Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.Boot.Pihar.C


  • This topic is locked This topic is locked
11 replies to this topic

#1 xxdmxx

xxdmxx

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 11 September 2012 - 08:26 PM

Can I get help removing it?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:25 PM

Posted 11 September 2012 - 08:33 PM

Welcome xxdmxx

Can you go here....Preparation Guide ,do steps 6-7-8.

Create a DDS log and post it here.

If GMER won't run (it may not on a 64 bit system) skip it
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 xxdmxx

xxdmxx
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 12 September 2012 - 02:46 AM

Running GMER will have logs tomorrow. I couldn't check some of the options as they are grayed out: System, Sections, Devices, Modules, Processes, Threads, Libraries, and Show all.



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by John at 0:40:31 on 2012-09-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.24574.19642 [GMT -7:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
O:\Windows\system32\wininit.exe
O:\Windows\system32\lsm.exe
O:\Windows\system32\svchost.exe -k DcomLaunch
O:\Windows\system32\svchost.exe -k RPCSS
O:\Windows\system32\atiesrxx.exe
O:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
O:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
O:\Windows\system32\svchost.exe -k netsvcs
O:\Windows\system32\svchost.exe -k LocalService
O:\Windows\system32\atieclxx.exe
O:\Windows\system32\svchost.exe -k NetworkService
O:\Windows\system32\Dwm.exe
O:\Windows\System32\spoolsv.exe
O:\Windows\system32\taskhost.exe
O:\Windows\Explorer.EXE
O:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
O:\Windows\system32\taskeng.exe
O:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
O:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
O:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
O:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O:\Windows\SysWOW64\rundll32.exe
O:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O:\Users\John\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
O:\Users\John\AppData\Local\Akamai\netsession_win.exe
O:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
O:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
O:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O:\Users\John\AppData\Local\Akamai\netsession_win.exe
O:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
O:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
O:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
O:\Program Files\Bonjour\mDNSResponder.exe
O:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
O:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O:\Windows\system32\mqsvc.exe
O:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
O:\Windows\SysWOW64\PnkBstrA.exe
O:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
O:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
O:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
O:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
O:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
O:\Program Files (x86)\iTunes\iTunesHelper.exe
O:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
O:\Windows\system32\svchost.exe -k imgsvc
O:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
O:\Windows\SysWOW64\vmnat.exe
O:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
O:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
O:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
O:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
O:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
O:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
O:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
O:\Windows\SysWOW64\vmnetdhcp.exe
O:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O:\Windows\system32\wbem\wmiprvse.exe
O:\Users\John\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe
O:\Program Files\iPod\bin\iPodService.exe
O:\Windows\system32\WUDFHost.exe
O:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
O:\Program Files\Windows Media Player\wmpnetwk.exe
O:\Windows\System32\svchost.exe -k LocalServicePeerNet
O:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
O:\Windows\system32\DllHost.exe
O:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
O:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
O:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
O:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
O:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
O:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
O:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
O:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
O:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
O:\Windows\SysWOW64\cmd.exe
O:\Windows\system32\conhost.exe
O:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;<local>
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - O:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - O:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - O:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - O:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - O:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - O:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - O:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - O:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - O:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - O:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - O:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - O:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - O:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - O:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - O:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Google Update] "O:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Amazon Cloud Drive] O:\Users\John\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
uRun: [Akamai NetSession Interface] "O:\Users\John\AppData\Local\Akamai\netsession_win.exe"
uRun: [EasyTether] "O:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
mRun: [RoxWatchTray] "O:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
mRun: [SAOB Monitor] O:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "O:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [Adobe ARM] "O:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [IAStorIcon] O:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "O:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [DivXUpdate] "O:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [ISUSPM] O:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [CPMonitor] "O:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe"
mRun: [Desktop Disc Tool] "O:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dolby Home Theater v4] "O:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
mRun: [vmware-tray] "O:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [APSDaemon] "O:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "O:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] O:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "O:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "O:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "O:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "O:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Razer Synapse] "O:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [StartCCC] "O:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] O:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "O:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: O:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - O:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - O:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - O:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - O:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - O:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{623233C0-CDAF-4748-8538-B00F8EE8BA2D} : DhcpNameServer = 192.168.2.254
TCP: Interfaces\{6891F514-2D0B-4C0B-AEEB-DCB0ACAF728D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F01F731E-29E7-40AD-8FBA-F1F0A16BC1EE} : DhcpNameServer = 8.8.8.8 8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - O:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - O:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - O:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - O:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - O:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - O:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - O:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - O:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - O:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - O:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - O:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - O:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - O:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - O:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - O:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - O:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - O:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [RoxWatchTray] "O:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
mRun-x64: [SAOB Monitor] O:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
mRun-x64: [TrueImageMonitor.exe] "O:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun-x64: [Adobe ARM] "O:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [IAStorIcon] O:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "O:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [DivXUpdate] "O:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [ISUSPM] O:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun-x64: [CPMonitor] "O:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe"
mRun-x64: [Desktop Disc Tool] "O:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dolby Home Theater v4] "O:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
mRun-x64: [vmware-tray] "O:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [APSDaemon] "O:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "O:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SwitchBoard] O:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "O:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "O:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "O:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "O:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [Razer Synapse] "O:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun-x64: [StartCCC] "O:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] O:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [SunJavaUpdateSched] "O:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - O:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - O:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8z2hj5sn.default\
FF - plugin: O:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: O:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: O:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: O:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: O:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: O:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: O:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: O:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: O:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: O:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: O:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: O:\Users\John\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: O:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: O:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: O:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: O:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;O:\Windows\system32\Drivers\PxHlpa64.sys --> O:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 Sahdad64;HDD Filter Driver;O:\Windows\system32\Drivers\Sahdad64.sys --> O:\Windows\system32\Drivers\Sahdad64.sys [?]
R0 Saibad64;Volume Filter Driver;O:\Windows\system32\Drivers\Saibad64.sys --> O:\Windows\system32\Drivers\Saibad64.sys [?]
R0 SymDS;Symantec Data Store;O:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS --> O:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;O:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS --> O:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [?]
R0 SysCow;SysCow;O:\Windows\system32\drivers\syscowad64v.sys --> O:\Windows\system32\drivers\syscowad64v.sys [?]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);O:\Windows\system32\DRIVERS\tdrpm273.sys --> O:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R1 BHDrvx64;BHDrvx64;O:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120905.001\BHDrvx64.sys [2012-8-31 1385120]
R1 ccSet_N360;Norton 360 Settings Manager;O:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys --> O:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;O:\Windows\system32\DRIVERS\dtsoftbus01.sys --> O:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 IDSVia64;IDSVia64;O:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120911.001\IDSviA64.sys [2012-9-11 513184]
R1 SaibVdAd64;Virtual Disk Driver;O:\Windows\system32\Drivers\SaibVdAd64.sys --> O:\Windows\system32\Drivers\SaibVdAd64.sys [?]
R1 SymIRON;Symantec Iron Driver;O:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS --> O:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;O:\Windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS --> O:\Windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;O:\Windows\system32\DRIVERS\vwififlt.sys --> O:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;O:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2011-2-9 457200]
R2 AdobeARMservice;Adobe Acrobat Update Service;O:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 afcdpsrv;Acronis Nonstop Backup Service;O:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-3-31 3246040]
R2 AMD External Events Utility;AMD External Events Utility;O:\Windows\system32\atiesrxx.exe --> O:\Windows\system32\atiesrxx.exe [?]
R2 BOT4Service;BOT4Service;O:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2011-7-15 21488]
R2 CinemaNow Service;CinemaNow Service;O:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-23 127352]
R2 cpuz135;cpuz135;\??\O:\Windows\system32\drivers\cpuz135_x64.sys --> O:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 HDHomeRun Service;HDHomeRun Service;O:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [2012-4-5 16384]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;O:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-3 13592]
R2 N360;Norton 360;O:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccsvchst.exe [2012-8-14 138272]
R2 VMUSBArbService;VMware USB Arbitration Service;O:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R2 VMwareHostd;VMware Workstation Server;O:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-11-13 11839488]
R3 afcdp;afcdp;O:\Windows\system32\DRIVERS\afcdp.sys --> O:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 amdkmdag;amdkmdag;O:\Windows\system32\DRIVERS\atikmdag.sys --> O:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;O:\Windows\system32\DRIVERS\atikmpag.sys --> O:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 easytether;easytether;O:\Windows\system32\DRIVERS\easytthr.sys --> O:\Windows\system32\DRIVERS\easytthr.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;O:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-8 138912]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;O:\Windows\system32\DRIVERS\nusb3hub.sys --> O:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;O:\Windows\system32\DRIVERS\nusb3xhc.sys --> O:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTCore64;RTCore64;O:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
R3 RTL8167;Realtek 8167 NT Driver;O:\Windows\system32\DRIVERS\Rt64win7.sys --> O:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rzendpt;rzendpt;O:\Windows\system32\DRIVERS\rzendpt.sys --> O:\Windows\system32\DRIVERS\rzendpt.sys [?]
R3 rzudd;Razer Mouse Driver;O:\Windows\system32\DRIVERS\rzudd.sys --> O:\Windows\system32\DRIVERS\rzudd.sys [?]
R3 xcbdaNtscV;ViXS Tuner Card (NTSC) - V;O:\Windows\system32\DRIVERS\xcbdaVx64.sys --> O:\Windows\system32\DRIVERS\xcbdaVx64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;O:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;O:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;O:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2011-7-13 340976]
S3 CorsairCAHS1;CA-HS1 Interface;O:\Windows\system32\drivers\CAHS164.sys --> O:\Windows\system32\drivers\CAHS164.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;O:\Program Files (x86)\Origin Games\Dragon Age Origins Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [2011-5-17 25832]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);O:\Windows\system32\DRIVERS\ssudbus.sys --> O:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 dmvsc;dmvsc;O:\Windows\system32\drivers\dmvsc.sys --> O:\Windows\system32\drivers\dmvsc.sys [?]
S3 etdrv;etdrv;O:\Windows\etdrv.sys [2012-3-4 25640]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;O:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-8-8 135584]
S3 GVTDrv64;GVTDrv64;O:\Windows\GVTDrv64.sys [2012-3-4 30528]
S3 Lycosa;Lycosa Keyboard;O:\Windows\system32\drivers\Lycosa.sys --> O:\Windows\system32\drivers\Lycosa.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;O:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
S3 MozillaMaintenance;Mozilla Maintenance Service;O:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-26 114144]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;O:\Windows\system32\DRIVERS\netr28ux.sys --> O:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 ose64;Office 64 Source Engine;O:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;O:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pneteth;PdaNet Broadband;O:\Windows\system32\DRIVERS\pneteth.sys --> O:\Windows\system32\DRIVERS\pneteth.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;O:\Windows\system32\drivers\rdpvideominiport.sys --> O:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RoxMediaDB13;RoxMediaDB13;O:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2011-7-13 1095664]
S3 RzSynapse;Razer Driver;O:\Windows\system32\DRIVERS\RzSynapse.sys --> O:\Windows\system32\DRIVERS\RzSynapse.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);O:\Windows\system32\DRIVERS\ssudmdm.sys --> O:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;O:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;O:\Windows\system32\drivers\synth3dvsc.sys --> O:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;O:\Windows\system32\drivers\terminpt.sys --> O:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;O:\Windows\system32\drivers\tsusbflt.sys --> O:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;O:\Windows\system32\drivers\TsUsbGD.sys --> O:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;O:\Windows\system32\drivers\tsusbhub.sys --> O:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;O:\Windows\system32\Drivers\usbaapl64.sys --> O:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VKbms;Virtual HID Minidriver;O:\Windows\system32\DRIVERS\VKbms.sys --> O:\Windows\system32\DRIVERS\VKbms.sys [?]
S3 vzandnetadb;ADB Interface DriverNet for VZW;O:\Windows\system32\Drivers\lgvzandnetadb.sys --> O:\Windows\system32\Drivers\lgvzandnetadb.sys [?]
S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;O:\Windows\system32\DRIVERS\lgvzandnetdiag64.sys --> O:\Windows\system32\DRIVERS\lgvzandnetdiag64.sys [?]
S3 vzandnetdiag2;LGE AndroidNet for VZW Diagnostics Port;O:\Windows\system32\DRIVERS\lgvzandnetdiag264.sys --> O:\Windows\system32\DRIVERS\lgvzandnetdiag264.sys [?]
S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;O:\Windows\system32\DRIVERS\lgvzandnetmdm64.sys --> O:\Windows\system32\DRIVERS\lgvzandnetmdm64.sys [?]
S3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;O:\Windows\system32\DRIVERS\lgvzandnetndis64.sys --> O:\Windows\system32\DRIVERS\lgvzandnetndis64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;O:\Windows\system32\Wat\WatAdminSvc.exe --> O:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 BOTService;BOTService;O:\Program Files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2011-7-14 211440]
S4 RoxMediaDB12;RoxMediaDB12;O:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-7-24 1116656]
.
=============== Created Last 30 ================
.
2012-09-10 19:07:29 -------- d-----w- O:\Windows\SysWow64\directx
2012-09-10 19:06:11 -------- d-----w- O:\Users\John\AppData\Local\Package Cache
2012-09-10 07:20:04 -------- d-----w- O:\Users\John\AppData\Roaming\Malwarebytes
2012-09-10 07:19:58 -------- d-----w- O:\ProgramData\Malwarebytes
2012-09-10 04:15:50 -------- d-----w- O:\Program Files (x86)\WugFresh Development
2012-09-10 01:11:22 73696 ----a-w- O:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-08 17:27:10 -------- d-----w- O:\Users\John\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-09-08 17:24:28 -------- d-----w- O:\Users\John\AppData\Roaming\PACE Anti-Piracy
2012-09-08 17:24:28 -------- d-----w- O:\Users\John\AppData\Local\PACE Anti-Piracy
2012-09-08 17:24:28 -------- d-----w- O:\ProgramData\PACE Anti-Piracy
2012-09-08 17:24:28 -------- d-----w- O:\Program Files\Common Files\PACE Anti-Piracy
2012-09-08 17:08:03 9310152 ----a-w- O:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB02EA59-54F0-4BD8-92C5-2DB0F6ACC8EE}\mpengine.dll
2012-09-07 05:20:17 -------- d-----w- O:\ProgramData\Sophos
2012-09-07 04:52:05 33240 ----a-w- O:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-07 04:51:56 -------- d-----w- O:\Windows\System32\drivers\NBRTWizardx64\0501000.01A
2012-09-07 04:51:56 -------- d-----w- O:\Windows\System32\drivers\NBRTWizardx64
2012-09-07 04:51:55 -------- d-----w- O:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2012-09-07 04:39:15 -------- d-----w- O:\Users\John\AppData\Local\NPE
2012-09-03 20:28:05 20784 ----a-w- O:\Windows\System32\drivers\easytthr.sys
2012-09-03 20:28:05 -------- d-----w- O:\Program Files (x86)\Mobile Stream
2012-09-03 07:26:03 821736 ----a-w- O:\Windows\SysWow64\npDeployJava1.dll
2012-09-03 07:26:00 95208 ----a-w- O:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-31 17:00:33 4278384 ----a-w- O:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-31 17:00:17 42776 ----a-w- O:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-31 05:31:20 -------- d-----w- O:\Users\John\AppData\Roaming\Mael
2012-08-31 05:21:38 -------- d-----w- O:\Program Files (x86)\HxD
2012-08-24 04:24:45 750440 ------w- O:\Windows\System32\HPDiscoPM5512.dll
2012-08-24 04:18:34 -------- d-----w- O:\Windows\Hewlett-Packard
2012-08-24 02:05:00 143360 ----a-w- O:\Windows\SysWow64\rztouchdll.dll
2012-08-24 02:04:58 592384 ----a-w- O:\Windows\SysWow64\rzdevicedll.dll
2012-08-24 02:04:56 165888 ----a-w- O:\Windows\SysWow64\rzaudiodll.dll
2012-08-23 01:03:32 -------- d-----w- O:\TDSSKiller_Quarantine
2012-08-23 00:55:52 -------- d-----w- O:\Users\John\AppData\Roaming\Ad-Aware Antivirus
2012-08-19 03:24:33 266720 ----a-w- O:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-08-18 19:03:36 -------- d-----w- O:\Program Files (x86)\AMD APP
2012-08-17 07:01:22 110592 ----a-w- O:\Windows\System32\drivers\rzudd.sys
2012-08-17 07:01:20 21504 ----a-w- O:\Windows\System32\drivers\rzendpt.sys
2012-08-16 07:30:07 -------- d-----w- O:\Users\John\AppData\Roaming\Netgear Live Parental Controls
2012-08-15 18:07:17 503808 ----a-w- O:\Windows\System32\srcore.dll
2012-08-15 18:07:17 43008 ----a-w- O:\Windows\SysWow64\srclient.dll
2012-08-15 18:07:16 751104 ----a-w- O:\Windows\System32\win32spl.dll
2012-08-15 18:07:16 67072 ----a-w- O:\Windows\splwow64.exe
2012-08-15 18:07:16 59392 ----a-w- O:\Windows\System32\browcli.dll
2012-08-15 18:07:16 559104 ----a-w- O:\Windows\System32\spoolsv.exe
2012-08-15 18:07:16 492032 ----a-w- O:\Windows\SysWow64\win32spl.dll
2012-08-15 18:07:16 41984 ----a-w- O:\Windows\SysWow64\browcli.dll
2012-08-15 18:07:16 3148800 ----a-w- O:\Windows\System32\win32k.sys
2012-08-15 18:07:16 136704 ----a-w- O:\Windows\System32\browser.dll
2012-08-15 18:07:15 956928 ----a-w- O:\Windows\System32\localspl.dll
2012-08-15 01:23:37 451192 ----a-r- O:\Windows\System32\drivers\N360x64\0603000.00E\symds64.sys
2012-08-15 01:23:37 405624 ----a-r- O:\Windows\System32\drivers\N360x64\0603000.00E\symnets.sys
2012-08-15 01:23:37 37536 ----a-w- O:\Windows\System32\drivers\N360x64\0603000.00E\srtspx64.sys
2012-08-15 01:23:37 1129120 ----a-w- O:\Windows\System32\drivers\N360x64\0603000.00E\symefa64.sys
2012-08-15 01:23:36 737952 ----a-w- O:\Windows\System32\drivers\N360x64\0603000.00E\srtsp64.sys
2012-08-15 01:23:36 190072 ----a-r- O:\Windows\System32\drivers\N360x64\0603000.00E\ironx64.sys
2012-08-15 01:23:36 167072 ----a-w- O:\Windows\System32\drivers\N360x64\0603000.00E\ccsetx64.sys
2012-08-15 01:23:34 -------- d-----w- O:\Windows\System32\drivers\N360x64\0603000.00E
.
==================== Find3M ====================
.
2012-09-03 07:25:58 746984 ----a-w- O:\Windows\SysWow64\deployJava1.dll
2012-08-31 00:49:20 283304 ----a-w- O:\Windows\SysWow64\PnkBstrB.xtr
2012-08-31 00:49:20 283304 ----a-w- O:\Windows\SysWow64\PnkBstrB.exe
2012-08-31 00:49:06 280904 ----a-w- O:\Windows\SysWow64\PnkBstrB.ex0
2012-08-12 23:43:44 404640 ----a-w- O:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-30 20:32:08 203104 ----a-w- O:\Windows\System32\drivers\ssudmdm.sys
2012-07-30 20:32:08 102240 ----a-w- O:\Windows\System32\drivers\ssudbus.sys
2012-07-28 05:47:40 187392 ----a-w- O:\Windows\System32\clinfo.exe
2012-07-28 05:47:24 75776 ----a-w- O:\Windows\System32\OpenVideo64.dll
2012-07-28 05:47:16 65024 ----a-w- O:\Windows\SysWow64\OpenVideo.dll
2012-07-28 05:47:10 63488 ----a-w- O:\Windows\System32\OVDecode64.dll
2012-07-28 05:47:06 56320 ----a-w- O:\Windows\SysWow64\OVDecode.dll
2012-07-28 05:46:56 16464896 ----a-w- O:\Windows\System32\amdocl64.dll
2012-07-28 05:46:06 13013504 ----a-w- O:\Windows\SysWow64\amdocl.dll
2012-07-28 04:09:20 5538984 ----a-w- O:\Windows\SysWow64\atiumdag.dll
2012-07-28 04:07:44 10278912 ----a-w- O:\Windows\System32\drivers\atikmdag.sys
2012-07-28 03:43:12 70144 ----a-w- O:\Windows\System32\coinst_8.982.dll
2012-07-28 03:19:34 24935424 ----a-w- O:\Windows\System32\atio6axx.dll
2012-07-28 02:50:10 20546560 ----a-w- O:\Windows\SysWow64\atioglxx.dll
2012-07-28 02:15:50 163840 ----a-w- O:\Windows\System32\atiapfxx.exe
2012-07-28 02:15:42 931328 ----a-w- O:\Windows\SysWow64\aticfx32.dll
2012-07-28 02:13:56 1100288 ----a-w- O:\Windows\System32\aticfx64.dll
2012-07-28 02:10:40 442368 ----a-w- O:\Windows\System32\ATIDEMGX.dll
2012-07-28 02:10:34 534528 ----a-w- O:\Windows\System32\atieclxx.exe
2012-07-28 02:09:44 239616 ----a-w- O:\Windows\System32\atiesrxx.exe
2012-07-28 02:08:20 120320 ----a-w- O:\Windows\System32\atitmm64.dll
2012-07-28 02:08:04 21504 ----a-w- O:\Windows\System32\atimuixx.dll
2012-07-28 02:07:58 59392 ----a-w- O:\Windows\System32\atiedu64.dll
2012-07-28 02:07:52 43520 ----a-w- O:\Windows\SysWow64\ati2edxx.dll
2012-07-28 02:07:10 6430208 ----a-w- O:\Windows\SysWow64\atidxx32.dll
2012-07-28 01:51:12 7052288 ----a-w- O:\Windows\System32\atidxx64.dll
2012-07-28 01:41:32 4266496 ----a-w- O:\Windows\System32\atiumd6a.dll
2012-07-28 01:35:10 51200 ----a-w- O:\Windows\System32\aticalrt64.dll
2012-07-28 01:35:08 46080 ----a-w- O:\Windows\SysWow64\aticalrt.dll
2012-07-28 01:35:02 44544 ----a-w- O:\Windows\System32\aticalcl64.dll
2012-07-28 01:35:00 44032 ----a-w- O:\Windows\SysWow64\aticalcl.dll
2012-07-28 01:34:48 16034304 ----a-w- O:\Windows\System32\aticaldd64.dll
2012-07-28 01:32:32 4751872 ----a-w- O:\Windows\SysWow64\atiumdva.dll
2012-07-28 01:30:10 13605888 ----a-w- O:\Windows\SysWow64\aticaldd.dll
2012-07-28 01:25:52 6676480 ----a-w- O:\Windows\System32\atiumd64.dll
2012-07-28 01:15:32 540160 ----a-w- O:\Windows\System32\atiadlxx.dll
2012-07-28 01:15:22 368640 ----a-w- O:\Windows\SysWow64\atiadlxy.dll
2012-07-28 01:15:12 17920 ----a-w- O:\Windows\System32\atig6pxx.dll
2012-07-28 01:15:08 14848 ----a-w- O:\Windows\SysWow64\atiglpxx.dll
2012-07-28 01:15:08 14848 ----a-w- O:\Windows\System32\atiglpxx.dll
2012-07-28 01:15:04 41984 ----a-w- O:\Windows\System32\atig6txx.dll
2012-07-28 01:14:56 33280 ----a-w- O:\Windows\SysWow64\atigktxx.dll
2012-07-28 01:14:46 368640 ----a-w- O:\Windows\System32\drivers\atikmpag.sys
2012-07-28 01:13:54 129536 ----a-w- O:\Windows\System32\atiuxp64.dll
2012-07-28 01:13:48 109568 ----a-w- O:\Windows\SysWow64\atiuxpag.dll
2012-07-28 01:13:40 103936 ----a-w- O:\Windows\System32\atiu9p64.dll
2012-07-28 01:13:32 83456 ----a-w- O:\Windows\SysWow64\atiu9pag.dll
2012-07-28 01:12:54 53248 ----a-w- O:\Windows\System32\drivers\ati2erec.dll
2012-07-28 01:08:42 56320 ----a-w- O:\Windows\System32\atimpc64.dll
2012-07-28 01:08:42 56320 ----a-w- O:\Windows\System32\amdpcom64.dll
2012-07-28 01:08:36 56832 ----a-w- O:\Windows\SysWow64\atimpc32.dll
2012-07-28 01:08:36 56832 ----a-w- O:\Windows\SysWow64\amdpcom32.dll
2012-07-26 05:32:24 106928 ----a-w- O:\Windows\SysWow64\GEARAspi.dll
2012-07-26 05:32:22 125872 ----a-w- O:\Windows\System32\GEARAspi64.dll
2012-07-11 07:08:13 76888 ----a-w- O:\Windows\SysWow64\PnkBstrA.exe
2012-06-29 03:56:34 2312704 ----a-w- O:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- O:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- O:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- O:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- O:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- O:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- O:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- O:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- O:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- O:\Windows\SysWow64\mshtml.tlb
2012-06-28 17:48:20 2434856 ----a-w- O:\Windows\SysWow64\pbsvc_bc2.exe
.
============= FINISH: 0:40:44.20 ===============

Edited by xxdmxx, 12 September 2012 - 02:48 AM.


#4 xxdmxx

xxdmxx
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 12 September 2012 - 02:14 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-12 12:12:06
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Files - GMER 1.0.15 ----

File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d7f 0 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d81 0 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d82 0 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d84 20550 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d85 31599 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d86 0 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d87 0 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d88 0 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d89 1721844 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d8a 17409 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d8d 22886 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d8e 16420 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d8f 17266 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d90 0 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d91 23243 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d92 0 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d93 16666 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d9c 54275 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d9d 72167 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d9f 25152 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004da0 25152 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004da9 26516 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004daa 26110 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dac 0 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dad 0 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dae 60328 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004daf 63370 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004db0 0 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004db1 0 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004db2 111801 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004db3 38488 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004db4 51945 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004db5 74701 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004db6 61619 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004db8 94023 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004db9 143601 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dba 17811 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dbb 152601 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dbc 18240 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dbd 28498 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dbe 33674 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dc2 63501 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dc3 23269 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dc4 24596 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dc5 18061 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dc6 59680 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dc7 26195 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dc8 31637 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dc9 16611 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dca 33272 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dcb 0 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dcc 0 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dcd 61887 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dce 41038 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dcf 75700 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dd0 34860 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dd1 73920 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dd2 25724 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00464d 0 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dd5 31488 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dd6 44624 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dd7 25152 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dd8 25152 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dd9 23616 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dda 19821 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004ddb 24329 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004ddc 23247 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004ddd 24011 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004de1 40928 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004de2 27572 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004de4 19127 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004de6 41762 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004de9 29622 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004deb 24697 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dee 0 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004df0 27639 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004df3 18874 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004df4 41762 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004df6 24205 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004df8 38528 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dfb 31224 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dfe 33894 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dff 32354 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e00 28963 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e01 38676 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e02 40733 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e03 116034 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e04 48508 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e06 44749 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e07 32596 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e08 53200 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e09 22183 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e0a 25263 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e0b 21086 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e0c 32111 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e0d 25207 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e0e 53719 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e0f 27237 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e10 27242 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e1d 241214 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e1e 22979 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e1f 39721 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e20 0 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004d83 45260 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dab 0 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dd3 16435 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004de8 0 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004dfd 31283 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e2e 62295 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e30 22803 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e31 23966 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e32 19051 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e33 27133 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e34 27136 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e35 142554 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e36 66088 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e37 106367 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e3b 30152 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e3c 19446 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e3d 20349 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e3e 19841 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e3f 24714 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e40 30152 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e42 21041 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e44 16572 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e46 18860 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e49 85161 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e4a 320424 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004e39 20281 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\215D.tmp 0 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\665E.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\666E.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\666F.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6670.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6671.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6672.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6673.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6674.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6675.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6686.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6687.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6688.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6689.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\668A.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\668B.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\668C.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\668D.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\669D.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\669E.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\669F.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\66A0.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\66A1.tmp 150798 bytes
File O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\66A2.tmp 150798 bytes
File O:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\49NBI3JQ\query[2].htm 0 bytes
File O:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFIWP2S0\poll[1].htm 0 bytes
File O:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E824ZDWX\query[4].htm 0 bytes
File O:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ID95YE9P\query[2].htm 0 bytes

---- EOF - GMER 1.0.15 ----

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 PM

Posted 14 September 2012 - 10:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#6 xxdmxx

xxdmxx
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 15 September 2012 - 02:14 AM

18:31:51.0866 1968 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:31:52.0672 1968 ============================================================
18:31:52.0672 1968 Current date / time: 2012/09/14 18:31:52.0672
18:31:52.0672 1968 SystemInfo:
18:31:52.0672 1968
18:31:52.0672 1968 OS Version: 6.1.7601 ServicePack: 1.0
18:31:52.0672 1968 Product type: Workstation
18:31:52.0673 1968 ComputerName: JOHN-PC
18:31:52.0674 1968 UserName: John
18:31:52.0674 1968 Windows directory: O:\Windows
18:31:52.0674 1968 System windows directory: O:\Windows
18:31:52.0674 1968 Running under WOW64
18:31:52.0674 1968 Processor architecture: Intel x64
18:31:52.0674 1968 Number of processors: 8
18:31:52.0674 1968 Page size: 0x1000
18:31:52.0674 1968 Boot type: Normal boot
18:31:52.0674 1968 ============================================================
18:31:53.0084 1968 Drive \Device\Harddisk0\DR0 - Size: 0x74707FDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:31:53.0174 1968 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:31:53.0227 1968 Drive \Device\Harddisk2\DR2 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:31:53.0237 1968 Drive \Device\Harddisk5\DR5 - Size: 0x74F300000 (29.24 Gb), SectorSize: 0x200, Cylinders: 0xEE8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:31:53.0245 1968 Drive \Device\Harddisk8\DR8 - Size: 0xEF300000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:31:53.0247 1968 ============================================================
18:31:53.0247 1968 \Device\Harddisk0\DR0:
18:31:53.0247 1968 MBR partitions:
18:31:53.0247 1968 \Device\Harddisk1\DR1:
18:31:53.0353 1968 MBR partitions:
18:31:53.0353 1968 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3EC1, BlocksNum 0x32FCD
18:31:53.0353 1968 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x36E8E, BlocksNum 0xE8DD0800
18:31:53.0353 1968 \Device\Harddisk2\DR2:
18:31:53.0353 1968 MBR partitions:
18:31:53.0353 1968 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1DCF2800
18:31:53.0353 1968 \Device\Harddisk5\DR5:
18:31:53.0354 1968 MBR partitions:
18:31:53.0354 1968 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x3A77800
18:31:53.0354 1968 \Device\Harddisk8\DR8:
18:31:53.0355 1968 MBR partitions:
18:31:53.0355 1968 \Device\Harddisk8\DR8\Partition1: MBR, Type 0xB, StartLBA 0x80, BlocksNum 0x776127
18:31:53.0355 1968 ============================================================
18:31:53.0361 1968 O: <-> \Device\Harddisk2\DR2\Partition1
18:31:54.0116 1968 C: <-> \Device\Harddisk1\DR1\Partition2
18:31:54.0116 1968 ============================================================
18:31:54.0116 1968 Initialize success
18:31:54.0116 1968 ============================================================
18:31:56.0193 3860 ============================================================
18:31:56.0193 3860 Scan started
18:31:56.0193 3860 Mode: Manual;
18:31:56.0193 3860 ============================================================
18:31:56.0409 3860 ================ Scan system memory ========================
18:31:56.0409 3860 System memory - ok
18:31:56.0409 3860 ================ Scan services =============================
18:31:56.0440 3860 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci O:\Windows\system32\drivers\1394ohci.sys
18:31:56.0442 3860 1394ohci - ok
18:31:56.0449 3860 [ C863272577DC93199F9A2D108468EDB9 ] 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 O:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
18:31:56.0460 3860 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
18:31:56.0464 3860 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI O:\Windows\system32\drivers\ACPI.sys
18:31:56.0466 3860 ACPI - ok
18:31:56.0468 3860 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi O:\Windows\system32\drivers\acpipmi.sys
18:31:56.0469 3860 AcpiPmi - ok
18:31:56.0478 3860 [ AD1EE24224F770E598794ECABA26E8F3 ] AcrSch2Svc O:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
18:31:56.0496 3860 AcrSch2Svc - ok
18:31:56.0499 3860 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice O:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:31:56.0500 3860 AdobeARMservice - ok
18:31:56.0505 3860 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx O:\Windows\system32\drivers\adp94xx.sys
18:31:56.0509 3860 adp94xx - ok
18:31:56.0517 3860 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci O:\Windows\system32\drivers\adpahci.sys
18:31:56.0523 3860 adpahci - ok
18:31:56.0529 3860 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 O:\Windows\system32\drivers\adpu320.sys
18:31:56.0531 3860 adpu320 - ok
18:31:56.0534 3860 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc O:\Windows\System32\aelupsvc.dll
18:31:56.0534 3860 AeLookupSvc - ok
18:31:56.0538 3860 [ AE1FCE2CD1E99BEA89183BA8CD320872 ] afcdp O:\Windows\system32\DRIVERS\afcdp.sys
18:31:56.0542 3860 afcdp - ok
18:31:56.0565 3860 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv O:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
18:31:56.0586 3860 afcdpsrv - ok
18:31:56.0597 3860 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD O:\Windows\system32\drivers\afd.sys
18:31:56.0601 3860 AFD - ok
18:31:56.0603 3860 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 O:\Windows\system32\drivers\agp440.sys
18:31:56.0605 3860 agp440 - ok
18:31:56.0607 3860 [ 3290D6946B5E30E70414990574883DDB ] ALG O:\Windows\System32\alg.exe
18:31:56.0608 3860 ALG - ok
18:31:56.0610 3860 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide O:\Windows\system32\drivers\aliide.sys
18:31:56.0610 3860 aliide - ok
18:31:56.0614 3860 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility O:\Windows\system32\atiesrxx.exe
18:31:56.0615 3860 AMD External Events Utility - ok
18:31:56.0617 3860 [ 1FF8B4431C353CE385C875F194924C0C ] amdide O:\Windows\system32\drivers\amdide.sys
18:31:56.0618 3860 amdide - ok
18:31:56.0620 3860 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 O:\Windows\system32\drivers\amdk8.sys
18:31:56.0621 3860 AmdK8 - ok
18:31:56.0706 3860 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag O:\Windows\system32\DRIVERS\atikmdag.sys
18:31:56.0779 3860 amdkmdag - ok
18:31:56.0788 3860 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap O:\Windows\system32\DRIVERS\atikmpag.sys
18:31:56.0790 3860 amdkmdap - ok
18:31:56.0793 3860 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM O:\Windows\system32\drivers\amdppm.sys
18:31:56.0794 3860 AmdPPM - ok
18:31:56.0797 3860 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata O:\Windows\system32\drivers\amdsata.sys
18:31:56.0798 3860 amdsata - ok
18:31:56.0801 3860 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs O:\Windows\system32\drivers\amdsbs.sys
18:31:56.0803 3860 amdsbs - ok
18:31:56.0805 3860 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata O:\Windows\system32\drivers\amdxata.sys
18:31:56.0806 3860 amdxata - ok
18:31:56.0808 3860 [ 89A69C3F2F319B43379399547526D952 ] AppID O:\Windows\system32\drivers\appid.sys
18:31:56.0809 3860 AppID - ok
18:31:56.0811 3860 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc O:\Windows\System32\appidsvc.dll
18:31:56.0812 3860 AppIDSvc - ok
18:31:56.0814 3860 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo O:\Windows\System32\appinfo.dll
18:31:56.0815 3860 Appinfo - ok
18:31:56.0818 3860 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device O:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:31:56.0819 3860 Apple Mobile Device - ok
18:31:56.0823 3860 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt O:\Windows\System32\appmgmts.dll
18:31:56.0825 3860 AppMgmt - ok
18:31:56.0827 3860 [ C484F8CEB1717C540242531DB7845C4E ] arc O:\Windows\system32\drivers\arc.sys
18:31:56.0829 3860 arc - ok
18:31:56.0831 3860 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas O:\Windows\system32\drivers\arcsas.sys
18:31:56.0832 3860 arcsas - ok
18:31:56.0843 3860 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state O:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:31:56.0853 3860 aspnet_state - ok
18:31:56.0857 3860 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac O:\Windows\system32\DRIVERS\asyncmac.sys
18:31:56.0858 3860 AsyncMac - ok
18:31:56.0862 3860 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi O:\Windows\system32\drivers\atapi.sys
18:31:56.0863 3860 atapi - ok
18:31:56.0870 3860 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder O:\Windows\System32\Audiosrv.dll
18:31:56.0874 3860 AudioEndpointBuilder - ok
18:31:56.0880 3860 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv O:\Windows\System32\Audiosrv.dll
18:31:56.0882 3860 AudioSrv - ok
18:31:56.0886 3860 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV O:\Windows\System32\AxInstSV.dll
18:31:56.0887 3860 AxInstSV - ok
18:31:56.0892 3860 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv O:\Windows\system32\drivers\bxvbda.sys
18:31:56.0896 3860 b06bdrv - ok
18:31:56.0900 3860 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a O:\Windows\system32\DRIVERS\b57nd60a.sys
18:31:56.0902 3860 b57nd60a - ok
18:31:56.0905 3860 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC O:\Windows\System32\bdesvc.dll
18:31:56.0907 3860 BDESVC - ok
18:31:56.0908 3860 [ 16A47CE2DECC9B099349A5F840654746 ] Beep O:\Windows\system32\drivers\Beep.sys
18:31:56.0909 3860 Beep - ok
18:31:56.0925 3860 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE O:\Windows\System32\bfe.dll
18:31:56.0930 3860 BFE - ok
18:31:56.0945 3860 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 O:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120905.001\BHDrvx64.sys
18:31:56.0949 3860 BHDrvx64 - ok
18:31:56.0956 3860 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS O:\Windows\System32\qmgr.dll
18:31:56.0961 3860 BITS - ok
18:31:56.0964 3860 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive O:\Windows\system32\DRIVERS\blbdrive.sys
18:31:56.0964 3860 blbdrive - ok
18:31:56.0970 3860 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service O:\Program Files\Bonjour\mDNSResponder.exe
18:31:56.0972 3860 Bonjour Service - ok
18:31:56.0974 3860 [ C752A6902163B5E9C3554BA69A275F41 ] BOT4Service O:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
18:31:56.0974 3860 BOT4Service - ok
18:31:56.0979 3860 [ 92E3765E2F9E7EE2542C9C2F6318464C ] BOTService O:\Program Files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe
18:31:56.0981 3860 BOTService - ok
18:31:56.0983 3860 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser O:\Windows\system32\DRIVERS\bowser.sys
18:31:56.0985 3860 bowser - ok
18:31:56.0986 3860 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo O:\Windows\system32\drivers\BrFiltLo.sys
18:31:56.0987 3860 BrFiltLo - ok
18:31:56.0989 3860 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp O:\Windows\system32\drivers\BrFiltUp.sys
18:31:56.0991 3860 BrFiltUp - ok
18:31:56.0996 3860 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser O:\Windows\System32\browser.dll
18:31:56.0997 3860 Browser - ok
18:31:57.0004 3860 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid O:\Windows\System32\Drivers\Brserid.sys
18:31:57.0008 3860 Brserid - ok
18:31:57.0010 3860 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm O:\Windows\System32\Drivers\BrSerWdm.sys
18:31:57.0011 3860 BrSerWdm - ok
18:31:57.0012 3860 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm O:\Windows\System32\Drivers\BrUsbMdm.sys
18:31:57.0013 3860 BrUsbMdm - ok
18:31:57.0015 3860 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer O:\Windows\System32\Drivers\BrUsbSer.sys
18:31:57.0016 3860 BrUsbSer - ok
18:31:57.0018 3860 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM O:\Windows\system32\drivers\bthmodem.sys
18:31:57.0019 3860 BTHMODEM - ok
18:31:57.0022 3860 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv O:\Windows\system32\bthserv.dll
18:31:57.0023 3860 bthserv - ok
18:31:57.0027 3860 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 O:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys
18:31:57.0028 3860 ccSet_N360 - ok
18:31:57.0031 3860 [ B8BD2BB284668C84865658C77574381A ] cdfs O:\Windows\system32\DRIVERS\cdfs.sys
18:31:57.0032 3860 cdfs - ok
18:31:57.0034 3860 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom O:\Windows\system32\DRIVERS\cdrom.sys
18:31:57.0036 3860 cdrom - ok
18:31:57.0039 3860 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc O:\Windows\System32\certprop.dll
18:31:57.0040 3860 CertPropSvc - ok
18:31:57.0044 3860 [ 127D4D0E9F78834FFD1EEEA3FCFB47C1 ] CinemaNow Service O:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
18:31:57.0044 3860 CinemaNow Service - ok
18:31:57.0046 3860 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass O:\Windows\system32\DRIVERS\circlass.sys
18:31:57.0047 3860 circlass - ok
18:31:57.0051 3860 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS O:\Windows\system32\CLFS.sys
18:31:57.0054 3860 CLFS - ok
18:31:57.0058 3860 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 O:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:31:57.0060 3860 clr_optimization_v2.0.50727_32 - ok
18:31:57.0064 3860 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 O:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:31:57.0066 3860 clr_optimization_v2.0.50727_64 - ok
18:31:57.0089 3860 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 O:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:31:57.0096 3860 clr_optimization_v4.0.30319_32 - ok
18:31:57.0099 3860 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 O:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:31:57.0100 3860 clr_optimization_v4.0.30319_64 - ok
18:31:57.0102 3860 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt O:\Windows\system32\drivers\CmBatt.sys
18:31:57.0103 3860 CmBatt - ok
18:31:57.0105 3860 [ E19D3F095812725D88F9001985B94EDD ] cmdide O:\Windows\system32\drivers\cmdide.sys
18:31:57.0105 3860 cmdide - ok
18:31:57.0110 3860 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG O:\Windows\system32\Drivers\cng.sys
18:31:57.0113 3860 CNG - ok
18:31:57.0115 3860 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt O:\Windows\system32\drivers\compbatt.sys
18:31:57.0116 3860 Compbatt - ok
18:31:57.0118 3860 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus O:\Windows\system32\DRIVERS\CompositeBus.sys
18:31:57.0119 3860 CompositeBus - ok
18:31:57.0120 3860 COMSysApp - ok
18:31:57.0131 3860 [ 984CC82169360EA26076A77949254A1B ] CorsairCAHS1 O:\Windows\system32\drivers\CAHS164.sys
18:31:57.0140 3860 CorsairCAHS1 - ok
18:31:57.0147 3860 [ C08063F052308B6F5882482615387F30 ] cpuz135 O:\Windows\system32\drivers\cpuz135_x64.sys
18:31:57.0149 3860 cpuz135 - ok
18:31:57.0152 3860 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk O:\Windows\system32\drivers\crcdisk.sys
18:31:57.0153 3860 crcdisk - ok
18:31:57.0158 3860 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc O:\Windows\system32\cryptsvc.dll
18:31:57.0159 3860 CryptSvc - ok
18:31:57.0164 3860 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC O:\Windows\system32\drivers\csc.sys
18:31:57.0168 3860 CSC - ok
18:31:57.0174 3860 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService O:\Windows\System32\cscsvc.dll
18:31:57.0178 3860 CscService - ok
18:31:57.0181 3860 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc O:\Program Files (x86)\Origin Games\Dragon Age Origins Ultimate Edition\bin_ship\daupdatersvc.service.exe
18:31:57.0183 3860 DAUpdaterSvc - ok
18:31:57.0189 3860 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch O:\Windows\system32\rpcss.dll
18:31:57.0193 3860 DcomLaunch - ok
18:31:57.0196 3860 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc O:\Windows\System32\defragsvc.dll
18:31:57.0199 3860 defragsvc - ok
18:31:57.0201 3860 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC O:\Windows\system32\Drivers\dfsc.sys
18:31:57.0203 3860 DfsC - ok
18:31:57.0208 3860 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus O:\Windows\system32\DRIVERS\ssudbus.sys
18:31:57.0215 3860 dg_ssudbus - ok
18:31:57.0223 3860 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp O:\Windows\system32\dhcpcore.dll
18:31:57.0225 3860 Dhcp - ok
18:31:57.0229 3860 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache O:\Windows\system32\drivers\discache.sys
18:31:57.0229 3860 discache - ok
18:31:57.0231 3860 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk O:\Windows\system32\drivers\disk.sys
18:31:57.0232 3860 Disk - ok
18:31:57.0234 3860 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc O:\Windows\system32\drivers\dmvsc.sys
18:31:57.0235 3860 dmvsc - ok
18:31:57.0238 3860 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache O:\Windows\System32\dnsrslvr.dll
18:31:57.0240 3860 Dnscache - ok
18:31:57.0244 3860 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc O:\Windows\System32\dot3svc.dll
18:31:57.0246 3860 dot3svc - ok
18:31:57.0249 3860 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS O:\Windows\system32\dps.dll
18:31:57.0250 3860 DPS - ok
18:31:57.0252 3860 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud O:\Windows\system32\drivers\drmkaud.sys
18:31:57.0253 3860 drmkaud - ok
18:31:57.0256 3860 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 O:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:31:57.0257 3860 dtsoftbus01 - ok
18:31:57.0265 3860 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl O:\Windows\System32\drivers\dxgkrnl.sys
18:31:57.0268 3860 DXGKrnl - ok
18:31:57.0271 3860 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost O:\Windows\System32\eapsvc.dll
18:31:57.0271 3860 EapHost - ok
18:31:57.0275 3860 [ 7A0887B0C3F5D8768C2F7C8524834FE6 ] easytether O:\Windows\system32\DRIVERS\easytthr.sys
18:31:57.0277 3860 easytether - ok
18:31:57.0311 3860 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv O:\Windows\system32\drivers\evbda.sys
18:31:57.0332 3860 ebdrv - ok
18:31:57.0339 3860 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl O:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:31:57.0341 3860 eeCtrl - ok
18:31:57.0345 3860 [ C118A82CD78818C29AB228366EBF81C3 ] EFS O:\Windows\System32\lsass.exe
18:31:57.0346 3860 EFS - ok
18:31:57.0368 3860 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr O:\Windows\ehome\ehRecvr.exe
18:31:57.0373 3860 ehRecvr - ok
18:31:57.0376 3860 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched O:\Windows\ehome\ehsched.exe
18:31:57.0376 3860 ehSched - ok
18:31:57.0381 3860 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor O:\Windows\system32\drivers\elxstor.sys
18:31:57.0385 3860 elxstor - ok
18:31:57.0388 3860 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv O:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:31:57.0389 3860 EraserUtilRebootDrv - ok
18:31:57.0390 3860 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev O:\Windows\system32\drivers\errdev.sys
18:31:57.0391 3860 ErrDev - ok
18:31:57.0393 3860 [ 84486624268E078255BC7AA47F0960BC ] etdrv O:\Windows\etdrv.sys
18:31:57.0394 3860 etdrv - ok
18:31:57.0399 3860 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem O:\Windows\system32\es.dll
18:31:57.0402 3860 EventSystem - ok
18:31:57.0406 3860 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat O:\Windows\system32\drivers\exfat.sys
18:31:57.0409 3860 exfat - ok
18:31:57.0416 3860 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat O:\Windows\system32\drivers\fastfat.sys
18:31:57.0418 3860 fastfat - ok
18:31:57.0428 3860 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax O:\Windows\system32\fxssvc.exe
18:31:57.0433 3860 Fax - ok
18:31:57.0435 3860 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc O:\Windows\system32\DRIVERS\fdc.sys
18:31:57.0436 3860 fdc - ok
18:31:57.0437 3860 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost O:\Windows\system32\fdPHost.dll
18:31:57.0438 3860 fdPHost - ok
18:31:57.0439 3860 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub O:\Windows\system32\fdrespub.dll
18:31:57.0440 3860 FDResPub - ok
18:31:57.0442 3860 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo O:\Windows\system32\drivers\fileinfo.sys
18:31:57.0443 3860 FileInfo - ok
18:31:57.0444 3860 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace O:\Windows\system32\drivers\filetrace.sys
18:31:57.0445 3860 Filetrace - ok
18:31:57.0447 3860 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk O:\Windows\system32\drivers\flpydisk.sys
18:31:57.0448 3860 flpydisk - ok
18:31:57.0451 3860 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr O:\Windows\system32\drivers\fltmgr.sys
18:31:57.0453 3860 FltMgr - ok
18:31:57.0462 3860 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache O:\Windows\system32\FntCache.dll
18:31:57.0469 3860 FontCache - ok
18:31:57.0471 3860 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 O:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:31:57.0472 3860 FontCache3.0.0.0 - ok
18:31:57.0474 3860 [ D43703496149971890703B4B1B723EAC ] FsDepends O:\Windows\system32\drivers\FsDepends.sys
18:31:57.0475 3860 FsDepends - ok
18:31:57.0476 3860 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec O:\Windows\system32\drivers\Fs_Rec.sys
18:31:57.0477 3860 Fs_Rec - ok
18:31:57.0481 3860 [ 0D015D3584704EC814A58276232F143B ] Futuremark SystemInfo Service O:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
18:31:57.0485 3860 Futuremark SystemInfo Service - ok
18:31:57.0492 3860 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol O:\Windows\system32\DRIVERS\fvevol.sys
18:31:57.0494 3860 fvevol - ok
18:31:57.0498 3860 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx O:\Windows\system32\drivers\gagp30kx.sys
18:31:57.0501 3860 gagp30kx - ok
18:31:57.0508 3860 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv O:\Windows\gdrv.sys
18:31:57.0509 3860 gdrv - ok
18:31:57.0511 3860 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM O:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:31:57.0511 3860 GEARAspiWDM - ok
18:31:57.0518 3860 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc O:\Windows\System32\gpsvc.dll
18:31:57.0523 3860 gpsvc - ok
18:31:57.0525 3860 [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64 O:\Windows\GVTDrv64.sys
18:31:57.0526 3860 GVTDrv64 - ok
18:31:57.0529 3860 [ ADB4348DA1345877B04E22203AFC8993 ] hcmon O:\Windows\system32\drivers\hcmon.sys
18:31:57.0529 3860 hcmon - ok
18:31:57.0531 3860 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir O:\Windows\system32\drivers\hcw85cir.sys
18:31:57.0532 3860 hcw85cir - ok
18:31:57.0536 3860 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService O:\Windows\system32\drivers\HdAudio.sys
18:31:57.0539 3860 HdAudAddService - ok
18:31:57.0541 3860 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus O:\Windows\system32\DRIVERS\HDAudBus.sys
18:31:57.0542 3860 HDAudBus - ok
18:31:57.0545 3860 [ F0CD88742AE3B666971E295D42B434BD ] HDHomeRun Service O:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
18:31:57.0545 3860 HDHomeRun Service - ok
18:31:57.0547 3860 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt O:\Windows\system32\drivers\HidBatt.sys
18:31:57.0548 3860 HidBatt - ok
18:31:57.0551 3860 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth O:\Windows\system32\drivers\hidbth.sys
18:31:57.0553 3860 HidBth - ok
18:31:57.0558 3860 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr O:\Windows\system32\DRIVERS\hidir.sys
18:31:57.0560 3860 HidIr - ok
18:31:57.0564 3860 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv O:\Windows\system32\hidserv.dll
18:31:57.0564 3860 hidserv - ok
18:31:57.0567 3860 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb O:\Windows\system32\DRIVERS\hidusb.sys
18:31:57.0569 3860 HidUsb - ok
18:31:57.0573 3860 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc O:\Windows\system32\kmsvc.dll
18:31:57.0574 3860 hkmsvc - ok
18:31:57.0578 3860 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener O:\Windows\system32\ListSvc.dll
18:31:57.0579 3860 HomeGroupListener - ok
18:31:57.0583 3860 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider O:\Windows\system32\provsvc.dll
18:31:57.0584 3860 HomeGroupProvider - ok
18:31:57.0586 3860 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD O:\Windows\system32\drivers\HpSAMD.sys
18:31:57.0587 3860 HpSAMD - ok
18:31:57.0593 3860 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP O:\Windows\system32\drivers\HTTP.sys
18:31:57.0598 3860 HTTP - ok
18:31:57.0600 3860 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy O:\Windows\system32\drivers\hwpolicy.sys
18:31:57.0601 3860 hwpolicy - ok
18:31:57.0603 3860 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt O:\Windows\system32\drivers\i8042prt.sys
18:31:57.0605 3860 i8042prt - ok
18:31:57.0610 3860 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor O:\Windows\system32\DRIVERS\iaStor.sys
18:31:57.0612 3860 iaStor - ok
18:31:57.0614 3860 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc O:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
18:31:57.0614 3860 IAStorDataMgrSvc - ok
18:31:57.0621 3860 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV O:\Windows\system32\drivers\iaStorV.sys
18:31:57.0625 3860 iaStorV - ok
18:31:57.0633 3860 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT O:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:31:57.0637 3860 IDriverT - ok
18:31:57.0645 3860 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc O:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:31:57.0651 3860 idsvc - ok
18:31:57.0657 3860 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 O:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120913.001\IDSvia64.sys
18:31:57.0659 3860 IDSVia64 - ok
18:31:57.0661 3860 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp O:\Windows\system32\drivers\iirsp.sys
18:31:57.0662 3860 iirsp - ok
18:31:57.0670 3860 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT O:\Windows\System32\ikeext.dll
18:31:57.0675 3860 IKEEXT - ok
18:31:57.0711 3860 [ A5F7CEF8A939EBE270462EDEFD629F20 ] IntcAzAudAddService O:\Windows\system32\drivers\RTKVHD64.sys
18:31:57.0719 3860 IntcAzAudAddService - ok
18:31:57.0722 3860 [ F00F20E70C6EC3AA366910083A0518AA ] intelide O:\Windows\system32\drivers\intelide.sys
18:31:57.0722 3860 intelide - ok
18:31:57.0724 3860 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm O:\Windows\system32\DRIVERS\intelppm.sys
18:31:57.0725 3860 intelppm - ok
18:31:57.0727 3860 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum O:\Windows\system32\ipbusenum.dll
18:31:57.0728 3860 IPBusEnum - ok
18:31:57.0730 3860 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver O:\Windows\system32\DRIVERS\ipfltdrv.sys
18:31:57.0731 3860 IpFilterDriver - ok
18:31:57.0737 3860 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc O:\Windows\System32\iphlpsvc.dll
18:31:57.0740 3860 iphlpsvc - ok
18:31:57.0743 3860 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV O:\Windows\system32\drivers\IPMIDrv.sys
18:31:57.0744 3860 IPMIDRV - ok
18:31:57.0746 3860 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT O:\Windows\system32\drivers\ipnat.sys
18:31:57.0747 3860 IPNAT - ok
18:31:57.0757 3860 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service O:\Program Files\iPod\bin\iPodService.exe
18:31:57.0764 3860 iPod Service - ok
18:31:57.0767 3860 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM O:\Windows\system32\drivers\irenum.sys
18:31:57.0768 3860 IRENUM - ok
18:31:57.0771 3860 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp O:\Windows\system32\drivers\isapnp.sys
18:31:57.0772 3860 isapnp - ok
18:31:57.0776 3860 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt O:\Windows\system32\drivers\msiscsi.sys
18:31:57.0779 3860 iScsiPrt - ok
18:31:57.0781 3860 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass O:\Windows\system32\DRIVERS\kbdclass.sys
18:31:57.0781 3860 kbdclass - ok
18:31:57.0783 3860 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid O:\Windows\system32\DRIVERS\kbdhid.sys
18:31:57.0783 3860 kbdhid - ok
18:31:57.0785 3860 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso O:\Windows\system32\lsass.exe
18:31:57.0786 3860 KeyIso - ok
18:31:57.0788 3860 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD O:\Windows\system32\Drivers\ksecdd.sys
18:31:57.0789 3860 KSecDD - ok
18:31:57.0791 3860 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg O:\Windows\system32\Drivers\ksecpkg.sys
18:31:57.0793 3860 KSecPkg - ok
18:31:57.0794 3860 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk O:\Windows\system32\drivers\ksthunk.sys
18:31:57.0795 3860 ksthunk - ok
18:31:57.0799 3860 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm O:\Windows\system32\msdtckrm.dll
18:31:57.0803 3860 KtmRm - ok
18:31:57.0806 3860 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer O:\Windows\system32\srvsvc.dll
18:31:57.0808 3860 LanmanServer - ok
18:31:57.0811 3860 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation O:\Windows\System32\wkssvc.dll
18:31:57.0812 3860 LanmanWorkstation - ok
18:31:57.0815 3860 [ 1538831CF8AD2979A04C423779465827 ] lltdio O:\Windows\system32\DRIVERS\lltdio.sys
18:31:57.0815 3860 lltdio - ok
18:31:57.0819 3860 [ C1185803384AB3FEED115F79F109427F ] lltdsvc O:\Windows\System32\lltdsvc.dll
18:31:57.0823 3860 lltdsvc - ok
18:31:57.0826 3860 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts O:\Windows\System32\lmhsvc.dll
18:31:57.0826 3860 lmhosts - ok
18:31:57.0831 3860 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC O:\Windows\system32\drivers\lsi_fc.sys
18:31:57.0834 3860 LSI_FC - ok
18:31:57.0836 3860 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS O:\Windows\system32\drivers\lsi_sas.sys
18:31:57.0838 3860 LSI_SAS - ok
18:31:57.0841 3860 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 O:\Windows\system32\drivers\lsi_sas2.sys
18:31:57.0842 3860 LSI_SAS2 - ok
18:31:57.0845 3860 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI O:\Windows\system32\drivers\lsi_scsi.sys
18:31:57.0846 3860 LSI_SCSI - ok
18:31:57.0848 3860 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv O:\Windows\system32\drivers\luafv.sys
18:31:57.0850 3860 luafv - ok
18:31:57.0852 3860 [ BEB897CE49F7C991845D3AEA0D298E53 ] Lycosa O:\Windows\system32\drivers\Lycosa.sys
18:31:57.0853 3860 Lycosa - ok
18:31:57.0855 3860 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc O:\Windows\system32\Mcx2Svc.dll
18:31:57.0856 3860 Mcx2Svc - ok
18:31:57.0858 3860 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas O:\Windows\system32\drivers\megasas.sys
18:31:57.0859 3860 megasas - ok
18:31:57.0863 3860 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR O:\Windows\system32\drivers\MegaSR.sys
18:31:57.0865 3860 MegaSR - ok
18:31:57.0870 3860 Microsoft SharePoint Workspace Audit Service - ok
18:31:57.0872 3860 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS O:\Windows\system32\mmcss.dll
18:31:57.0873 3860 MMCSS - ok
18:31:57.0875 3860 [ 800BA92F7010378B09F9ED9270F07137 ] Modem O:\Windows\system32\drivers\modem.sys
18:31:57.0876 3860 Modem - ok
18:31:57.0877 3860 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor O:\Windows\system32\DRIVERS\monitor.sys
18:31:57.0878 3860 monitor - ok
18:31:57.0880 3860 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass O:\Windows\system32\DRIVERS\mouclass.sys
18:31:57.0880 3860 mouclass - ok
18:31:57.0882 3860 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid O:\Windows\system32\DRIVERS\mouhid.sys
18:31:57.0883 3860 mouhid - ok
18:31:57.0885 3860 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr O:\Windows\system32\drivers\mountmgr.sys
18:31:57.0886 3860 mountmgr - ok
18:31:57.0889 3860 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance O:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:31:57.0892 3860 MozillaMaintenance - ok
18:31:57.0897 3860 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio O:\Windows\system32\drivers\mpio.sys
18:31:57.0899 3860 mpio - ok
18:31:57.0903 3860 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv O:\Windows\system32\drivers\mpsdrv.sys
18:31:57.0905 3860 mpsdrv - ok
18:31:57.0914 3860 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc O:\Windows\system32\mpssvc.dll
18:31:57.0919 3860 MpsSvc - ok
18:31:57.0923 3860 [ CD22D2563039DDA6793F7624719363A7 ] MQAC O:\Windows\system32\drivers\mqac.sys
18:31:57.0924 3860 MQAC - ok
18:31:57.0927 3860 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV O:\Windows\system32\drivers\mrxdav.sys
18:31:57.0928 3860 MRxDAV - ok
18:31:57.0931 3860 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb O:\Windows\system32\DRIVERS\mrxsmb.sys
18:31:57.0933 3860 mrxsmb - ok
18:31:57.0937 3860 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 O:\Windows\system32\DRIVERS\mrxsmb10.sys
18:31:57.0939 3860 mrxsmb10 - ok
18:31:57.0941 3860 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 O:\Windows\system32\DRIVERS\mrxsmb20.sys
18:31:57.0943 3860 mrxsmb20 - ok
18:31:57.0945 3860 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci O:\Windows\system32\drivers\msahci.sys
18:31:57.0946 3860 msahci - ok
18:31:57.0948 3860 [ DB801A638D011B9633829EB6F663C900 ] msdsm O:\Windows\system32\drivers\msdsm.sys
18:31:57.0950 3860 msdsm - ok
18:31:57.0952 3860 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC O:\Windows\System32\msdtc.exe
18:31:57.0954 3860 MSDTC - ok
18:31:57.0958 3860 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs O:\Windows\system32\drivers\Msfs.sys
18:31:57.0960 3860 Msfs - ok
18:31:57.0963 3860 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf O:\Windows\System32\drivers\mshidkmdf.sys
18:31:57.0965 3860 mshidkmdf - ok
18:31:57.0967 3860 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv O:\Windows\system32\drivers\msisadrv.sys
18:31:57.0968 3860 msisadrv - ok
18:31:57.0973 3860 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI O:\Windows\system32\iscsiexe.dll
18:31:57.0976 3860 MSiSCSI - ok
18:31:57.0977 3860 msiserver - ok
18:31:57.0979 3860 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV O:\Windows\system32\drivers\MSKSSRV.sys
18:31:57.0980 3860 MSKSSRV - ok
18:31:57.0982 3860 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ O:\Windows\system32\mqsvc.exe
18:31:57.0982 3860 MSMQ - ok
18:31:57.0984 3860 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK O:\Windows\system32\drivers\MSPCLOCK.sys
18:31:57.0985 3860 MSPCLOCK - ok
18:31:57.0986 3860 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM O:\Windows\system32\drivers\MSPQM.sys
18:31:57.0987 3860 MSPQM - ok
18:31:57.0991 3860 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC O:\Windows\system32\drivers\MsRPC.sys
18:31:57.0993 3860 MsRPC - ok
18:31:57.0996 3860 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios O:\Windows\system32\DRIVERS\mssmbios.sys
18:31:57.0996 3860 mssmbios - ok
18:31:57.0998 3860 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE O:\Windows\system32\drivers\MSTEE.sys
18:31:57.0999 3860 MSTEE - ok
18:31:58.0001 3860 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig O:\Windows\system32\drivers\MTConfig.sys
18:31:58.0001 3860 MTConfig - ok
18:31:58.0003 3860 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup O:\Windows\system32\Drivers\mup.sys
18:31:58.0004 3860 Mup - ok
18:31:58.0010 3860 [ F2840DBFE9322F35557219AE82CC4597 ] N360 O:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
18:31:58.0011 3860 N360 - ok
18:31:58.0016 3860 [ 582AC6D9873E31DFA28A4547270862DD ] napagent O:\Windows\system32\qagentRT.dll
18:31:58.0020 3860 napagent - ok
18:31:58.0025 3860 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP O:\Windows\system32\DRIVERS\nwifi.sys
18:31:58.0028 3860 NativeWifiP - ok
18:31:58.0035 3860 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG O:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120914.002\ENG64.SYS
18:31:58.0036 3860 NAVENG - ok
18:31:58.0055 3860 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 O:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120914.002\EX64.SYS
18:31:58.0061 3860 NAVEX15 - ok
18:31:58.0069 3860 [ 760E38053BF56E501D562B70AD796B88 ] NDIS O:\Windows\system32\drivers\ndis.sys
18:31:58.0075 3860 NDIS - ok
18:31:58.0077 3860 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap O:\Windows\system32\DRIVERS\ndiscap.sys
18:31:58.0078 3860 NdisCap - ok
18:31:58.0080 3860 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi O:\Windows\system32\DRIVERS\ndistapi.sys
18:31:58.0080 3860 NdisTapi - ok
18:31:58.0082 3860 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio O:\Windows\system32\DRIVERS\ndisuio.sys
18:31:58.0083 3860 Ndisuio - ok
18:31:58.0086 3860 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan O:\Windows\system32\DRIVERS\ndiswan.sys
18:31:58.0087 3860 NdisWan - ok
18:31:58.0089 3860 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy O:\Windows\system32\drivers\NDProxy.sys
18:31:58.0091 3860 NDProxy - ok
18:31:58.0096 3860 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS O:\Windows\system32\DRIVERS\netbios.sys
18:31:58.0097 3860 NetBIOS - ok
18:31:58.0102 3860 [ 09594D1089C523423B32A4229263F068 ] NetBT O:\Windows\system32\DRIVERS\netbt.sys
18:31:58.0104 3860 NetBT - ok
18:31:58.0106 3860 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon O:\Windows\system32\lsass.exe
18:31:58.0107 3860 Netlogon - ok
18:31:58.0112 3860 [ 847D3AE376C0817161A14A82C8922A9E ] Netman O:\Windows\System32\netman.dll
18:31:58.0115 3860 Netman - ok
18:31:58.0117 3860 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator O:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:31:58.0121 3860 NetMsmqActivator - ok
18:31:58.0123 3860 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator O:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:31:58.0124 3860 NetPipeActivator - ok
18:31:58.0128 3860 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm O:\Windows\System32\netprofm.dll
18:31:58.0131 3860 netprofm - ok
18:31:58.0140 3860 [ EED1FBDE98CF5F6D5C0C5B27AB1F68EC ] netr28ux O:\Windows\system32\DRIVERS\netr28ux.sys
18:31:58.0148 3860 netr28ux - ok
18:31:58.0150 3860 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator O:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:31:58.0150 3860 NetTcpActivator - ok
18:31:58.0152 3860 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing O:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:31:58.0153 3860 NetTcpPortSharing - ok
18:31:58.0155 3860 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 O:\Windows\system32\drivers\nfrd960.sys
18:31:58.0156 3860 nfrd960 - ok
18:31:58.0163 3860 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc O:\Windows\System32\nlasvc.dll
18:31:58.0166 3860 NlaSvc - ok
18:31:58.0170 3860 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs O:\Windows\system32\drivers\Npfs.sys
18:31:58.0171 3860 Npfs - ok
18:31:58.0174 3860 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi O:\Windows\system32\nsisvc.dll
18:31:58.0175 3860 nsi - ok
18:31:58.0177 3860 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy O:\Windows\system32\drivers\nsiproxy.sys
18:31:58.0178 3860 nsiproxy - ok
18:31:58.0191 3860 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs O:\Windows\system32\drivers\Ntfs.sys
18:31:58.0202 3860 Ntfs - ok
18:31:58.0204 3860 [ 9899284589F75FA8724FF3D16AED75C1 ] Null O:\Windows\system32\drivers\Null.sys
18:31:58.0204 3860 Null - ok
18:31:58.0207 3860 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub O:\Windows\system32\DRIVERS\nusb3hub.sys
18:31:58.0208 3860 nusb3hub - ok
18:31:58.0211 3860 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc O:\Windows\system32\DRIVERS\nusb3xhc.sys
18:31:58.0213 3860 nusb3xhc - ok
18:31:58.0216 3860 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid O:\Windows\system32\drivers\nvraid.sys
18:31:58.0218 3860 nvraid - ok
18:31:58.0221 3860 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor O:\Windows\system32\drivers\nvstor.sys
18:31:58.0222 3860 nvstor - ok
18:31:58.0225 3860 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp O:\Windows\system32\drivers\nv_agp.sys
18:31:58.0226 3860 nv_agp - ok
18:31:58.0228 3860 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 O:\Windows\system32\drivers\ohci1394.sys
18:31:58.0229 3860 ohci1394 - ok
18:31:58.0233 3860 [ 4965B005492CBA7719E82B71E3245495 ] ose64 O:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:31:58.0235 3860 ose64 - ok
18:31:58.0282 3860 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc O:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:31:58.0315 3860 osppsvc - ok
18:31:58.0322 3860 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc O:\Windows\system32\pnrpsvc.dll
18:31:58.0325 3860 p2pimsvc - ok
18:31:58.0330 3860 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc O:\Windows\system32\p2psvc.dll
18:31:58.0333 3860 p2psvc - ok
18:31:58.0335 3860 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport O:\Windows\system32\drivers\parport.sys
18:31:58.0336 3860 Parport - ok
18:31:58.0339 3860 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr O:\Windows\system32\drivers\partmgr.sys
18:31:58.0339 3860 partmgr - ok
18:31:58.0342 3860 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc O:\Windows\System32\pcasvc.dll
18:31:58.0344 3860 PcaSvc - ok
18:31:58.0347 3860 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci O:\Windows\system32\drivers\pci.sys
18:31:58.0348 3860 pci - ok
18:31:58.0350 3860 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide O:\Windows\system32\drivers\pciide.sys
18:31:58.0351 3860 pciide - ok
18:31:58.0354 3860 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia O:\Windows\system32\drivers\pcmcia.sys
18:31:58.0356 3860 pcmcia - ok
18:31:58.0358 3860 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw O:\Windows\system32\drivers\pcw.sys
18:31:58.0358 3860 pcw - ok
18:31:58.0364 3860 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH O:\Windows\system32\drivers\peauth.sys
18:31:58.0369 3860 PEAUTH - ok
18:31:58.0391 3860 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc O:\Windows\system32\peerdistsvc.dll
18:31:58.0400 3860 PeerDistSvc - ok
18:31:58.0416 3860 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost O:\Windows\SysWow64\perfhost.exe
18:31:58.0417 3860 PerfHost - ok
18:31:58.0430 3860 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla O:\Windows\system32\pla.dll
18:31:58.0440 3860 pla - ok
18:31:58.0450 3860 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay O:\Windows\system32\umpnpmgr.dll
18:31:58.0454 3860 PlugPlay - ok
18:31:58.0457 3860 [ A010F13D27C1033A8BE09D5FA9BF348B ] pneteth O:\Windows\system32\DRIVERS\pneteth.sys
18:31:58.0458 3860 pneteth - ok
18:31:58.0460 3860 PnkBstrA - ok
18:31:58.0462 3860 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg O:\Windows\system32\pnrpauto.dll
18:31:58.0464 3860 PNRPAutoReg - ok
18:31:58.0468 3860 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc O:\Windows\system32\pnrpsvc.dll
18:31:58.0469 3860 PNRPsvc - ok
18:31:58.0474 3860 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent O:\Windows\System32\ipsecsvc.dll
18:31:58.0477 3860 PolicyAgent - ok
18:31:58.0481 3860 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power O:\Windows\system32\umpo.dll
18:31:58.0483 3860 Power - ok
18:31:58.0485 3860 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport O:\Windows\system32\DRIVERS\raspptp.sys
18:31:58.0486 3860 PptpMiniport - ok
18:31:58.0488 3860 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor O:\Windows\system32\drivers\processr.sys
18:31:58.0489 3860 Processor - ok
18:31:58.0492 3860 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc O:\Windows\system32\profsvc.dll
18:31:58.0494 3860 ProfSvc - ok
18:31:58.0496 3860 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage O:\Windows\system32\lsass.exe
18:31:58.0496 3860 ProtectedStorage - ok
18:31:58.0499 3860 [ 0557CF5A2556BD58E26384169D72438D ] Psched O:\Windows\system32\DRIVERS\pacer.sys
18:31:58.0500 3860 Psched - ok
18:31:58.0502 3860 [ F2EECF8977BD3FE4E38743DDCFBECD20 ] PxHlpa64 O:\Windows\system32\Drivers\PxHlpa64.sys
18:31:58.0503 3860 PxHlpa64 - ok
18:31:58.0526 3860 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 O:\Windows\system32\drivers\ql2300.sys
18:31:58.0536 3860 ql2300 - ok
18:31:58.0539 3860 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx O:\Windows\system32\drivers\ql40xx.sys
18:31:58.0541 3860 ql40xx - ok
18:31:58.0544 3860 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE O:\Windows\system32\qwave.dll
18:31:58.0547 3860 QWAVE - ok
18:31:58.0549 3860 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv O:\Windows\system32\drivers\qwavedrv.sys
18:31:58.0549 3860 QWAVEdrv - ok
18:31:58.0551 3860 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd O:\Windows\system32\DRIVERS\rasacd.sys
18:31:58.0552 3860 RasAcd - ok
18:31:58.0554 3860 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn O:\Windows\system32\DRIVERS\AgileVpn.sys
18:31:58.0555 3860 RasAgileVpn - ok
18:31:58.0557 3860 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto O:\Windows\System32\rasauto.dll
18:31:58.0559 3860 RasAuto - ok
18:31:58.0561 3860 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp O:\Windows\system32\DRIVERS\rasl2tp.sys
18:31:58.0562 3860 Rasl2tp - ok
18:31:58.0566 3860 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan O:\Windows\System32\rasmans.dll
18:31:58.0569 3860 RasMan - ok
18:31:58.0571 3860 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe O:\Windows\system32\DRIVERS\raspppoe.sys
18:31:58.0574 3860 RasPppoe - ok
18:31:58.0578 3860 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp O:\Windows\system32\DRIVERS\rassstp.sys
18:31:58.0580 3860 RasSstp - ok
18:31:58.0587 3860 [ 77F665941019A1594D887A74F301FA2F ] rdbss O:\Windows\system32\DRIVERS\rdbss.sys
18:31:58.0590 3860 rdbss - ok
18:31:58.0594 3860 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus O:\Windows\system32\DRIVERS\rdpbus.sys
18:31:58.0595 3860 rdpbus - ok
18:31:58.0598 3860 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD O:\Windows\system32\DRIVERS\RDPCDD.sys
18:31:58.0598 3860 RDPCDD - ok
18:31:58.0602 3860 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR O:\Windows\system32\drivers\rdpdr.sys
18:31:58.0604 3860 RDPDR - ok
18:31:58.0606 3860 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD O:\Windows\system32\drivers\rdpencdd.sys
18:31:58.0606 3860 RDPENCDD - ok
18:31:58.0608 3860 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP O:\Windows\system32\drivers\rdprefmp.sys
18:31:58.0608 3860 RDPREFMP - ok
18:31:58.0611 3860 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport O:\Windows\system32\drivers\rdpvideominiport.sys
18:31:58.0612 3860 RdpVideoMiniport - ok
18:31:58.0615 3860 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD O:\Windows\system32\drivers\RDPWD.sys
18:31:58.0617 3860 RDPWD - ok
18:31:58.0621 3860 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost O:\Windows\system32\drivers\rdyboost.sys
18:31:58.0622 3860 rdyboost - ok
18:31:58.0625 3860 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess O:\Windows\System32\mprdim.dll
18:31:58.0626 3860 RemoteAccess - ok
18:31:58.0629 3860 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry O:\Windows\system32\regsvc.dll
18:31:58.0632 3860 RemoteRegistry - ok
18:31:58.0645 3860 [ FF578453D3B3ADAAB22D7151D7F9E592 ] RoxMediaDB12 O:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
18:31:58.0661 3860 RoxMediaDB12 - ok
18:31:58.0672 3860 [ 879BF5333A3DF407019FB16B35F2A352 ] RoxMediaDB13 O:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
18:31:58.0680 3860 RoxMediaDB13 - ok
18:31:58.0684 3860 [ DDB9FE116DF539AD256AB18C9BCA883B ] RoxWatch12 O:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
18:31:58.0686 3860 RoxWatch12 - ok
18:31:58.0689 3860 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper O:\Windows\System32\RpcEpMap.dll
18:31:58.0690 3860 RpcEptMapper - ok
18:31:58.0691 3860 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator O:\Windows\system32\locator.exe
18:31:58.0692 3860 RpcLocator - ok
18:31:58.0697 3860 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs O:\Windows\system32\rpcss.dll
18:31:58.0699 3860 RpcSs - ok
18:31:58.0702 3860 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr O:\Windows\system32\DRIVERS\rspndr.sys
18:31:58.0703 3860 rspndr - ok
18:31:58.0705 3860 [ 2E887E52E45BBA3C47CCD0E75FC5266F ] RTCore64 O:\Program Files (x86)\MSI Afterburner\RTCore64.sys
18:31:58.0705 3860 RTCore64 - ok
18:31:58.0709 3860 [ 2E7D1CA91D62501713C9D6E6704395C6 ] RTHDMIAzAudService O:\Windows\system32\drivers\RtHDMIVX.sys
18:31:58.0711 3860 RTHDMIAzAudService - ok
18:31:58.0716 3860 [ 0039DE6A0A1293889A3F21ECC473263D ] RTL8167 O:\Windows\system32\DRIVERS\Rt64win7.sys
18:31:58.0718 3860 RTL8167 - ok
18:31:58.0723 3860 [ 602FCF9D91BD47721B248B81F816C267 ] rzendpt O:\Windows\system32\DRIVERS\rzendpt.sys
18:31:58.0725 3860 rzendpt - ok
18:31:58.0732 3860 [ F71EEA505290B0AAD48850F0D750702D ] RzSynapse O:\Windows\system32\DRIVERS\RzSynapse.sys
18:31:58.0733 3860 RzSynapse - ok
18:31:58.0739 3860 [ 672CA863751E96F0A800215C11FD496F ] rzudd O:\Windows\system32\DRIVERS\rzudd.sys
18:31:58.0741 3860 rzudd - ok
18:31:58.0743 3860 [ E60C0A09F997826C7627B244195AB581 ] s3cap O:\Windows\system32\drivers\vms3cap.sys
18:31:58.0743 3860 s3cap - ok
18:31:58.0745 3860 [ 27DB9153D259D632D15483DEEAB799ED ] Sahdad64 O:\Windows\system32\Drivers\Sahdad64.sys
18:31:58.0746 3860 Sahdad64 - ok
18:31:58.0748 3860 [ F77849D909B90BCACFCF7295AECF299B ] Saibad64 O:\Windows\system32\Drivers\Saibad64.sys
18:31:58.0748 3860 Saibad64 - ok
18:31:58.0750 3860 [ 704D415290A568F68DE20942DAC23F7E ] SaibVdAd64 O:\Windows\system32\Drivers\SaibVdAd64.sys
18:31:58.0750 3860 SaibVdAd64 - ok
18:31:58.0752 3860 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs O:\Windows\system32\lsass.exe
18:31:58.0753 3860 SamSs - ok
18:31:58.0755 3860 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port O:\Windows\system32\drivers\sbp2port.sys
18:31:58.0756 3860 sbp2port - ok
18:31:58.0759 3860 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr O:\Windows\System32\SCardSvr.dll
18:31:58.0762 3860 SCardSvr - ok
18:31:58.0764 3860 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter O:\Windows\system32\DRIVERS\scfilter.sys
18:31:58.0765 3860 scfilter - ok
18:31:58.0773 3860 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule O:\Windows\system32\schedsvc.dll
18:31:58.0781 3860 Schedule - ok
18:31:58.0783 3860 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc O:\Windows\System32\certprop.dll
18:31:58.0783 3860 SCPolicySvc - ok
18:31:58.0786 3860 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC O:\Windows\System32\SDRSVC.dll
18:31:58.0789 3860 SDRSVC - ok
18:31:58.0792 3860 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv O:\Windows\system32\drivers\secdrv.sys
18:31:58.0795 3860 secdrv - ok
18:31:58.0798 3860 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon O:\Windows\system32\seclogon.dll
18:31:58.0800 3860 seclogon - ok
18:31:58.0803 3860 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS O:\Windows\System32\sens.dll
18:31:58.0804 3860 SENS - ok
18:31:58.0806 3860 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc O:\Windows\system32\sensrsvc.dll
18:31:58.0808 3860 SensrSvc - ok
18:31:58.0809 3860 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum O:\Windows\system32\drivers\serenum.sys
18:31:58.0810 3860 Serenum - ok
18:31:58.0812 3860 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial O:\Windows\system32\drivers\serial.sys
18:31:58.0814 3860 Serial - ok
18:31:58.0815 3860 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse O:\Windows\system32\drivers\sermouse.sys
18:31:58.0816 3860 sermouse - ok
18:31:58.0821 3860 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv O:\Windows\system32\sessenv.dll
18:31:58.0823 3860 SessionEnv - ok
18:31:58.0824 3860 [ A554811BCD09279536440C964AE35BBF ] sffdisk O:\Windows\system32\drivers\sffdisk.sys
18:31:58.0825 3860 sffdisk - ok
18:31:58.0827 3860 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc O:\Windows\system32\drivers\sffp_mmc.sys
18:31:58.0828 3860 sffp_mmc - ok
18:31:58.0829 3860 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd O:\Windows\system32\drivers\sffp_sd.sys
18:31:58.0830 3860 sffp_sd - ok
18:31:58.0832 3860 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy O:\Windows\system32\drivers\sfloppy.sys
18:31:58.0833 3860 sfloppy - ok
18:31:58.0837 3860 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess O:\Windows\System32\ipnathlp.dll
18:31:58.0840 3860 SharedAccess - ok
18:31:58.0844 3860 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection O:\Windows\System32\shsvcs.dll
18:31:58.0847 3860 ShellHWDetection - ok
18:31:58.0849 3860 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 O:\Windows\system32\drivers\SiSRaid2.sys
18:31:58.0850 3860 SiSRaid2 - ok
18:31:58.0852 3860 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 O:\Windows\system32\drivers\sisraid4.sys
18:31:58.0853 3860 SiSRaid4 - ok
18:31:58.0858 3860 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb O:\Windows\system32\DRIVERS\smb.sys
18:31:58.0859 3860 Smb - ok
18:31:58.0869 3860 [ 10450F432811D7FDA60A97FCC674D7B2 ] snapman O:\Windows\system32\DRIVERS\snapman.sys
18:31:58.0872 3860 snapman - ok
18:31:58.0874 3860 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP O:\Windows\System32\snmptrap.exe
18:31:58.0876 3860 SNMPTRAP - ok
18:31:58.0878 3860 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr O:\Windows\system32\drivers\spldr.sys
18:31:58.0878 3860 spldr - ok
18:31:58.0883 3860 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler O:\Windows\System32\spoolsv.exe
18:31:58.0887 3860 Spooler - ok
18:31:58.0912 3860 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc O:\Windows\system32\sppsvc.exe
18:31:58.0934 3860 sppsvc - ok
18:31:58.0938 3860 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify O:\Windows\system32\sppuinotify.dll
18:31:58.0940 3860 sppuinotify - ok
18:31:58.0956 3860 [ 891793E00432FA055CF040605C260E49 ] SRTSP O:\Windows\System32\Drivers\N360x64\0603000.00E\SRTSP64.SYS
18:31:58.0958 3860 SRTSP - ok
18:31:58.0960 3860 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX O:\Windows\system32\drivers\N360x64\0603000.00E\SRTSPX64.SYS
18:31:58.0961 3860 SRTSPX - ok
18:31:58.0966 3860 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv O:\Windows\system32\DRIVERS\srv.sys
18:31:58.0969 3860 srv - ok
18:31:58.0974 3860 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 O:\Windows\system32\DRIVERS\srv2.sys
18:31:58.0977 3860 srv2 - ok
18:31:58.0980 3860 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet O:\Windows\system32\DRIVERS\srvnet.sys
18:31:58.0981 3860 srvnet - ok
18:31:58.0985 3860 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV O:\Windows\System32\ssdpsrv.dll
18:31:58.0986 3860 SSDPSRV - ok
18:31:58.0989 3860 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc O:\Windows\system32\sstpsvc.dll
18:31:58.0990 3860 SstpSvc - ok
18:31:58.0993 3860 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm O:\Windows\system32\DRIVERS\ssudmdm.sys
18:31:58.0996 3860 ssudmdm - ok
18:31:58.0997 3860 Steam Client Service - ok
18:31:58.0999 3860 [ F3817967ED533D08327DC73BC4D5542A ] stexstor O:\Windows\system32\drivers\stexstor.sys
18:31:59.0000 3860 stexstor - ok
18:31:59.0004 3860 [ DECACB6921DED1A38642642685D77DAC ] StillCam O:\Windows\system32\DRIVERS\serscan.sys
18:31:59.0007 3860 StillCam - ok
18:31:59.0019 3860 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc O:\Windows\System32\wiaservc.dll
18:31:59.0024 3860 stisvc - ok
18:31:59.0026 3860 [ 7785DC213270D2FC066538DAF94087E7 ] storflt O:\Windows\system32\drivers\vmstorfl.sys
18:31:59.0027 3860 storflt - ok
18:31:59.0029 3860 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc O:\Windows\system32\drivers\storvsc.sys
18:31:59.0030 3860 storvsc - ok
18:31:59.0031 3860 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum O:\Windows\system32\DRIVERS\swenum.sys
18:31:59.0032 3860 swenum - ok
18:31:59.0039 3860 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard O:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:31:59.0042 3860 SwitchBoard - ok
18:31:59.0047 3860 [ E08E46FDD841B7184194011CA1955A0B ] swprv O:\Windows\System32\swprv.dll
18:31:59.0052 3860 swprv - ok
18:31:59.0057 3860 [ 8B2430762099598DA40686F754632EFD ] SymDS O:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS
18:31:59.0060 3860 SymDS - ok
18:31:59.0069 3860 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA O:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS
18:31:59.0076 3860 SymEFA - ok
18:31:59.0080 3860 [ 894579207E39C465737E850A252CE4F2 ] SymEvent O:\Windows\system32\Drivers\SYMEVENT64x86.SYS
18:31:59.0081 3860 SymEvent - ok
18:31:59.0087 3860 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON O:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS
18:31:59.0088 3860 SymIRON - ok
18:31:59.0098 3860 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS O:\Windows\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS
18:31:59.0099 3860 SymNetS - ok
18:31:59.0102 3860 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc O:\Windows\system32\drivers\synth3dvsc.sys
18:31:59.0103 3860 Synth3dVsc - ok
18:31:59.0106 3860 [ 1F1D1BCC1B746DE700E3E21D758262A7 ] SysCow O:\Windows\system32\drivers\syscowad64v.sys
18:31:59.0108 3860 SysCow - ok
18:31:59.0120 3860 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain O:\Windows\system32\sysmain.dll
18:31:59.0131 3860 SysMain - ok
18:31:59.0133 3860 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService O:\Windows\System32\TabSvc.dll
18:31:59.0135 3860 TabletInputService - ok
18:31:59.0139 3860 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv O:\Windows\System32\tapisrv.dll
18:31:59.0142 3860 TapiSrv - ok
18:31:59.0145 3860 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS O:\Windows\System32\tbssvc.dll
18:31:59.0146 3860 TBS - ok
18:31:59.0175 3860 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip O:\Windows\system32\drivers\tcpip.sys
18:31:59.0187 3860 Tcpip - ok
18:31:59.0201 3860 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 O:\Windows\system32\DRIVERS\tcpip.sys
18:31:59.0206 3860 TCPIP6 - ok
18:31:59.0209 3860 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg O:\Windows\system32\drivers\tcpipreg.sys
18:31:59.0210 3860 tcpipreg - ok
18:31:59.0214 3860 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE O:\Windows\system32\drivers\tdpipe.sys
18:31:59.0215 3860 TDPIPE - ok
18:31:59.0235 3860 [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273 O:\Windows\system32\DRIVERS\tdrpm273.sys
18:31:59.0244 3860 tdrpman273 - ok
18:31:59.0246 3860 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP O:\Windows\system32\drivers\tdtcp.sys
18:31:59.0247 3860 TDTCP - ok
18:31:59.0249 3860 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx O:\Windows\system32\DRIVERS\tdx.sys
18:31:59.0251 3860 tdx - ok
18:31:59.0253 3860 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD O:\Windows\system32\DRIVERS\termdd.sys
18:31:59.0253 3860 TermDD - ok
18:31:59.0255 3860 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt O:\Windows\system32\drivers\terminpt.sys
18:31:59.0256 3860 terminpt - ok
18:31:59.0262 3860 [ 2E648163254233755035B46DD7B89123 ] TermService O:\Windows\System32\termsrv.dll
18:31:59.0267 3860 TermService - ok
18:31:59.0269 3860 [ F0344071948D1A1FA732231785A0664C ] Themes O:\Windows\system32\themeservice.dll
18:31:59.0271 3860 Themes - ok
18:31:59.0273 3860 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER O:\Windows\system32\mmcss.dll
18:31:59.0273 3860 THREADORDER - ok
18:31:59.0281 3860 [ EBBAEA02F0095A798000C7E06B16D41B ] timounter O:\Windows\system32\DRIVERS\timntr.sys
18:31:59.0288 3860 timounter - ok
18:31:59.0290 3860 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks O:\Windows\System32\trkwks.dll
18:31:59.0292 3860 TrkWks - ok
18:31:59.0298 3860 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller O:\Windows\servicing\TrustedInstaller.exe
18:31:59.0300 3860 TrustedInstaller - ok
18:31:59.0303 3860 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv O:\Windows\system32\DRIVERS\tssecsrv.sys
18:31:59.0305 3860 tssecsrv - ok
18:31:59.0308 3860 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt O:\Windows\system32\drivers\tsusbflt.sys
18:31:59.0310 3860 TsUsbFlt - ok
18:31:59.0312 3860 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD O:\Windows\system32\drivers\TsUsbGD.sys
18:31:59.0313 3860 TsUsbGD - ok
18:31:59.0316 3860 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub O:\Windows\system32\drivers\tsusbhub.sys
18:31:59.0317 3860 tsusbhub - ok
18:31:59.0319 3860 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel O:\Windows\system32\DRIVERS\tunnel.sys
18:31:59.0321 3860 tunnel - ok
18:31:59.0323 3860 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 O:\Windows\system32\drivers\uagp35.sys
18:31:59.0324 3860 uagp35 - ok
18:31:59.0328 3860 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs O:\Windows\system32\DRIVERS\udfs.sys
18:31:59.0330 3860 udfs - ok
18:31:59.0334 3860 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect O:\Windows\system32\UI0Detect.exe
18:31:59.0336 3860 UI0Detect - ok
18:31:59.0338 3860 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx O:\Windows\system32\drivers\uliagpkx.sys
18:31:59.0339 3860 uliagpkx - ok
18:31:59.0341 3860 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus O:\Windows\system32\DRIVERS\umbus.sys
18:31:59.0341 3860 umbus - ok
18:31:59.0343 3860 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass O:\Windows\system32\DRIVERS\umpass.sys
18:31:59.0343 3860 UmPass - ok
18:31:59.0347 3860 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService O:\Windows\System32\umrdp.dll
18:31:59.0349 3860 UmRdpService - ok
18:31:59.0354 3860 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost O:\Windows\System32\upnphost.dll
18:31:59.0357 3860 upnphost - ok
18:31:59.0359 3860 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 O:\Windows\system32\Drivers\usbaapl64.sys
18:31:59.0360 3860 USBAAPL64 - ok
18:31:59.0363 3860 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp O:\Windows\system32\DRIVERS\usbccgp.sys
18:31:59.0364 3860 usbccgp - ok
18:31:59.0367 3860 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir O:\Windows\system32\DRIVERS\usbcir.sys
18:31:59.0368 3860 usbcir - ok
18:31:59.0370 3860 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci O:\Windows\system32\DRIVERS\usbehci.sys
18:31:59.0371 3860 usbehci - ok
18:31:59.0379 3860 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub O:\Windows\system32\DRIVERS\usbhub.sys
18:31:59.0382 3860 usbhub - ok
18:31:59.0385 3860 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci O:\Windows\system32\drivers\usbohci.sys
18:31:59.0387 3860 usbohci - ok
18:31:59.0390 3860 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint O:\Windows\system32\drivers\usbprint.sys
18:31:59.0393 3860 usbprint - ok
18:31:59.0395 3860 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR O:\Windows\system32\DRIVERS\USBSTOR.SYS
18:31:59.0397 3860 USBSTOR - ok
18:31:59.0399 3860 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci O:\Windows\system32\DRIVERS\usbuhci.sys
18:31:59.0399 3860 usbuhci - ok
18:31:59.0401 3860 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms O:\Windows\System32\uxsms.dll
18:31:59.0402 3860 UxSms - ok
18:31:59.0404 3860 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc O:\Windows\system32\lsass.exe
18:31:59.0405 3860 VaultSvc - ok
18:31:59.0406 3860 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot O:\Windows\system32\drivers\vdrvroot.sys
18:31:59.0407 3860 vdrvroot - ok
18:31:59.0412 3860 [ 8D6B481601D01A456E75C3210F1830BE ] vds O:\Windows\System32\vds.exe
18:31:59.0417 3860 vds - ok
18:31:59.0419 3860 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga O:\Windows\system32\DRIVERS\vgapnp.sys
18:31:59.0420 3860 vga - ok
18:31:59.0421 3860 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave O:\Windows\System32\drivers\vga.sys
18:31:59.0422 3860 VgaSave - ok
18:31:59.0423 3860 VGPU - ok
18:31:59.0427 3860 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp O:\Windows\system32\drivers\vhdmp.sys
18:31:59.0429 3860 vhdmp - ok
18:31:59.0430 3860 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide O:\Windows\system32\drivers\viaide.sys
18:31:59.0431 3860 viaide - ok
18:31:59.0433 3860 [ 3B59BB6D10CF969DBE4DB93D9EAD7FB4 ] VKbms O:\Windows\system32\DRIVERS\VKbms.sys
18:31:59.0434 3860 VKbms - ok
18:31:59.0438 3860 [ 16073F2BC424558EBD277A15188D329E ] VMAuthdService O:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
18:31:59.0438 3860 VMAuthdService - ok
18:31:59.0444 3860 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus O:\Windows\system32\drivers\vmbus.sys
18:31:59.0448 3860 vmbus - ok
18:31:59.0452 3860 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID O:\Windows\system32\drivers\VMBusHID.sys
18:31:59.0454 3860 VMBusHID - ok
18:31:59.0459 3860 [ 87FC1DD880E8CAC4FAEBB84AF61A87C4 ] vmci O:\Windows\system32\DRIVERS\vmci.sys
18:31:59.0461 3860 vmci - ok
18:31:59.0463 3860 [ B259C31378BC855AFD1B53F59311C251 ] VMnetAdapter O:\Windows\system32\DRIVERS\vmnetadapter.sys
18:31:59.0464 3860 VMnetAdapter - ok
18:31:59.0466 3860 [ DEC4CE720FFEDA939CF1BA315CFBD993 ] VMnetBridge O:\Windows\system32\DRIVERS\vmnetbridge.sys
18:31:59.0466 3860 VMnetBridge - ok
18:31:59.0468 3860 VMnetDHCP - ok
18:31:59.0470 3860 [ 6B17D7FAD2D61D5A2C2B6D3EA25BDCA8 ] VMnetuserif O:\Windows\system32\drivers\vmnetuserif.sys
18:31:59.0470 3860 VMnetuserif - ok
18:31:59.0472 3860 [ 415B167695C4B5960A13098622EF3D80 ] vmusb O:\Windows\system32\Drivers\vmusb.sys
18:31:59.0473 3860 vmusb - ok
18:31:59.0481 3860 [ 18903CA7936912C337C9D28858880CF2 ] VMUSBArbService O:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
18:31:59.0486 3860 VMUSBArbService - ok
18:31:59.0488 3860 VMware NAT Service - ok
18:31:59.0583 3860 [ D580C4EDC87A6AC6C2E0607CCFA685F4 ] VMwareHostd O:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
18:31:59.0657 3860 VMwareHostd - ok
18:31:59.0661 3860 [ E2A591ECC4525EB0B05C65A9B24CF05E ] vmx86 O:\Windows\system32\drivers\vmx86.sys
18:31:59.0661 3860 vmx86 - ok
18:31:59.0663 3860 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr O:\Windows\system32\drivers\volmgr.sys
18:31:59.0664 3860 volmgr - ok
18:31:59.0668 3860 [ A255814907C89BE58B79EF2F189B843B ] volmgrx O:\Windows\system32\drivers\volmgrx.sys
18:31:59.0671 3860 volmgrx - ok
18:31:59.0674 3860 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap O:\Windows\system32\drivers\volsnap.sys
18:31:59.0677 3860 volsnap - ok
18:31:59.0679 3860 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid O:\Windows\system32\drivers\vsmraid.sys
18:31:59.0681 3860 vsmraid - ok
18:31:59.0693 3860 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS O:\Windows\system32\vssvc.exe
18:31:59.0704 3860 VSS - ok
18:31:59.0749 3860 [ 6107E33A30C0B923F31C872E1980D2D1 ] vstor2-mntapi10-shared O:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
18:31:59.0750 3860 vstor2-mntapi10-shared - ok
18:31:59.0752 3860 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus O:\Windows\system32\DRIVERS\vwifibus.sys
18:31:59.0753 3860 vwifibus - ok
18:31:59.0755 3860 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt O:\Windows\system32\DRIVERS\vwififlt.sys
18:31:59.0756 3860 vwififlt - ok
18:31:59.0758 3860 [ 2319394C6F3DD7C4F63F20F105E3F71D ] vzandnetadb O:\Windows\system32\Drivers\lgvzandnetadb.sys
18:31:59.0759 3860 vzandnetadb - ok
18:31:59.0761 3860 [ C27D4AE7688A2E3F7795E09D779CC233 ] vzandnetdiag O:\Windows\system32\DRIVERS\lgvzandnetdiag64.sys
18:31:59.0762 3860 vzandnetdiag - ok
18:31:59.0763 3860 [ 00AD3C96FE7B908DE038B74C8EBB5007 ] vzandnetdiag2 O:\Windows\system32\DRIVERS\lgvzandnetdiag264.sys
18:31:59.0764 3860 vzandnetdiag2 - ok
18:31:59.0766 3860 [ 71816DBD1C4AC464CCAE97D1E769153F ] vzandnetmodem O:\Windows\system32\DRIVERS\lgvzandnetmdm64.sys
18:31:59.0767 3860 vzandnetmodem - ok
18:31:59.0770 3860 [ 447548EEDB55B84842892F9F68D0AC2F ] vzandnetndis O:\Windows\system32\DRIVERS\lgvzandnetndis64.sys
18:31:59.0771 3860 vzandnetndis - ok
18:31:59.0775 3860 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time O:\Windows\system32\w32time.dll
18:31:59.0779 3860 W32Time - ok
18:31:59.0782 3860 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen O:\Windows\system32\drivers\wacompen.sys
18:31:59.0783 3860 WacomPen - ok
18:31:59.0785 3860 [ 356AFD78A6ED4457169241AC3965230C ] WANARP O:\Windows\system32\DRIVERS\wanarp.sys
18:31:59.0786 3860 WANARP - ok
18:31:59.0788 3860 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 O:\Windows\system32\DRIVERS\wanarp.sys
18:31:59.0789 3860 Wanarpv6 - ok
18:31:59.0812 3860 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc O:\Windows\system32\Wat\WatAdminSvc.exe
18:31:59.0821 3860 WatAdminSvc - ok
18:31:59.0833 3860 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine O:\Windows\system32\wbengine.exe
18:31:59.0843 3860 wbengine - ok
18:31:59.0847 3860 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc O:\Windows\System32\wbiosrvc.dll
18:31:59.0849 3860 WbioSrvc - ok
18:31:59.0854 3860 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc O:\Windows\System32\wcncsvc.dll
18:31:59.0857 3860 wcncsvc - ok
18:31:59.0861 3860 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService O:\Windows\System32\WcsPlugInService.dll
18:31:59.0864 3860 WcsPlugInService - ok
18:31:59.0867 3860 [ 72889E16FF12BA0F235467D6091B17DC ] Wd O:\Windows\system32\drivers\wd.sys
18:31:59.0868 3860 Wd - ok
18:31:59.0879 3860 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 O:\Windows\system32\drivers\Wdf01000.sys
18:31:59.0883 3860 Wdf01000 - ok
18:31:59.0885 3860 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost O:\Windows\system32\wdi.dll
18:31:59.0887 3860 WdiServiceHost - ok
18:31:59.0888 3860 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost O:\Windows\system32\wdi.dll
18:31:59.0890 3860 WdiSystemHost - ok
18:31:59.0893 3860 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient O:\Windows\System32\webclnt.dll
18:31:59.0896 3860 WebClient - ok
18:31:59.0899 3860 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc O:\Windows\system32\wecsvc.dll
18:31:59.0902 3860 Wecsvc - ok
18:31:59.0904 3860 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport O:\Windows\System32\wercplsupport.dll
18:31:59.0906 3860 wercplsupport - ok
18:31:59.0908 3860 [ 6D137963730144698CBD10F202E9F251 ] WerSvc O:\Windows\System32\WerSvc.dll
18:31:59.0909 3860 WerSvc - ok
18:31:59.0911 3860 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf O:\Windows\system32\DRIVERS\wfplwf.sys
18:31:59.0912 3860 WfpLwf - ok
18:31:59.0914 3860 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount O:\Windows\system32\drivers\wimmount.sys
18:31:59.0914 3860 WIMMount - ok
18:31:59.0916 3860 WinDefend - ok
18:31:59.0919 3860 WinHttpAutoProxySvc - ok
18:31:59.0925 3860 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt O:\Windows\system32\wbem\WMIsvc.dll
18:31:59.0927 3860 Winmgmt - ok
18:31:59.0959 3860 [ BCB1310604AA415C4508708975B3931E ] WinRM O:\Windows\system32\WsmSvc.dll
18:31:59.0973 3860 WinRM - ok
18:31:59.0976 3860 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb O:\Windows\system32\DRIVERS\WinUsb.sys
18:31:59.0978 3860 WinUsb - ok
18:31:59.0985 3860 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc O:\Windows\System32\wlansvc.dll
18:31:59.0991 3860 Wlansvc - ok
18:32:00.0024 3860 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc O:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:32:00.0038 3860 wlidsvc - ok
18:32:00.0040 3860 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi O:\Windows\system32\DRIVERS\wmiacpi.sys
18:32:00.0041 3860 WmiAcpi - ok
18:32:00.0045 3860 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv O:\Windows\system32\wbem\WmiApSrv.exe
18:32:00.0045 3860 wmiApSrv - ok
18:32:00.0047 3860 WMPNetworkSvc - ok
18:32:00.0049 3860 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc O:\Windows\System32\wpcsvc.dll
18:32:00.0050 3860 WPCSvc - ok
18:32:00.0054 3860 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum O:\Windows\system32\wpdbusenum.dll
18:32:00.0056 3860 WPDBusEnum - ok
18:32:00.0059 3860 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl O:\Windows\system32\drivers\ws2ifsl.sys
18:32:00.0060 3860 ws2ifsl - ok
18:32:00.0064 3860 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc O:\Windows\System32\wscsvc.dll
18:32:00.0067 3860 wscsvc - ok
18:32:00.0068 3860 WSearch - ok
18:32:00.0087 3860 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv O:\Windows\system32\wuaueng.dll
18:32:00.0102 3860 wuauserv - ok
18:32:00.0105 3860 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf O:\Windows\system32\drivers\WudfPf.sys
18:32:00.0106 3860 WudfPf - ok
18:32:00.0109 3860 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd O:\Windows\system32\DRIVERS\WUDFRd.sys
18:32:00.0111 3860 WUDFRd - ok
18:32:00.0113 3860 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc O:\Windows\System32\WUDFSvc.dll
18:32:00.0114 3860 wudfsvc - ok
18:32:00.0119 3860 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc O:\Windows\System32\wwansvc.dll
18:32:00.0123 3860 WwanSvc - ok
18:32:00.0129 3860 [ 6CAF33678521EB2AE97FE808F19E25CA ] xcbdaNtscV O:\Windows\system32\DRIVERS\xcbdaVx64.sys
18:32:00.0131 3860 xcbdaNtscV - ok
18:32:00.0138 3860 ================ Scan global ===============================
18:32:00.0139 3860 [ BA0CD8C393E8C9F83354106093832C7B ] O:\Windows\system32\basesrv.dll
18:32:00.0143 3860 [ EB6A48CC998E1090E44E8E7F1009A640 ] O:\Windows\system32\winsrv.dll
18:32:00.0148 3860 [ EB6A48CC998E1090E44E8E7F1009A640 ] O:\Windows\system32\winsrv.dll
18:32:00.0151 3860 [ D6160F9D869BA3AF0B787F971DB56368 ] O:\Windows\system32\sxssrv.dll
18:32:00.0155 3860 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] O:\Windows\system32\services.exe
18:32:00.0158 3860 [Global] - ok
18:32:00.0158 3860 ================ Scan MBR ==================================
18:32:00.0159 3860 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:32:00.0162 3860 \Device\Harddisk0\DR0 - ok
18:32:00.0175 3860 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
18:32:01.0752 3860 \Device\Harddisk1\DR1 - ok
18:32:01.0754 3860 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
18:32:01.0755 3860 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - infected
18:32:01.0755 3860 \Device\Harddisk2\DR2 - detected Rootkit.Boot.Pihar.c (0)
18:32:01.0759 3860 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR5
18:32:01.0765 3860 \Device\Harddisk5\DR5 - ok
18:32:01.0769 3860 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk8\DR8
18:32:02.0158 3860 \Device\Harddisk8\DR8 - ok
18:32:02.0159 3860 ================ Scan VBR ==================================
18:32:02.0182 3860 [ FF1EB44F7B69C8957160C558DD6001EA ] \Device\Harddisk1\DR1\Partition1
18:32:02.0182 3860 \Device\Harddisk1\DR1\Partition1 - ok
18:32:02.0184 3860 [ 691F7A47179311C8EC68012A01140BC8 ] \Device\Harddisk1\DR1\Partition2
18:32:02.0184 3860 \Device\Harddisk1\DR1\Partition2 - ok
18:32:02.0186 3860 [ 7F364C0F3400D5C37F21AFC129B10A5A ] \Device\Harddisk2\DR2\Partition1
18:32:02.0190 3860 \Device\Harddisk2\DR2\Partition1 - ok
18:32:02.0192 3860 [ A33500A0924332DC746571A7D2802942 ] \Device\Harddisk5\DR5\Partition1
18:32:02.0193 3860 \Device\Harddisk5\DR5\Partition1 - ok
18:32:02.0195 3860 [ 61C2FB82CB4440D8367CAF5CE14A5A89 ] \Device\Harddisk8\DR8\Partition1
18:32:02.0196 3860 \Device\Harddisk8\DR8\Partition1 - ok
18:32:02.0196 3860 ============================================================
18:32:02.0196 3860 Scan finished
18:32:02.0196 3860 ============================================================
18:32:02.0200 6164 Detected object count: 1
18:32:02.0201 6164 Actual detected object count: 1
18:32:46.0025 6164 \Device\Harddisk2\DR2\# - copied to quarantine
18:32:46.0025 6164 \Device\Harddisk2\DR2 - copied to quarantine
18:32:46.0079 6164 \Device\Harddisk2\DR2\TDLFS\cmd.dll - copied to quarantine
18:32:46.0081 6164 \Device\Harddisk2\DR2\TDLFS\cmd64.dll - copied to quarantine
18:32:46.0085 6164 \Device\Harddisk2\DR2\TDLFS\sub.dll - copied to quarantine
18:32:46.0092 6164 \Device\Harddisk2\DR2\TDLFS\subx.dll - copied to quarantine
18:32:46.0122 6164 \Device\Harddisk2\DR2\TDLFS\drv32 - copied to quarantine
18:32:46.0130 6164 \Device\Harddisk2\DR2\TDLFS\drv64 - copied to quarantine
18:32:46.0131 6164 \Device\Harddisk2\DR2\TDLFS\servers.dat - copied to quarantine
18:32:46.0132 6164 \Device\Harddisk2\DR2\TDLFS\config.ini - copied to quarantine
18:32:46.0134 6164 \Device\Harddisk2\DR2\TDLFS\ldr16 - copied to quarantine
18:32:46.0141 6164 \Device\Harddisk2\DR2\TDLFS\ldr32 - copied to quarantine
18:32:46.0150 6164 \Device\Harddisk2\DR2\TDLFS\ldr64 - copied to quarantine
18:32:46.0153 6164 \Device\Harddisk2\DR2\TDLFS\s - copied to quarantine
18:32:46.0157 6164 \Device\Harddisk2\DR2\TDLFS\ldrm - copied to quarantine
18:32:46.0159 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:32:46.0162 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:32:46.0166 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:32:46.0170 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:32:46.0173 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:32:46.0182 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:32:46.0190 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:32:46.0199 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:32:46.0203 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:32:46.0207 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:32:46.0210 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:32:46.0219 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:32:46.0227 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:32:46.0235 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:32:46.0238 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:32:46.0242 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:32:46.0245 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:32:46.0249 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:32:46.0252 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:32:46.0256 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:32:46.0256 6164 \Device\Harddisk2\DR2 - processing error
18:32:50.0581 6164 \Device\Harddisk2\DR2 - will be restored on reboot
18:32:50.0958 6164 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - User select action: Cure Restore
18:32:52.0087 6344 Deinitialize success

Attached Files


Edited by xxdmxx, 15 September 2012 - 02:22 AM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 PM

Posted 15 September 2012 - 07:57 AM

That was good. Now lets continue.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the logs for my review. Let me know what problem persists.

#8 xxdmxx

xxdmxx
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 15 September 2012 - 03:01 PM

checkup:
Results of screen317's Security Check version 0.99.50
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 31
Java 7 Update 7
Adobe Flash Player 10 Flash Player out of Date!
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Acronis OnlineBackupStandalone TrueImageMonitor.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive O:
````````````````````End of Log``````````````````````


AdwCleaner:

# AdwCleaner v2.001 - Logfile created 09/15/2012 at 12:57:55
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : John - JOHN-PC
# Boot Mode : Normal
# Running from : O:\Users\John\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : O:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8z2hj5sn.default\prefs.js

O:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8z2hj5sn.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : O:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1039 octets] - [15/09/2012 12:57:43]
AdwCleaner[S1].txt - [1420 octets] - [15/09/2012 12:57:55]

########## EOF - O:\AdwCleaner[S1].txt - [1480 octets] ##########

Attached Files



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 PM

Posted 16 September 2012 - 07:46 AM

Remove this old version of Java™ 6 Update 31 using the Add/Remove Programs applet.

===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Any remaining issues?

#10 xxdmxx

xxdmxx
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 18 September 2012 - 02:25 AM

I removed the old version of Java 6 Update 31 and updated Flash Player. I am getting some Google redirects, but they aren't going to where they were going before. I'm assuming the Rootkit causes Google redirects because I wasn't getting any virus detected besides the Rootkit.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 PM

Posted 18 September 2012 - 07:33 AM

Execute this.

Click the Posted Image button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
<<<>>>

If still no joy your router may be corrupted.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html


How To Set Up a Network Router
http://compnetworking.about.com/od/homenetworking/ht/routerconfigure.htm

Keep me posted.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 PM

Posted 24 September 2012 - 08:47 AM

Are you still with me?


If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users