 atapi - ok
18:59:52.0663 3948 [ 409AAFBD2642813F2C1BB446C816E354 ] atkdisplf C:\Windows\system32\drivers\ATKDispLowFilter.sys
18:59:52.0663 3948 atkdisplf - ok
18:59:52.0678 3948 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:59:52.0694 3948 AudioEndpointBuilder - ok
18:59:52.0694 3948 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:59:52.0709 3948 Audiosrv - ok
18:59:52.0741 3948 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:59:52.0756 3948 AxInstSV - ok
18:59:52.0772 3948 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
18:59:52.0772 3948 b06bdrv - ok
18:59:52.0788 3948 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:59:52.0803 3948 b57nd60x - ok
18:59:52.0866 3948 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
18:59:52.0881 3948 BBSvc - ok
18:59:52.0897 3948 [ E6480D6C5B0B34C8E57A459EC1CB99D5 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
18:59:52.0913 3948 BCM43XV - ok
18:59:52.0928 3948 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:59:52.0944 3948 BDESVC - ok
18:59:52.0959 3948 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:59:52.0959 3948 Beep - ok
18:59:52.0991 3948 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
18:59:52.0991 3948 BFE - ok
18:59:53.0178 3948 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120905.001\BHDrvx86.sys
18:59:53.0194 3948 BHDrvx86 - ok
18:59:53.0225 3948 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
18:59:53.0225 3948 BITS - ok
18:59:53.0241 3948 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:59:53.0241 3948 blbdrive - ok
18:59:53.0272 3948 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:59:53.0272 3948 bowser - ok
18:59:53.0288 3948 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:59:53.0288 3948 BrFiltLo - ok
18:59:53.0303 3948 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:59:53.0303 3948 BrFiltUp - ok
18:59:53.0319 3948 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
18:59:53.0319 3948 Browser - ok
18:59:53.0334 3948 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:59:53.0350 3948 Brserid - ok
18:59:53.0350 3948 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:59:53.0350 3948 BrSerWdm - ok
18:59:53.0366 3948 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:59:53.0366 3948 BrUsbMdm - ok
18:59:53.0381 3948 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:59:53.0381 3948 BrUsbSer - ok
18:59:53.0428 3948 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
18:59:53.0428 3948 BthEnum - ok
18:59:53.0428 3948 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:59:53.0444 3948 BTHMODEM - ok
18:59:53.0459 3948 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:59:53.0459 3948 BthPan - ok
18:59:53.0506 3948 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
18:59:53.0506 3948 BTHPORT - ok
18:59:53.0538 3948 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:59:53.0553 3948 bthserv - ok
18:59:53.0553 3948 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
18:59:53.0569 3948 BTHUSB - ok
18:59:53.0584 3948 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:59:53.0584 3948 cdfs - ok
18:59:53.0663 3948 cdrmkaun - ok
18:59:53.0678 3948 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:59:53.0694 3948 cdrom - ok
18:59:53.0709 3948 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
18:59:53.0709 3948 CertPropSvc - ok
18:59:53.0741 3948 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:59:53.0741 3948 circlass - ok
18:59:53.0756 3948 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:59:53.0756 3948 CLFS - ok
18:59:53.0819 3948 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:59:53.0850 3948 clr_optimization_v2.0.50727_32 - ok
18:59:53.0897 3948 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:59:53.0928 3948 clr_optimization_v4.0.30319_32 - ok
18:59:53.0944 3948 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:59:53.0944 3948 CmBatt - ok
18:59:53.0959 3948 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:59:53.0959 3948 cmdide - ok
18:59:54.0006 3948 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
18:59:54.0006 3948 CNG - ok
18:59:54.0022 3948 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:59:54.0022 3948 Compbatt - ok
18:59:54.0053 3948 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:59:54.0053 3948 CompositeBus - ok
18:59:54.0053 3948 COMSysApp - ok
18:59:54.0069 3948 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:59:54.0069 3948 crcdisk - ok
18:59:54.0116 3948 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:59:54.0116 3948 CryptSvc - ok
18:59:54.0163 3948 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
18:59:54.0163 3948 CSC - ok
18:59:54.0178 3948 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
18:59:54.0194 3948 CscService - ok
18:59:54.0225 3948 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:59:54.0225 3948 DcomLaunch - ok
18:59:54.0241 3948 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:59:54.0256 3948 defragsvc - ok
18:59:54.0272 3948 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:59:54.0288 3948 DfsC - ok
18:59:54.0303 3948 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:59:54.0303 3948 Dhcp - ok
18:59:54.0319 3948 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:59:54.0319 3948 discache - ok
18:59:54.0350 3948 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:59:54.0350 3948 Disk - ok
18:59:54.0381 3948 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:59:54.0381 3948 Dnscache - ok
18:59:54.0397 3948 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
18:59:54.0413 3948 dot3svc - ok
18:59:54.0428 3948 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
18:59:54.0428 3948 DPS - ok
18:59:54.0459 3948 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:59:54.0459 3948 drmkaud - ok
18:59:54.0491 3948 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:59:54.0506 3948 DXGKrnl - ok
18:59:54.0522 3948 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:59:54.0522 3948 EapHost - ok
18:59:54.0584 3948 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
18:59:54.0631 3948 ebdrv - ok
18:59:54.0709 3948 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:59:54.0725 3948 eeCtrl - ok
18:59:54.0741 3948 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
18:59:54.0756 3948 EFS - ok
18:59:54.0803 3948 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:59:54.0803 3948 ehRecvr - ok
18:59:54.0819 3948 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
18:59:54.0834 3948 ehSched - ok
18:59:54.0881 3948 [ 42584EC72495F4DA1704123A20AC1012 ] EIO C:\Windows\system32\DRIVERS\EIO.sys
18:59:54.0881 3948 EIO - ok
18:59:54.0897 3948 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:59:54.0897 3948 elxstor - ok
18:59:54.0928 3948 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:59:54.0944 3948 EraserUtilRebootDrv - ok
18:59:54.0959 3948 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:59:54.0975 3948 ErrDev - ok
18:59:54.0991 3948 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:59:54.0991 3948 EventSystem - ok
18:59:55.0006 3948 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:59:55.0022 3948 exfat - ok
18:59:55.0022 3948 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:59:55.0038 3948 fastfat - ok
18:59:55.0084 3948 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
18:59:55.0084 3948 Fax - ok
18:59:55.0100 3948 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:59:55.0100 3948 fdc - ok
18:59:55.0116 3948 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:59:55.0116 3948 fdPHost - ok
18:59:55.0116 3948 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:59:55.0116 3948 FDResPub - ok
18:59:55.0131 3948 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:59:55.0131 3948 FileInfo - ok
18:59:55.0147 3948 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:59:55.0147 3948 Filetrace - ok
18:59:55.0163 3948 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:59:55.0163 3948 flpydisk - ok
18:59:55.0178 3948 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:59:55.0178 3948 FltMgr - ok
18:59:55.0225 3948 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
18:59:55.0241 3948 FontCache - ok
18:59:55.0272 3948 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:59:55.0272 3948 FontCache3.0.0.0 - ok
18:59:55.0272 3948 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:59:55.0288 3948 FsDepends - ok
18:59:55.0319 3948 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
18:59:55.0334 3948 fssfltr - ok
18:59:55.0413 3948 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:59:55.0459 3948 fsssvc - ok
18:59:55.0491 3948 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:59:55.0491 3948 Fs_Rec - ok
18:59:55.0522 3948 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:59:55.0538 3948 fvevol - ok
18:59:55.0553 3948 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:59:55.0553 3948 gagp30kx - ok
18:59:55.0584 3948 [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:59:55.0600 3948 GEARAspiWDM - ok
18:59:55.0631 3948 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
18:59:55.0647 3948 gpsvc - ok
18:59:55.0678 3948 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:59:55.0678 3948 gupdate - ok
18:59:55.0694 3948 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:59:55.0694 3948 gupdatem - ok
18:59:55.0694 3948 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:59:55.0694 3948 hcw85cir - ok
18:59:55.0725 3948 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:59:55.0725 3948 HdAudAddService - ok
18:59:55.0741 3948 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:59:55.0756 3948 HDAudBus - ok
18:59:55.0756 3948 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:59:55.0756 3948 HidBatt - ok
18:59:55.0788 3948 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:59:55.0788 3948 HidBth - ok
18:59:55.0803 3948 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:59:55.0803 3948 HidIr - ok
18:59:55.0834 3948 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
18:59:55.0834 3948 hidserv - ok
18:59:55.0866 3948 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:59:55.0866 3948 HidUsb - ok
18:59:55.0897 3948 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:59:55.0897 3948 hkmsvc - ok
18:59:55.0913 3948 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:59:55.0928 3948 HomeGroupListener - ok
18:59:55.0944 3948 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:59:55.0944 3948 HomeGroupProvider - ok
18:59:56.0038 3948 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:59:56.0038 3948 hpqcxs08 - ok
18:59:56.0053 3948 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:59:56.0069 3948 hpqddsvc - ok
18:59:56.0100 3948 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:59:56.0100 3948 HpSAMD - ok
18:59:56.0131 3948 [ 79737E0F7D25DE8405CB34D4C9882253 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
18:59:56.0131 3948 HPSLPSVC - ok
18:59:56.0163 3948 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:59:56.0163 3948 HTTP - ok
18:59:56.0194 3948 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:59:56.0209 3948 hwpolicy - ok
18:59:56.0225 3948 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:59:56.0225 3948 i8042prt - ok
18:59:56.0225 3948 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:59:56.0241 3948 iaStorV - ok
18:59:56.0288 3948 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:59:56.0303 3948 IDriverT - ok
18:59:56.0334 3948 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:59:56.0366 3948 idsvc - ok
18:59:56.0553 3948 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120906.008\IDSvix86.sys
18:59:56.0553 3948 IDSVix86 - ok
18:59:56.0584 3948 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:59:56.0584 3948 iirsp - ok
18:59:56.0631 3948 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
18:59:56.0647 3948 IKEEXT - ok
18:59:56.0663 3948 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
18:59:56.0678 3948 intelide - ok
18:59:56.0678 3948 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:59:56.0678 3948 intelppm - ok
18:59:56.0694 3948 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:59:56.0694 3948 IPBusEnum - ok
18:59:56.0709 3948 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:59:56.0709 3948 IpFilterDriver - ok
18:59:56.0741 3948 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:59:56.0756 3948 iphlpsvc - ok
18:59:56.0772 3948 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:59:56.0788 3948 IPMIDRV - ok
18:59:56.0803 3948 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:59:56.0803 3948 IPNAT - ok
18:59:56.0819 3948 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:59:56.0819 3948 IRENUM - ok
18:59:56.0834 3948 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:59:56.0834 3948 isapnp - ok
18:59:56.0850 3948 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:59:56.0850 3948 iScsiPrt - ok
18:59:56.0866 3948 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:59:56.0881 3948 kbdclass - ok
18:59:56.0897 3948 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:59:56.0913 3948 kbdhid - ok
18:59:56.0928 3948 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
18:59:56.0928 3948 KeyIso - ok
18:59:56.0959 3948 [ 9C119CB6E2DDD5C2C5F7C8B5968EFC6F ] Kinetic Books License Service C:\Program Files\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe
18:59:56.0975 3948 Kinetic Books License Service - ok
18:59:57.0006 3948 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:59:57.0022 3948 KSecDD - ok
18:59:57.0022 3948 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:59:57.0022 3948 KSecPkg - ok
18:59:57.0053 3948 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:59:57.0069 3948 KtmRm - ok
18:59:57.0116 3948 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
18:59:57.0116 3948 LanmanServer - ok
18:59:57.0147 3948 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:59:57.0147 3948 LanmanWorkstation - ok
18:59:57.0178 3948 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:59:57.0178 3948 lltdio - ok
18:59:57.0194 3948 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:59:57.0194 3948 lltdsvc - ok
18:59:57.0209 3948 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:59:57.0209 3948 lmhosts - ok
18:59:57.0225 3948 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:59:57.0225 3948 LSI_FC - ok
18:59:57.0241 3948 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:59:57.0241 3948 LSI_SAS - ok
18:59:57.0256 3948 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:59:57.0256 3948 LSI_SAS2 - ok
18:59:57.0256 3948 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:59:57.0272 3948 LSI_SCSI - ok
18:59:57.0272 3948 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:59:57.0288 3948 luafv - ok
18:59:57.0303 3948 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:59:57.0319 3948 Mcx2Svc - ok
18:59:57.0475 3948 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:59:57.0491 3948 MDM - ok
18:59:57.0522 3948 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:59:57.0522 3948 megasas - ok
18:59:57.0569 3948 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:59:57.0600 3948 MegaSR - ok
18:59:57.0616 3948 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:59:57.0616 3948 MMCSS - ok
18:59:57.0631 3948 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:59:57.0631 3948 Modem - ok
18:59:57.0678 3948 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:59:57.0678 3948 monitor - ok
18:59:57.0709 3948 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:59:57.0725 3948 mouclass - ok
18:59:57.0725 3948 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:59:57.0725 3948 mouhid - ok
18:59:57.0756 3948 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:59:57.0756 3948 mountmgr - ok
18:59:57.0772 3948 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
18:59:57.0788 3948 mpio - ok
18:59:57.0788 3948 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:59:57.0788 3948 mpsdrv - ok
18:59:57.0819 3948 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:59:57.0834 3948 MpsSvc - ok
18:59:57.0866 3948 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:59:57.0866 3948 MRxDAV - ok
18:59:57.0897 3948 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:59:57.0913 3948 mrxsmb - ok
18:59:57.0944 3948 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:59:57.0944 3948 mrxsmb10 - ok
18:59:57.0959 3948 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:59:57.0959 3948 mrxsmb20 - ok
18:59:57.0991 3948 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
18:59:57.0991 3948 msahci - ok
18:59:58.0053 3948 [ D98350792A7CE82E7459A7C36481BEDA ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
18:59:58.0053 3948 MSCamSvc - ok
18:59:58.0069 3948 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:59:58.0069 3948 msdsm - ok
18:59:58.0084 3948 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:59:58.0084 3948 MSDTC - ok
18:59:58.0116 3948 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:59:58.0116 3948 Msfs - ok
18:59:58.0116 3948 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:59:58.0116 3948 mshidkmdf - ok
18:59:58.0163 3948 [ 5119FFC2A6B51089CDB0EFDC75808C97 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
18:59:58.0163 3948 MSHUSBVideo - ok
18:59:58.0163 3948 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:59:58.0163 3948 msisadrv - ok
18:59:58.0178 3948 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:59:58.0194 3948 MSiSCSI - ok
18:59:58.0194 3948 msiserver - ok
18:59:58.0225 3948 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:59:58.0225 3948 MSKSSRV - ok
18:59:58.0225 3948 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:59:58.0241 3948 MSPCLOCK - ok
18:59:58.0241 3948 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:59:58.0241 3948 MSPQM - ok
18:59:58.0256 3948 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:59:58.0272 3948 MsRPC - ok
18:59:58.0272 3948 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:59:58.0272 3948 mssmbios - ok
18:59:58.0288 3948 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:59:58.0303 3948 MSTEE - ok
18:59:58.0319 3948 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:59:58.0319 3948 MTConfig - ok
18:59:58.0334 3948 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:59:58.0334 3948 Mup - ok
18:59:58.0413 3948 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
18:59:58.0413 3948 N360 - ok
18:59:58.0444 3948 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
18:59:58.0444 3948 napagent - ok
18:59:58.0475 3948 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:59:58.0475 3948 NativeWifiP - ok
18:59:58.0553 3948 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120906.018\NAVENG.SYS
18:59:58.0553 3948 NAVENG - ok
18:59:58.0584 3948 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120906.018\NAVEX15.SYS
18:59:58.0631 3948 NAVEX15 - ok
18:59:58.0663 3948 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:59:58.0678 3948 NDIS - ok
18:59:58.0694 3948 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:59:58.0694 3948 NdisCap - ok
18:59:58.0709 3948 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:59:58.0709 3948 NdisTapi - ok
18:59:58.0725 3948 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:59:58.0741 3948 Ndisuio - ok
18:59:58.0772 3948 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:59:58.0772 3948 NdisWan - ok
18:59:58.0788 3948 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:59:58.0788 3948 NDProxy - ok
18:59:58.0819 3948 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:59:58.0819 3948 Net Driver HPZ12 - ok
18:59:58.0834 3948 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:59:58.0834 3948 NetBIOS - ok
18:59:58.0850 3948 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:59:58.0850 3948 NetBT - ok
18:59:58.0866 3948 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
18:59:58.0866 3948 Netlogon - ok
18:59:58.0913 3948 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:59:58.0913 3948 Netman - ok
18:59:58.0928 3948 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:59:58.0928 3948 netprofm - ok
18:59:58.0959 3948 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:59:58.0991 3948 NetTcpPortSharing - ok
18:59:59.0006 3948 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:59:59.0006 3948 nfrd960 - ok
18:59:59.0022 3948 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:59:59.0022 3948 NlaSvc - ok
18:59:59.0038 3948 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:59:59.0038 3948 Npfs - ok
18:59:59.0053 3948 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:59:59.0053 3948 nsi - ok
18:59:59.0053 3948 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:59:59.0053 3948 nsiproxy - ok
18:59:59.0100 3948 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:59:59.0116 3948 Ntfs - ok
18:59:59.0131 3948 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:59:59.0131 3948 Null - ok
18:59:59.0163 3948 [ A0A9E53B4AAC3C6534A063ABA69BC19F ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
18:59:59.0163 3948 NVHDA - ok
18:59:59.0334 3948 [ 1EB8269B0A24FC194B95A66669BB5AA2 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:59:59.0522 3948 nvlddmkm - ok
18:59:59.0553 3948 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:59:59.0553 3948 nvraid - ok
18:59:59.0569 3948 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:59:59.0569 3948 nvstor - ok
18:59:59.0600 3948 [ 782945716AD010AC3D41758E8E52C735 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:59:59.0631 3948 nvsvc - ok
18:59:59.0709 3948 [ A974E5C310B9B00894070CEB055D467F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:59:59.0725 3948 nvUpdatusService - ok
18:59:59.0741 3948 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:59:59.0756 3948 nv_agp - ok
18:59:59.0756 3948 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:59:59.0772 3948 ohci1394 - ok
18:59:59.0788 3948 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:59:59.0803 3948 ose - ok
18:59:59.0819 3948 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:59:59.0834 3948 p2pimsvc - ok
18:59:59.0850 3948 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:59:59.0850 3948 p2psvc - ok
18:59:59.0881 3948 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:59:59.0881 3948 Parport - ok
18:59:59.0913 3948 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:59:59.0913 3948 partmgr - ok
18:59:59.0928 3948 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:59:59.0928 3948 Parvdm - ok
18:59:59.0944 3948 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:59:59.0944 3948 PcaSvc - ok
18:59:59.0959 3948 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
18:59:59.0975 3948 pci - ok
18:59:59.0991 3948 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
18:59:59.0991 3948 pciide - ok
19:00:00.0006 3948 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:00:00.0006 3948 pcmcia - ok
19:00:00.0022 3948 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:00:00.0022 3948 pcw - ok
19:00:00.0053 3948 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:00:00.0069 3948 PEAUTH - ok
19:00:00.0147 3948 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:00:00.0163 3948 PeerDistSvc - ok
19:00:00.0256 3948 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:00:00.0288 3948 pla - ok
19:00:00.0319 3948 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:00:00.0319 3948 PlugPlay - ok
19:00:00.0397 3948 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:00:00.0397 3948 Pml Driver HPZ12 - ok
19:00:00.0428 3948 [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
19:00:00.0444 3948 PnkBstrA - ok
19:00:00.0459 3948 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:00:00.0491 3948 PNRPAutoReg - ok
19:00:00.0491 3948 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:00:00.0506 3948 PNRPsvc - ok
19:00:00.0538 3948 [ 60A044879C4FA76314494F5FDDC43B93 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
19:00:00.0538 3948 Point32 - ok
19:00:00.0569 3948 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:00:00.0584 3948 PolicyAgent - ok
19:00:00.0600 3948 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:00:00.0616 3948 Power - ok
19:00:00.0631 3948 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:00:00.0631 3948 PptpMiniport - ok
19:00:00.0647 3948 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:00:00.0647 3948 Processor - ok
19:00:00.0678 3948 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:00:00.0694 3948 ProfSvc - ok
19:00:00.0709 3948 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:00:00.0709 3948 ProtectedStorage - ok
19:00:00.0725 3948 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:00:00.0725 3948 Psched - ok
19:00:00.0756 3948 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:00:00.0788 3948 ql2300 - ok
19:00:00.0788 3948 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:00:00.0803 3948 ql40xx - ok
19:00:00.0803 3948 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:00:00.0819 3948 QWAVE - ok
19:00:00.0819 3948 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:00:00.0834 3948 QWAVEdrv - ok
19:00:00.0881 3948 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
19:00:00.0881 3948 RapiMgr - ok
19:00:00.0897 3948 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:00:00.0897 3948 RasAcd - ok
19:00:00.0913 3948 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:00:00.0913 3948 RasAgileVpn - ok
19:00:00.0913 3948 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:00:00.0928 3948 RasAuto - ok
19:00:00.0928 3948 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:00:00.0944 3948 Rasl2tp - ok
19:00:00.0975 3948 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:00:00.0991 3948 RasMan - ok
19:00:01.0006 3948 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:00:01.0006 3948 RasPppoe - ok
19:00:01.0022 3948 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:00:01.0022 3948 RasSstp - ok
19:00:01.0038 3948 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:00:01.0038 3948 rdbss - ok
19:00:01.0053 3948 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:00:01.0053 3948 rdpbus - ok
19:00:01.0084 3948 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:00:01.0100 3948 RDPCDD - ok
19:00:01.0131 3948 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:00:01.0131 3948 RDPDR - ok
19:00:01.0147 3948 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:00:01.0147 3948 RDPENCDD - ok
19:00:01.0163 3948 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:00:01.0178 3948 RDPREFMP - ok
19:00:01.0225 3948 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:00:01.0225 3948 RdpVideoMiniport - ok
19:00:01.0256 3948 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:00:01.0272 3948 RDPWD - ok
19:00:01.0288 3948 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:00:01.0334 3948 rdyboost - ok
19:00:01.0366 3948 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:00:01.0381 3948 RemoteAccess - ok
19:00:01.0459 3948 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:00:01.0491 3948 RemoteRegistry - ok
19:00:01.0538 3948 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:00:01.0538 3948 RFCOMM - ok
19:00:01.0553 3948 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:00:01.0569 3948 RpcEptMapper - ok
19:00:01.0616 3948 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:00:01.0631 3948 RpcLocator - ok
19:00:01.0663 3948 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:00:01.0663 3948 RpcSs - ok
19:00:01.0694 3948 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:00:01.0694 3948 rspndr - ok
19:00:01.0725 3948 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
19:00:01.0725 3948 RTL8167 - ok
19:00:01.0741 3948 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:00:01.0741 3948 s3cap - ok
19:00:01.0756 3948 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:00:01.0756 3948 SamSs - ok
19:00:01.0788 3948 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:00:01.0788 3948 sbp2port - ok
19:00:01.0803 3948 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:00:01.0803 3948 SCardSvr - ok
19:00:01.0834 3948 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:00:01.0834 3948 scfilter - ok
19:00:01.0866 3948 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:00:01.0881 3948 Schedule - ok
19:00:01.0897 3948 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:00:01.0897 3948 SCPolicySvc - ok
19:00:01.0928 3948 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:00:01.0928 3948 SDRSVC - ok
19:00:01.0991 3948 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:00:01.0991 3948 SeaPort - ok
19:00:02.0006 3948 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:00:02.0006 3948 secdrv - ok
19:00:02.0006 3948 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:00:02.0022 3948 seclogon - ok
19:00:02.0022 3948 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
19:00:02.0022 3948 SENS - ok
19:00:02.0038 3948 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:00:02.0038 3948 SensrSvc - ok
19:00:02.0069 3948 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:00:02.0069 3948 Serenum - ok
19:00:02.0069 3948 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:00:02.0084 3948 Serial - ok
19:00:02.0100 3948 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:00:02.0100 3948 sermouse - ok
19:00:02.0131 3948 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:00:02.0131 3948 SessionEnv - ok
19:00:02.0147 3948 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:00:02.0163 3948 sffdisk - ok
19:00:02.0178 3948 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:00:02.0178 3948 sffp_mmc - ok
19:00:02.0178 3948 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:00:02.0178 3948 sffp_sd - ok
19:00:02.0194 3948 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:00:02.0194 3948 sfloppy - ok
19:00:02.0225 3948 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:00:02.0241 3948 SharedAccess - ok
19:00:02.0256 3948 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:00:02.0272 3948 ShellHWDetection - ok
19:00:02.0272 3948 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:00:02.0272 3948 sisagp - ok
19:00:02.0303 3948 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:00:02.0303 3948 SiSRaid2 - ok
19:00:02.0319 3948 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:00:02.0319 3948 SiSRaid4 - ok
19:00:02.0350 3948 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:00:02.0350 3948 SkypeUpdate - ok
19:00:02.0381 3948 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:00:02.0381 3948 Smb - ok
19:00:02.0397 3948 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:00:02.0413 3948 SNMPTRAP - ok
19:00:02.0413 3948 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:00:02.0413 3948 spldr - ok
19:00:02.0444 3948 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:00:02.0444 3948 Spooler - ok
19:00:02.0506 3948 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:00:02.0553 3948 sppsvc - ok
19:00:02.0569 3948 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:00:02.0584 3948 sppuinotify - ok
19:00:02.0678 3948 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS
19:00:02.0694 3948 SRTSP - ok
19:00:02.0709 3948 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS
19:00:02.0725 3948 SRTSPX - ok
19:00:02.0741 3948 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:00:02.0756 3948 srv - ok
19:00:02.0772 3948 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:00:02.0788 3948 srv2 - ok
19:00:02.0803 3948 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:00:02.0803 3948 srvnet - ok
19:00:02.0819 3948 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:00:02.0819 3948 SSDPSRV - ok
19:00:02.0834 3948 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:00:02.0834 3948 SstpSvc - ok
19:00:02.0866 3948 Steam Client Service - ok
19:00:02.0881 3948 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:00:02.0881 3948 stexstor - ok
19:00:02.0913 3948 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
19:00:02.0928 3948 StillCam - ok
19:00:02.0959 3948 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:00:02.0959 3948 StiSvc - ok
19:00:02.0975 3948 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:00:02.0975 3948 storflt - ok
19:00:03.0053 3948 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:00:03.0053 3948 storvsc - ok
19:00:03.0084 3948 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:00:03.0084 3948 swenum - ok
19:00:03.0100 3948 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:00:03.0100 3948 swprv - ok
19:00:03.0131 3948 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS C:\Windows\system32\drivers\N360\0502020.003\SYMDS.SYS
19:00:03.0131 3948 SymDS - ok
19:00:03.0178 3948 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA C:\Windows\system32\drivers\N360\0502020.003\SYMEFA.SYS
19:00:03.0194 3948 SymEFA - ok
19:00:03.0225 3948 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
19:00:03.0225 3948 SymEvent - ok
19:00:03.0272 3948 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS
19:00:03.0272 3948 SymIRON - ok
19:00:03.0272 3948 [ 2C688094650D23B62B0A809DECD0B12F ] SymNetS C:\Windows\System32\Drivers\N360\0502020.003\SYMNETS.SYS
19:00:03.0288 3948 SymNetS - ok
19:00:03.0288 3948 Synth3dVsc - ok
19:00:03.0334 3948 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:00:03.0366 3948 SysMain - ok
19:00:03.0381 3948 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:00:03.0413 3948 TabletInputService - ok
19:00:03.0428 3948 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:00:03.0444 3948 TapiSrv - ok
19:00:03.0459 3948 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:00:03.0459 3948 TBS - ok
19:00:03.0506 3948 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:00:03.0522 3948 Tcpip - ok
19:00:03.0553 3948 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:00:03.0569 3948 TCPIP6 - ok
19:00:03.0600 3948 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:00:03.0616 3948 tcpipreg - ok
19:00:03.0616 3948 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:00:03.0616 3948 TDPIPE - ok
19:00:03.0647 3948 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:00:03.0647 3948 TDTCP - ok
19:00:03.0694 3948 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:00:03.0694 3948 tdx - ok
19:00:03.0709 3948 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:00:03.0709 3948 TermDD - ok
19:00:03.0741 3948 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:00:03.0756 3948 TermService - ok
19:00:03.0772 3948 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:00:03.0772 3948 Themes - ok
19:00:03.0772 3948 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:00:03.0772 3948 THREADORDER - ok
19:00:03.0819 3948 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:00:03.0819 3948 TrkWks - ok
19:00:03.0850 3948 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:00:03.0850 3948 TrustedInstaller - ok
19:00:03.0866 3948 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:00:03.0866 3948 tssecsrv - ok
19:00:03.0897 3948 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:00:03.0897 3948 TsUsbFlt - ok
19:00:03.0897 3948 tsusbhub - ok
19:00:03.0913 3948 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:00:03.0928 3948 tunnel - ok
19:00:03.0944 3948 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:00:03.0944 3948 uagp35 - ok
19:00:03.0975 3948 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:00:03.0975 3948 udfs - ok
19:00:04.0006 3948 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:00:04.0006 3948 UI0Detect - ok
19:00:04.0022 3948 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:00:04.0038 3948 uliagpkx - ok
19:00:04.0053 3948 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:00:04.0053 3948 umbus - ok
19:00:04.0069 3948 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:00:04.0084 3948 UmPass - ok
19:00:04.0116 3948 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
19:00:04.0131 3948 UmRdpService - ok
19:00:04.0131 3948 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:00:04.0147 3948 upnphost - ok
19:00:04.0163 3948 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:00:04.0178 3948 USBAAPL - ok
19:00:04.0194 3948 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:00:04.0209 3948 usbaudio - ok
19:00:04.0209 3948 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:00:04.0225 3948 usbccgp - ok
19:00:04.0241 3948 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:00:04.0241 3948 usbcir - ok
19:00:04.0256 3948 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:00:04.0256 3948 usbehci - ok
19:00:04.0272 3948 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:00:04.0272 3948 usbhub - ok
19:00:04.0288 3948 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:00:04.0288 3948 usbohci - ok
19:00:04.0303 3948 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:00:04.0303 3948 usbprint - ok
19:00:04.0319 3948 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:00:04.0319 3948 USBSTOR - ok
19:00:04.0334 3948 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:00:04.0334 3948 usbuhci - ok
19:00:04.0350 3948 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:00:04.0366 3948 usbvideo - ok
19:00:04.0397 3948 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
19:00:04.0397 3948 usb_rndisx - ok
19:00:04.0413 3948 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:00:04.0428 3948 UxSms - ok
19:00:04.0428 3948 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:00:04.0428 3948 VaultSvc - ok
19:00:04.0444 3948 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:00:04.0459 3948 vdrvroot - ok
19:00:04.0491 3948 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:00:04.0506 3948 vds - ok
19:00:04.0522 3948 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:00:04.0522 3948 vga - ok
19:00:04.0538 3948 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:00:04.0538 3948 VgaSave - ok
19:00:04.0553 3948 VGPU - ok
19:00:04.0553 3948 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:00:04.0569 3948 vhdmp - ok
19:00:04.0584 3948 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:00:04.0584 3948 viaagp - ok
19:00:04.0600 3948 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:00:04.0600 3948 ViaC7 - ok
19:00:04.0616 3948 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:00:04.0616 3948 viaide - ok
19:00:04.0631 3948 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:00:04.0631 3948 vmbus - ok
19:00:04.0647 3948 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:00:04.0647 3948 VMBusHID - ok
19:00:04.0663 3948 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:00:04.0663 3948 volmgr - ok
19:00:04.0678 3948 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:00:04.0678 3948 volmgrx - ok
19:00:04.0694 3948 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:00:04.0709 3948 volsnap - ok
19:00:04.0725 3948 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:00:04.0741 3948 vsmraid - ok
19:00:04.0756 3948 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:00:04.0772 3948 VSS - ok
19:00:04.0819 3948 vtany - ok
19:00:04.0834 3948 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:00:04.0834 3948 vwifibus - ok
19:00:04.0850 3948 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:00:04.0850 3948 W32Time - ok
19:00:04.0866 3948 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:00:04.0866 3948 WacomPen - ok
19:00:04.0897 3948 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:00:04.0897 3948 WANARP - ok
19:00:04.0897 3948 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:00:04.0897 3948 Wanarpv6 - ok
19:00:04.0944 3948 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:00:04.0975 3948 WatAdminSvc - ok
19:00:05.0006 3948 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:00:05.0038 3948 wbengine - ok
19:00:05.0053 3948 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:00:05.0069 3948 WbioSrvc - ok
19:00:05.0116 3948 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
19:00:05.0116 3948 WcesComm - ok
19:00:05.0147 3948 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:00:05.0147 3948 wcncsvc - ok
19:00:05.0163 3948 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:00:05.0163 3948 WcsPlugInService - ok
19:00:05.0178 3948 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:00:05.0194 3948 Wd - ok
19:00:05.0225 3948 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
19:00:05.0225 3948 WDC_SAM - ok
19:00:05.0241 3948 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:00:05.0241 3948 Wdf01000 - ok
19:00:05.0256 3948 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:00:05.0256 3948 WdiServiceHost - ok
19:00:05.0256 3948 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:00:05.0272 3948 WdiSystemHost - ok
19:00:05.0319 3948 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:00:05.0319 3948 WebClient - ok
19:00:05.0350 3948 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:00:05.0350 3948 Wecsvc - ok
19:00:05.0366 3948 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:00:05.0381 3948 wercplsupport - ok
19:00:05.0397 3948 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:00:05.0397 3948 WerSvc - ok
19:00:05.0428 3948 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:00:05.0428 3948 WfpLwf - ok
19:00:05.0444 3948 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:00:05.0444 3948 WIMMount - ok
19:00:05.0475 3948 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:00:05.0506 3948 WinDefend - ok
19:00:05.0506 3948 WinHttpAutoProxySvc - ok
19:00:05.0553 3948 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:00:05.0553 3948 Winmgmt - ok
19:00:05.0600 3948 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:00:05.0616 3948 WinRM - ok
19:00:05.0647 3948 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:00:05.0647 3948 WinUsb - ok
19:00:05.0663 3948 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:00:05.0678 3948 Wlansvc - ok
19:00:05.0772 3948 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:00:05.0788 3948 wlcrasvc - ok
19:00:05.0866 3948 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:00:05.0897 3948 wlidsvc - ok
19:00:05.0913 3948 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:00:05.0913 3948 WmiAcpi - ok
19:00:05.0928 3948 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:00:05.0944 3948 wmiApSrv - ok
19:00:05.0991 3948 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:00:06.0053 3948 WMPNetworkSvc - ok
19:00:06.0069 3948 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:00:06.0131 3948 WPCSvc - ok
19:00:06.0147 3948 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:00:06.0147 3948 WPDBusEnum - ok
19:00:06.0163 3948 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:00:06.0163 3948 ws2ifsl - ok
19:00:06.0178 3948 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
19:00:06.0178 3948 wscsvc - ok
19:00:06.0178 3948 WSearch - ok
19:00:06.0225 3948 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:00:06.0272 3948 wuauserv - ok
19:00:06.0288 3948 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:00:06.0288 3948 WudfPf - ok
19:00:06.0303 3948 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:00:06.0319 3948 WUDFRd - ok
19:00:06.0334 3948 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:00:06.0334 3948 wudfsvc - ok
19:00:06.0350 3948 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:00:06.0350 3948 WwanSvc - ok
19:00:06.0350 3948 xhunter1 - ok
19:00:06.0397 3948 [ C26C68BCBAC1F33F890C226769759209 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
19:00:06.0413 3948 xusb21 - ok
19:00:06.0428 3948 ================ Scan global ===============================
19:00:06.0459 3948 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:00:06.0491 3948 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:00:06.0491 3948 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:00:06.0522 3948 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:00:06.0522 3948 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:00:06.0538 3948 [Global] - ok
19:00:06.0538 3948 ================ Scan MBR ==================================
19:00:06.0538 3948 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:00:06.0538 3948 Suspicious mbr (Forged): \Device\Harddisk0\DR0
19:00:06.0600 3948 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
19:00:06.0600 3948 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
19:00:06.0678 3948 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:00:06.0678 3948 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:00:06.0678 3948 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR1
19:00:07.0131 3948 \Device\Harddisk1\DR1 - ok
19:00:07.0131 3948 ================ Scan VBR ==================================
19:00:07.0131 3948 [ 43DF2973BA34D746EF052F76401A12DE ] \Device\Harddisk0\DR0\Partition1
19:00:07.0131 3948 \Device\Harddisk0\DR0\Partition1 - ok
19:00:07.0147 3948 [ B34858B7FD6361C96FBE085BEC919EFB ] \Device\Harddisk0\DR0\Partition2
19:00:07.0163 3948 \Device\Harddisk0\DR0\Partition2 - ok
19:00:07.0178 3948 [ 9797568ADAB049DF52A9DE2F87E655C0 ] \Device\Harddisk0\DR0\Partition3
19:00:07.0178 3948 \Device\Harddisk0\DR0\Partition3 - ok
19:00:07.0178 3948 [ 1FD48132A0AF579C0CD73F78F423F99A ] \Device\Harddisk1\DR1\Partition1
19:00:07.0194 3948 \Device\Harddisk1\DR1\Partition1 - ok
19:00:07.0194 3948 ============================================================
19:00:07.0194 3948 Scan finished
19:00:07.0194 3948 ============================================================
19:00:07.0194 1668 Detected object count: 2
19:00:07.0194 1668 Actual detected object count: 2
19:00:54.0666 1668 \Device\Harddisk0\DR0\# - copied to quarantine
19:00:54.0666 1668 \Device\Harddisk0\DR0 - copied to quarantine
19:00:54.0713 1668 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
19:00:54.0729 1668 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:00:54.0745 1668 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
19:00:54.0745 1668 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
19:00:54.0760 1668 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
19:00:54.0776 1668 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:00:54.0791 1668 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:00:54.0791 1668 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
19:00:54.0791 1668 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:00:54.0807 1668 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:00:54.0807 1668 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:00:54.0807 1668 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:00:54.0807 1668 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
19:00:54.0807 1668 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
19:00:54.0838 1668 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
19:00:54.0870 1668 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
19:00:54.0870 1668 \Device\Harddisk0\DR0 - ok
19:00:54.0916 1668 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
19:00:54.0916 1668 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:00:54.0916 1668 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:06:21.0921 4336 Deinitialize success

19:08:42.0297 2400 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:08:43.0047 2400 ============================================================
19:08:43.0047 2400 Current date / time: 2012/09/06 19:08:43.0047
19:08:43.0047 2400 SystemInfo:
19:08:43.0047 2400
19:08:43.0047 2400 OS Version: 6.1.7601 ServicePack: 1.0
19:08:43.0047 2400 Product type: Workstation
19:08:43.0047 2400 ComputerName: YIP02-CARSON
19:08:43.0047 2400 UserName: Yips
19:08:43.0047 2400 Windows directory: C:\Windows
19:08:43.0047 2400 System windows directory: C:\Windows
19:08:43.0047 2400 Processor architecture: Intel x86
19:08:43.0047 2400 Number of processors: 8
19:08:43.0047 2400 Page size: 0x1000
19:08:43.0047 2400 Boot type: Normal boot
19:08:43.0047 2400 ============================================================
19:08:45.0438 2400 BG loaded
19:08:46.0000 2400 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:08:46.0016 2400 Drive \Device\Harddisk1\DR1 - Size: 0x77200000 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:08:46.0016 2400 ============================================================
19:08:46.0016 2400 \Device\Harddisk0\DR0:
19:08:46.0063 2400 MBR partitions:
19:08:46.0063 2400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:08:46.0063 2400 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7A0EE000
19:08:46.0063 2400 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7A120800, BlocksNum 0x34966000
19:08:46.0063 2400 \Device\Harddisk1\DR1:
19:08:46.0063 2400 MBR partitions:
19:08:46.0063 2400 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0x3B8FE0
19:08:46.0063 2400 ============================================================
19:08:46.0235 2400 C: <-> \Device\Harddisk0\DR0\Partition2
19:08:46.0516 2400 B: <-> \Device\Harddisk0\DR0\Partition3
19:08:46.0516 2400 ============================================================
19:08:46.0516 2400 Initialize success
19:08:46.0516 2400 ============================================================
19:15:27.0688 2504 Deinitialize success

Edited by Shreud, 06 September 2012 - 09:19 PM.


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 06 September 2012 - 10:25 PM

ok, very good

now that the pihar bootkit has been cured, you can rerun TDSSKiller and choose to delete the TDSS File killer


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Shreud

Shreud
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 06 September 2012 - 11:05 PM

As requested, here is the log. During the running of combofix, the desktop was temporarily disabled, but was brought back after a short while. No restarts were required, and the internet connection remained untampered with after combofix finished. Antivirus and firewall were temporarily turned off and on successfully.

ComboFix 12-09-06.04 - Yips 09/06/2012 20:46:28.1.8 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3063.1912 [GMT -7:00]
Running from: c:\users\Yips\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
B:\install.exe
C:\Install.exe
c:\program files\INSTALL.LOG
c:\windows\system32\pt
c:\windows\system32\pt\AuthFWSnapIn.Resources.dll
c:\windows\system32\pt\AuthFWWizFwk.Resources.dll
c:\windows\system32\pt\Narrator.resources.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-07 to 2012-09-07 )))))))))))))))))))))))))))))))
.
.
2074-05-08 01:38 . 2006-11-22 03:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-09-07 03:58 . 2012-09-07 03:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-07 03:58 . 2012-09-07 03:58 -------- d-----w- c:\users\UpdatusUser.Yips-PC\AppData\Local\temp
2012-09-07 03:58 . 2012-09-07 03:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-07 02:00 . 2012-09-07 03:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-07 01:22 . 2012-09-07 01:23 -------- d-----w- C:\FRST
2012-09-05 04:53 . 2012-09-05 04:53 -------- d-----w- c:\users\Yips\AppData\Roaming\Malwarebytes
2012-09-05 04:53 . 2012-09-05 04:53 -------- d-----w- c:\programdata\Malwarebytes
2012-09-02 03:18 . 2012-09-02 03:25 -------- d-----w- c:\users\Yips\AppData\Local\NPE
2012-09-01 09:16 . 2012-09-01 09:16 -------- d-----w- c:\windows\system32\wbem\repositoryTempBackup.0
2012-09-01 07:34 . 2012-08-22 13:45 6100328 ----a-w- c:\windows\system32\nvopencl.dll
2012-09-01 07:34 . 2012-08-22 13:45 19828584 ----a-w- c:\windows\system32\nvoglv32.dll
2012-09-01 07:34 . 2012-08-22 13:45 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-09-01 07:34 . 2012-08-22 13:45 202600 ----a-w- c:\windows\system32\nvinit.dll
2012-09-01 07:34 . 2012-08-22 13:45 10790760 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-09-01 07:34 . 2012-08-22 13:45 7626088 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-01 07:34 . 2012-08-22 13:45 2573672 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-01 07:34 . 2012-08-22 13:45 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-01 07:34 . 2012-08-22 13:45 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-01 07:34 . 2012-08-22 13:45 15291752 ----a-w- c:\windows\system32\nvd3dum.dll
2012-08-16 00:13 . 2012-07-06 19:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 23:58 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 23:58 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 23:58 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 23:58 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 23:58 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 23:58 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 23:57 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-26 06:06 . 2012-04-11 13:35 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-26 06:06 . 2011-05-17 04:47 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-25 21:00 . 2012-05-29 13:17 140800 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-25 21:00 . 2012-05-29 22:53 283304 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-25 21:00 . 2012-05-29 13:16 283304 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-25 21:00 . 2012-05-29 13:16 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-22 13:45 . 2012-04-04 02:42 1010536 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-22 13:45 . 2012-02-28 20:52 830312 ----a-w- c:\windows\system32\nvumdshim.dll
2012-08-22 13:45 . 2011-05-21 13:01 2422120 ----a-w- c:\windows\system32\nvapi.dll
2012-08-22 13:45 . 2011-05-21 13:01 12465512 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-07-10 00:12 . 2012-07-10 00:12 49152 ----a-r- c:\users\Yips\AppData\Roaming\Microsoft\Installer\{531B96B7-5126-4DC6-B51B-3DCDB0F93BA6}\XNAHelpShim.exe_531B96B751264DC6B51B3DCDB0F93BA6.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Spotify Web Helper"="c:\users\Yips\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-07 1192664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 cdrmkaun;cdrmkaun;c:\users\Yips\AppData\Local\Temp\cdrmkaun.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Kinetic Books License Service;Kinetic Books License Service;c:\program files\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502020.003\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502020.003\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120905.001\BHDrvx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120906.008\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502020.003\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0502020.003\SYMNETS.SYS [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 19255768
*NewlyCreated* - 78690045
*NewlyCreated* - 94546596
*Deregistered* - 19255768
*Deregistered* - 78690045
*Deregistered* - 94546596
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 06:06]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 02:05]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 02:05]
.
2012-09-03 c:\windows\Tasks\User_Feed_Synchronization-{5C57E179-3C58-4DED-8280-E0134CF147E2}.job
- c:\windows\system32\msfeedssync.exe [2011-06-08 23:28]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: apple.com\www
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-ComcastAntispyClient - c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
HKCU-Run-Akamai NetSession Interface - c:\users\Yips\AppData\Local\Akamai\netsession_win.exe
SafeBoot-78690045.sys
AddRemove-Battlelog Web Plugins - c:\program files\Battlelog Web Plugins\uninstall.exe
AddRemove-Homeworld - c:\sierra\HOMEWO~1\UNINST~1\UNWISE.EXE
AddRemove-Red Alert 2 - c:\westwood\RA2\Uninstll.EXE
AddRemove-WOLAPI - c:\westwood\Internet\UnstllAP.EXE
AddRemove-{A90C03D6-08E1-4C59-B93B-6919A6C0AC19} - c:\program files\Bytescribe\TSP_CODEC\Uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-06 21:02:02
ComboFix-quarantined-files.txt 2012-09-07 04:02
.
Pre-Run: 878,848,937,984 bytes free
Post-Run: 878,874,517,504 bytes free
.
- - End Of File - - EE5E37505639684B6CEF816166971040

Edited by Shreud, 06 September 2012 - 11:08 PM.


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 06 September 2012 - 11:24 PM

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Shreud

Shreud
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 07 September 2012 - 11:04 AM

As requested, here are the logs. Malwarebytes found no threats in it's quickscan, while Eset found 13.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.07.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Yips :: YIP02-CARSON [administrator]

9/6/2012 9:39:41 PM
mbam-log-2012-09-06 (21-39-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249864
Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

B:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus
B:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V91EAEJD\kitty-goes-crazy-for-laser[1].htm HTML/ScrInject.B.Gen virus
B:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V91EAEJD\kitty-goes-crazy-for-laser[2].htm HTML/ScrInject.B.Gen virus
C:\TDSSKiller_Quarantine\06.09.2012_18.59.08\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.09.2012_18.59.08\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\06.09.2012_18.59.08\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\06.09.2012_18.59.08\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\06.09.2012_18.59.08\mbr0000\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.09.2012_20.33.56\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.09.2012_20.33.56\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\06.09.2012_20.33.56\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\06.09.2012_20.33.56\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\06.09.2012_20.33.56\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUS06LCP\kitty-goes-crazy-for-laser[1].htm HTML/ScrInject.B.Gen virus

Edited by Shreud, 07 September 2012 - 11:05 AM.


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 07 September 2012 - 01:31 PM

Most of those detections are already in quarantine, which can't harm your computer

Please run the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
B:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\cat-and-dolphin-playing-together[1].htm 
B:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V91EAEJD\kitty-goes-crazy-for-laser[1].htm 
B:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V91EAEJD\kitty-goes-crazy-for-laser[2].htm 
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUS06LCP\kitty-goes-crazy-for-laser[1].htm 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click on "Do I have Java"
  • It will check your current version and then offer to update to the latest version
  • Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if there are - remove them.


NEXT

Please download Farbar Service Scanner and run it
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT



Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Shreud

Shreud
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 07 September 2012 - 08:21 PM

As requested, here are the logs. After disabling all of the available anti-virus, script-blocking, and antimalware realtime protection (to the best of my knowledge), combofix ran through and successfully implemented the notepad modification detailed, with the monitor changing visuals only temporarily, with no restarts required. Java was updated and manual removal of the old Java version was required, and performed successfully. Farbar service ran quickly, and everything seems to have returned to normal, with no outstanding issues as of yet (EDIT: Actually, there has been an issue that sprung up earlier in the fixing process, with Windows failing to detect Norton as it's firewall and antivirus service). If needed, I can check up with you on the following days with Norton reports should you need it.

ComboFix 12-09-07.03 - Yips 09/07/2012 17:48:17.2.8 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3063.1684 [GMT -7:00]
Running from: c:\users\Yips\Desktop\ComboFix.exe
Command switches used :: c:\users\Yips\Desktop\CFScript.txt
.
FILE ::
"b:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\cat-and-dolphin-playing-together[1].htm"
"b:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V91EAEJD\kitty-goes-crazy-for-laser[1].htm"
"b:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V91EAEJD\kitty-goes-crazy-for-laser[2].htm"
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUS06LCP\kitty-goes-crazy-for-laser[1].htm"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
b:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\cat-and-dolphin-playing-together[1].htm
b:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V91EAEJD\kitty-goes-crazy-for-laser[1].htm
b:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V91EAEJD\kitty-goes-crazy-for-laser[2].htm
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUS06LCP\kitty-goes-crazy-for-laser[1].htm
.
.
((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))
.
.
2074-05-08 01:38 . 2006-11-22 03:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-09-08 01:00 . 2012-09-08 01:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-08 01:00 . 2012-09-08 01:00 -------- d-----w- c:\users\UpdatusUser.Yips-PC\AppData\Local\temp
2012-09-08 01:00 . 2012-09-08 01:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-07 05:02 . 2012-09-07 05:02 -------- d-----w- c:\program files\ESET
2012-09-07 04:38 . 2012-09-07 04:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-07 04:38 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-07 02:00 . 2012-09-07 03:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-07 01:22 . 2012-09-07 01:23 -------- d-----w- C:\FRST
2012-09-05 04:53 . 2012-09-05 04:53 -------- d-----w- c:\users\Yips\AppData\Roaming\Malwarebytes
2012-09-05 04:53 . 2012-09-05 04:53 -------- d-----w- c:\programdata\Malwarebytes
2012-09-02 03:18 . 2012-09-02 03:25 -------- d-----w- c:\users\Yips\AppData\Local\NPE
2012-09-01 09:16 . 2012-09-01 09:16 -------- d-----w- c:\windows\system32\wbem\repositoryTempBackup.0
2012-09-01 07:34 . 2012-08-22 13:45 6100328 ----a-w- c:\windows\system32\nvopencl.dll
2012-09-01 07:34 . 2012-08-22 13:45 19828584 ----a-w- c:\windows\system32\nvoglv32.dll
2012-09-01 07:34 . 2012-08-22 13:45 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-09-01 07:34 . 2012-08-22 13:45 202600 ----a-w- c:\windows\system32\nvinit.dll
2012-09-01 07:34 . 2012-08-22 13:45 10790760 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-09-01 07:34 . 2012-08-22 13:45 7626088 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-01 07:34 . 2012-08-22 13:45 2573672 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-01 07:34 . 2012-08-22 13:45 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-01 07:34 . 2012-08-22 13:45 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-01 07:34 . 2012-08-22 13:45 15291752 ----a-w- c:\windows\system32\nvd3dum.dll
2012-08-16 00:13 . 2012-07-06 19:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 23:58 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 23:58 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 23:58 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 23:58 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 23:58 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 23:58 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 23:57 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-26 06:06 . 2012-04-11 13:35 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-26 06:06 . 2011-05-17 04:47 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-25 21:00 . 2012-05-29 13:17 140800 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-25 21:00 . 2012-05-29 22:53 283304 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-25 21:00 . 2012-05-29 13:16 283304 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-25 21:00 . 2012-05-29 13:16 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-22 13:45 . 2012-04-04 02:42 1010536 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-22 13:45 . 2012-02-28 20:52 830312 ----a-w- c:\windows\system32\nvumdshim.dll
2012-08-22 13:45 . 2011-05-21 13:01 2422120 ----a-w- c:\windows\system32\nvapi.dll
2012-08-22 13:45 . 2011-05-21 13:01 12465512 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-07-10 00:12 . 2012-07-10 00:12 49152 ----a-r- c:\users\Yips\AppData\Roaming\Microsoft\Installer\{531B96B7-5126-4DC6-B51B-3DCDB0F93BA6}\XNAHelpShim.exe_531B96B751264DC6B51B3DCDB0F93BA6.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Spotify Web Helper"="c:\users\Yips\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-07 1192664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 cdrmkaun;cdrmkaun;c:\users\Yips\AppData\Local\Temp\cdrmkaun.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Kinetic Books License Service;Kinetic Books License Service;c:\program files\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502020.003\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502020.003\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120905.001\BHDrvx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120907.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502020.003\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0502020.003\SYMNETS.SYS [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 19255768
*NewlyCreated* - 78690045
*NewlyCreated* - 94546596
*Deregistered* - 19255768
*Deregistered* - 78690045
*Deregistered* - 94546596
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 06:06]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 02:05]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 02:05]
.
2012-09-03 c:\windows\Tasks\User_Feed_Synchronization-{5C57E179-3C58-4DED-8280-E0134CF147E2}.job
- c:\windows\system32\msfeedssync.exe [2011-06-08 23:28]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: apple.com\www
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 75.75.75.75
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-07 18:03:18
ComboFix-quarantined-files.txt 2012-09-08 01:03
ComboFix2.txt 2012-09-07 04:02
.
Pre-Run: 877,595,009,024 bytes free
Post-Run: 877,433,708,544 bytes free
.
- - End Of File - - 3EC526C1F729A47EBC4CC55258347E8B

Farbar Service Scanner Version: 06-08-2012
Ran by Yips (administrator) on 07-09-2012 at 18:16:14
Running from "C:\Users\Yips\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by Shreud, 07 September 2012 - 08:27 PM.


#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 07 September 2012 - 08:35 PM

All is looking as it should.

Norton may well have been corrupted by the infection, you may need to uninstall, then re-install it.

Let me know if it is functioning properly, are you able to update the definitions?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Shreud

Shreud
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 07 September 2012 - 08:37 PM

Norton is still updating definitions as it should. As of the moment I'm typing this, the definitions updated 4 minutes ago. Should I still reinstall the program?

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 07 September 2012 - 09:05 PM

If it is working properly, then it should be fine

Does the Windows security center recognize that you have a third party anti virus installed now?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Shreud

Shreud
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 07 September 2012 - 09:21 PM

Upon restart, the computer detects Norton again. Many, many, thanks, and deep appreciation for all of your help. You're a credit to this forum's quality, and your speedy response helped solve my problems quickly and efficiently. Again, my deepest gratitude.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users