Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trouble removing click.gethotresults.com redirect browser virus


  • This topic is locked This topic is locked
23 replies to this topic

#1 nllanos

nllanos

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 15 September 2012 - 08:36 PM

Hello,

This is my first post to this forum after a few days of trying to remove this click.gethotresults.com redirecting malware myself. I've looked through many peoples posts, but none have seemed as thorough as the one created by AKMoose on 9/13, I was hoping to maybe have the same type of analysis on my system. There is a log from SpyHunter attached for your convenience...

Thanks in advance, and please let me know if I can provide further information or help.

Nick

Edited by nllanos, 16 September 2012 - 12:57 AM.


BC AdBot (Login to Remove)

 


#2 nllanos

nllanos
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 15 September 2012 - 08:38 PM

2nd half of logs not able to attach because of upload size limit. =(

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 15 September 2012 - 09:12 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 nllanos

nllanos
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 16 September 2012 - 12:57 AM

Results of screen317's Security Check version 0.99.50
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spykee
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 22
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.271 Flash Player out of Date!
Adobe Reader X (10.1.4)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by nllanos at 22:52:39 on 2012-09-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6045.3289 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\windows\system32\lxddcoms.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\windows\system32\svchost.exe -k WindowsMobile
C:\Users\nllanos\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\nllanos\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\nllanos\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Update\Install\{6A8DA504-3BCD-4BD3-8F48-07DD39CF12FC}\GoogleEarth-Win-Bundle-6.2.2.6613.exe
C:\Program Files (x86)\Google\Update\Install\{5A7EC6F1-E52C-4650-B777-1298EE6DF9B2}\GoogleEarth-Win-Bundle-6.2.2.6613.exe
C:\Program Files (x86)\Google\Update\Install\{D8532BE9-32B4-4783-9595-2050F3D7CBEB}\GoogleEarth-Win-Bundle-6.2.2.6613.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Update\Install\{E5CEF04C-E89B-4572-96A3-081377352039}\GoogleEarth-Win-Bundle-6.2.2.6613.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\Install\{983A4769-381C-4EC1-A9A2-F051E503C52A}\GoogleEarth-Win-Bundle-6.2.2.6613.exe
C:\Users\nllanos\Downloads\SecurityCheck.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k defragsvc
C:\windows\SysWOW64\notepad.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
uInternet Settings,ProxyOverride = 192.168.100.1;192.168.100.100;192.168.100.2;*.local;<local>
uInternet Settings,ProxyServer = proxy01.atlascopco.de:8085
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Best Buy pc app] C:\Users\nllanos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\nllanos\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{B6CDB488-AF96-4790-A12D-2539CE3AB0A2} : DhcpNameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{B6CDB488-AF96-4790-A12D-2539CE3AB0A2}\35771697A756 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B6CDB488-AF96-4790-A12D-2539CE3AB0A2}\D405949333033303 : DhcpNameServer = 172.16.1.2 192.168.1.26 192.168.1.10
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120905.001\BHDrvx64.sys [2012-8-31 1385120]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys --> C:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120914.001\IDSviA64.sys [2012-9-14 513184]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-9 136176]
R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\System32\irstrtsv.exe [2012-1-9 184320]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-7-21 212944]
R2 lxdd_device;lxdd_device;C:\windows\system32\lxddcoms.exe -service --> C:\windows\system32\lxddcoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-13 399432]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe [2012-8-14 138272]
R2 risdxc;risdxc;C:\windows\system32\DRIVERS\risdxc64.sys --> C:\windows\system32\DRIVERS\risdxc64.sys [?]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-8-21 1019328]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-9 2656536]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\windows\system32\DRIVERS\e1c62x64.sys --> C:\windows\system32\DRIVERS\e1c62x64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-12 138912]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\windows\system32\DRIVERS\iwdbus.sys --> C:\windows\system32\DRIVERS\iwdbus.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxddserv.exe [2007-5-25 34224]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-13 676936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-12 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-9 136176]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\system32\drivers\intelaud.sys --> C:\windows\system32\drivers\intelaud.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-6-1 340240]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-13 19:42:42 -------- d-----w- C:\Users\nllanos\AppData\Roaming\Malwarebytes
2012-09-13 19:40:43 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-13 19:40:40 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-09-13 19:40:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-12 12:44:42 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-09-12 12:44:42 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-09-12 12:44:42 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2012-09-12 12:44:42 41472 ----a-w- C:\windows\System32\drivers\rndismpx.sys
2012-09-12 12:44:42 41472 ----a-w- C:\windows\System32\drivers\RNDISMP.sys
2012-09-12 12:44:41 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-09-12 12:44:41 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 12:44:41 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-09-05 01:49:14 110080 ----a-r- C:\Users\nllanos\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconF7A21AF7.exe
2012-09-05 01:49:14 110080 ----a-r- C:\Users\nllanos\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconD7F16134.exe
2012-09-05 01:49:14 110080 ----a-r- C:\Users\nllanos\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\Icon1226A4C5.exe
2012-09-05 01:49:13 -------- d-----w- C:\sh4ldr
2012-09-05 01:49:13 -------- d-----w- C:\Program Files\Enigma Software Group
2012-09-05 01:49:00 -------- d-----w- C:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-05 01:48:58 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-08-18 17:34:10 -------- d-----w- C:\Users\nllanos\AppData\Local\{60D5B7A2-EEB6-40DC-84CB-581D08F28445}
.
==================== Find3M ====================
.
2012-08-16 12:28:48 212385 ----a-w- C:\ProgramData\SPL62E6.tmp
2012-08-15 05:29:18 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 05:29:18 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 04:11:34 212385 ----a-w- C:\ProgramData\SPL23D5.tmp
2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-06 20:07:42 552960 ----a-w- C:\windows\System32\drivers\bthport.sys
2012-07-06 02:17:58 37536 ----a-w- C:\windows\System32\drivers\NISx64\1308000.00E\srtspx64.sys
2012-07-06 02:17:57 737952 ----a-w- C:\windows\System32\drivers\NISx64\1308000.00E\srtsp64.sys
2012-07-04 22:13:27 59392 ----a-w- C:\windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
.
============= FINISH: 22:53:11.58 ===============

Attached Files


Edited by nllanos, 16 September 2012 - 12:58 AM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 16 September 2012 - 07:32 AM

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 nllanos

nllanos
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 16 September 2012 - 11:58 AM

# AdwCleaner v2.001 - Logfile created 09/16/2012 at 09:53:53
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : nllanos - NLLANOS-PC
# Boot Mode : Normal
# Running from : C:\Users\nllanos\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\nllanos\AppData\Local\Conduit
Folder Deleted : C:\Users\nllanos\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\nllanos\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1589 octets] - [16/09/2012 09:53:53]

########## EOF - C:\AdwCleaner[S1].txt - [1649 octets] ##########



RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : nllanos [Admin rights]
Mode : Remove -- Date : 09/16/2012 09:57:03

Bad processes : 0

Registry Entries : 9
[RUN][SUSP PATH] HKCU\[...]\Run : Best Buy pc app (C:\Users\nllanos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms) -> DELETED
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy01.atlascopco.de:8085) -> NOT REMOVED, USE PROXYFIX
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [NOT LOADED]

Infection :

HOSTS File:
--> C:\windows\system32\drivers\etc\hosts

#7 nllanos

nllanos
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 16 September 2012 - 12:04 PM

still having the redirect issue btw

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 16 September 2012 - 12:09 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 nllanos

nllanos
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 16 September 2012 - 08:39 PM

still having the redirect issue through click.gethotresults.com. this time it took 3 searches on google before i was redirected through the gethotresults site.




ComboFix 12-09-15.02 - nllanos 09/16/2012 17:38:22.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6045.4681 [GMT -7:00]
Running from: c:\users\nllanos\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-- Previous Run --
.
c:\windows\system32\drivers\Serial.sys was missing
Restored copy from - c:\windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))))
.
.
2012-09-17 00:50 . 2012-09-17 00:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-16 19:01 . 2009-07-14 00:00 94208 ----a-w- c:\windows\system32\drivers\Serial.sys
2012-09-16 05:59 . 2012-09-16 05:59 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-16 05:59 . 2012-09-16 05:59 -------- d-----w- c:\programdata\McAfee
2012-09-13 19:42 . 2012-09-13 19:42 -------- d-----w- c:\users\nllanos\AppData\Roaming\Malwarebytes
2012-09-13 19:40 . 2012-09-13 19:40 -------- d-----w- c:\programdata\Malwarebytes
2012-09-13 19:40 . 2012-09-08 00:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 19:40 . 2012-09-13 19:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-12 12:44 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 12:44 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 12:44 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 12:44 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2012-09-12 12:44 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 12:44 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 12:44 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 12:44 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-05 01:49 . 2012-09-05 01:49 110080 ----a-r- c:\users\nllanos\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconF7A21AF7.exe
2012-09-05 01:49 . 2012-09-05 01:49 110080 ----a-r- c:\users\nllanos\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconD7F16134.exe
2012-09-05 01:49 . 2012-09-05 01:49 110080 ----a-r- c:\users\nllanos\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\Icon1226A4C5.exe
2012-09-05 01:49 . 2012-09-05 02:06 -------- d-----w- c:\program files\Enigma Software Group
2012-09-05 01:49 . 2012-09-05 01:49 -------- d-----w- C:\sh4ldr
2012-09-05 01:49 . 2012-09-05 01:49 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-05 01:48 . 2012-09-05 02:05 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-16 05:59 . 2011-09-21 01:08 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-12 13:10 . 2012-01-10 06:12 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-15 05:29 . 2012-08-13 01:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 05:29 . 2011-09-21 01:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 18:15 . 2012-08-16 04:07 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-16 05:01 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-06 02:17 . 2012-08-15 04:20 37536 ----a-w- c:\windows\system32\drivers\NISx64\1308000.00E\srtspx64.sys
2012-07-06 02:17 . 2012-08-15 04:20 737952 ----a-w- c:\windows\system32\drivers\NISx64\1308000.00E\srtsp64.sys
2012-07-04 22:16 . 2012-08-16 04:07 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-16 04:07 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-16 04:07 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-16 04:07 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-16 05:00 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-16 05:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-16 05:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-16 05:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-16 05:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-16 05:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-16 05:00 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-16 05:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-16 05:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-16 05:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-16 05:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-16 05:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-16 05:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-16 05:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-16 05:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-16 05:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-16 05:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-16 05:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-16 05:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-10 136176]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe [2007-05-25 34224]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 ALSysIO;ALSysIO;c:\users\nllanos\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-29 52584]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-03 13088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-10 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-01 340240]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-10 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2011-07-26 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120905.001\BHDrvx64.sys [2012-08-31 1385120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120914.001\IDSvia64.sys [2012-09-01 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 irstrtsv;Intel® Rapid Start Technology Service;c:\windows\system32\irstrtsv.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-07-21 212944]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 567216]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-26 101888]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-12-01 358576]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-13 138912]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-07-28 92672]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-07-28 209408]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-13 05:29]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-10 03:01]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-10 03:01]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190050894-1442018703-1282903292-1001Core.job
- c:\users\nllanos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-17 21:45]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190050894-1442018703-1282903292-1001UA.job
- c:\users\nllanos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-17 21:45]
.
2012-09-16 c:\windows\Tasks\Vucxpp.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-09 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"lxddmon.exe"="c:\program files (x86)\Lexmark 2500 Series\lxddmon.exe" [2009-04-27 291496]
"lxddamon"="c:\program files (x86)\Lexmark 2500 Series\lxddamon.exe" [2009-04-27 25256]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"EPSON Stylus Photo 2200"="c:\windows\system32\spool\DRIVERS\x64\3\E_S10IC2.EXE" [2003-05-27 99840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.100.1;192.168.100.100;192.168.100.2;*.local;<local>
uInternet Settings,ProxyServer = proxy01.atlascopco.de:8085
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 4.2.2.2
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
SafeBoot-68183819.sys
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TOSHIBA Face Recognition - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-16 18:14:22
ComboFix-quarantined-files.txt 2012-09-17 01:14
.
Pre-Run: 29,057,859,584 bytes free
Post-Run: 28,909,182,976 bytes free
.
- - End Of File - - 5E8DEBDFDBB0D34248CDDC2FAF856513

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 16 September 2012 - 09:20 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 nllanos

nllanos
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 16 September 2012 - 11:32 PM

20:06:49.0979 0788 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:06:50.0631 0788 ============================================================
20:06:50.0631 0788 Current date / time: 2012/09/16 20:06:50.0631
20:06:50.0631 0788 SystemInfo:
20:06:50.0631 0788
20:06:50.0631 0788 OS Version: 6.1.7601 ServicePack: 1.0
20:06:50.0631 0788 Product type: Workstation
20:06:50.0631 0788 ComputerName: NLLANOS-PC
20:06:50.0631 0788 UserName: nllanos
20:06:50.0631 0788 Windows directory: C:\windows
20:06:50.0631 0788 System windows directory: C:\windows
20:06:50.0631 0788 Running under WOW64
20:06:50.0631 0788 Processor architecture: Intel x64
20:06:50.0631 0788 Number of processors: 4
20:06:50.0631 0788 Page size: 0x1000
20:06:50.0631 0788 Boot type: Normal boot
20:06:50.0631 0788 ============================================================
20:06:51.0062 0788 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:06:51.0070 0788 Drive \Device\Harddisk1\DR1 - Size: 0x1D9C00000 (7.40 Gb), SectorSize: 0x200, Cylinders: 0x3C6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:06:51.0072 0788 ============================================================
20:06:51.0072 0788 \Device\Harddisk0\DR0:
20:06:51.0073 0788 MBR partitions:
20:06:51.0073 0788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xD343000
20:06:51.0073 0788 \Device\Harddisk1\DR1:
20:06:51.0073 0788 MBR partitions:
20:06:51.0073 0788 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xECC000
20:06:51.0073 0788 ============================================================
20:06:51.0076 0788 C: <-> \Device\Harddisk0\DR0\Partition1
20:06:51.0076 0788 ============================================================
20:06:51.0076 0788 Initialize success
20:06:51.0076 0788 ============================================================
20:06:53.0533 4344 ============================================================
20:06:53.0533 4344 Scan started
20:06:53.0533 4344 Mode: Manual;
20:06:53.0533 4344 ============================================================
20:06:53.0749 4344 ================ Scan system memory ========================
20:06:53.0749 4344 System memory - ok
20:06:53.0750 4344 ================ Scan services =============================
20:06:53.0810 4344 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
20:06:53.0813 4344 1394ohci - ok
20:06:53.0824 4344 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
20:06:53.0827 4344 ACPI - ok
20:06:53.0833 4344 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
20:06:53.0834 4344 AcpiPmi - ok
20:06:53.0849 4344 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:06:53.0850 4344 AdobeARMservice - ok
20:06:53.0896 4344 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:06:53.0899 4344 AdobeFlashPlayerUpdateSvc - ok
20:06:53.0913 4344 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
20:06:53.0918 4344 adp94xx - ok
20:06:53.0930 4344 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
20:06:53.0933 4344 adpahci - ok
20:06:53.0942 4344 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
20:06:53.0944 4344 adpu320 - ok
20:06:53.0955 4344 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
20:06:53.0956 4344 AeLookupSvc - ok
20:06:53.0970 4344 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
20:06:53.0975 4344 AFD - ok
20:06:53.0982 4344 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
20:06:53.0984 4344 agp440 - ok
20:06:53.0990 4344 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
20:06:53.0992 4344 ALG - ok
20:06:53.0997 4344 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
20:06:53.0998 4344 aliide - ok
20:06:54.0018 4344 ALSysIO - ok
20:06:54.0024 4344 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
20:06:54.0025 4344 amdide - ok
20:06:54.0030 4344 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
20:06:54.0032 4344 AmdK8 - ok
20:06:54.0038 4344 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
20:06:54.0039 4344 AmdPPM - ok
20:06:54.0047 4344 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
20:06:54.0048 4344 amdsata - ok
20:06:54.0057 4344 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
20:06:54.0059 4344 amdsbs - ok
20:06:54.0064 4344 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
20:06:54.0065 4344 amdxata - ok
20:06:54.0072 4344 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
20:06:54.0073 4344 AppID - ok
20:06:54.0080 4344 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
20:06:54.0081 4344 AppIDSvc - ok
20:06:54.0088 4344 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
20:06:54.0089 4344 Appinfo - ok
20:06:54.0099 4344 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:06:54.0101 4344 Apple Mobile Device - ok
20:06:54.0110 4344 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
20:06:54.0111 4344 arc - ok
20:06:54.0118 4344 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
20:06:54.0119 4344 arcsas - ok
20:06:54.0124 4344 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
20:06:54.0125 4344 AsyncMac - ok
20:06:54.0131 4344 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
20:06:54.0132 4344 atapi - ok
20:06:54.0149 4344 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
20:06:54.0156 4344 AudioEndpointBuilder - ok
20:06:54.0171 4344 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
20:06:54.0178 4344 AudioSrv - ok
20:06:54.0187 4344 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
20:06:54.0189 4344 AxInstSV - ok
20:06:54.0204 4344 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
20:06:54.0209 4344 b06bdrv - ok
20:06:54.0220 4344 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
20:06:54.0223 4344 b57nd60a - ok
20:06:54.0238 4344 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
20:06:54.0240 4344 BDESVC - ok
20:06:54.0246 4344 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
20:06:54.0246 4344 Beep - ok
20:06:54.0264 4344 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
20:06:54.0271 4344 BFE - ok
20:06:54.0309 4344 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120905.001\BHDrvx64.sys
20:06:54.0322 4344 BHDrvx64 - ok
20:06:54.0341 4344 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
20:06:54.0351 4344 BITS - ok
20:06:54.0356 4344 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
20:06:54.0357 4344 blbdrive - ok
20:06:54.0372 4344 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:06:54.0377 4344 Bonjour Service - ok
20:06:54.0385 4344 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
20:06:54.0386 4344 bowser - ok
20:06:54.0392 4344 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
20:06:54.0393 4344 BrFiltLo - ok
20:06:54.0398 4344 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
20:06:54.0399 4344 BrFiltUp - ok
20:06:54.0410 4344 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
20:06:54.0411 4344 BridgeMP - ok
20:06:54.0419 4344 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
20:06:54.0421 4344 Browser - ok
20:06:54.0430 4344 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
20:06:54.0433 4344 Brserid - ok
20:06:54.0440 4344 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
20:06:54.0441 4344 BrSerWdm - ok
20:06:54.0446 4344 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
20:06:54.0447 4344 BrUsbMdm - ok
20:06:54.0453 4344 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
20:06:54.0453 4344 BrUsbSer - ok
20:06:54.0460 4344 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
20:06:54.0461 4344 BthEnum - ok
20:06:54.0469 4344 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
20:06:54.0470 4344 BTHMODEM - ok
20:06:54.0482 4344 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
20:06:54.0484 4344 BthPan - ok
20:06:54.0504 4344 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
20:06:54.0510 4344 BTHPORT - ok
20:06:54.0519 4344 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
20:06:54.0521 4344 bthserv - ok
20:06:54.0528 4344 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
20:06:54.0529 4344 BTHUSB - ok
20:06:54.0537 4344 catchme - ok
20:06:54.0552 4344 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys
20:06:54.0554 4344 ccSet_NIS - ok
20:06:54.0561 4344 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
20:06:54.0562 4344 cdfs - ok
20:06:54.0570 4344 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
20:06:54.0571 4344 cdrom - ok
20:06:54.0579 4344 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
20:06:54.0580 4344 CertPropSvc - ok
20:06:54.0586 4344 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
20:06:54.0587 4344 circlass - ok
20:06:54.0598 4344 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
20:06:54.0602 4344 CLFS - ok
20:06:54.0615 4344 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:06:54.0617 4344 clr_optimization_v2.0.50727_32 - ok
20:06:54.0627 4344 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:06:54.0628 4344 clr_optimization_v2.0.50727_64 - ok
20:06:54.0641 4344 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:06:54.0643 4344 clr_optimization_v4.0.30319_32 - ok
20:06:54.0654 4344 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:06:54.0656 4344 clr_optimization_v4.0.30319_64 - ok
20:06:54.0662 4344 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
20:06:54.0663 4344 CmBatt - ok
20:06:54.0668 4344 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
20:06:54.0669 4344 cmdide - ok
20:06:54.0682 4344 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
20:06:54.0687 4344 CNG - ok
20:06:54.0692 4344 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
20:06:54.0693 4344 Compbatt - ok
20:06:54.0698 4344 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
20:06:54.0699 4344 CompositeBus - ok
20:06:54.0705 4344 COMSysApp - ok
20:06:54.0713 4344 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
20:06:54.0714 4344 crcdisk - ok
20:06:54.0726 4344 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
20:06:54.0729 4344 CryptSvc - ok
20:06:54.0736 4344 [ 1CA90212A99DB6975C344826D11055C9 ] dc3d C:\windows\system32\DRIVERS\dc3d.sys
20:06:54.0737 4344 dc3d - ok
20:06:54.0753 4344 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
20:06:54.0760 4344 DcomLaunch - ok
20:06:54.0771 4344 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
20:06:54.0774 4344 defragsvc - ok
20:06:54.0783 4344 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
20:06:54.0784 4344 DfsC - ok
20:06:54.0800 4344 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
20:06:54.0804 4344 Dhcp - ok
20:06:54.0810 4344 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
20:06:54.0811 4344 discache - ok
20:06:54.0819 4344 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
20:06:54.0820 4344 Disk - ok
20:06:54.0832 4344 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
20:06:54.0834 4344 Dnscache - ok
20:06:54.0844 4344 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
20:06:54.0847 4344 dot3svc - ok
20:06:54.0855 4344 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
20:06:54.0857 4344 DPS - ok
20:06:54.0863 4344 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
20:06:54.0864 4344 drmkaud - ok
20:06:54.0887 4344 [ 85DBF6EC7BDFA6187F4A1EC8F3145CD0 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
20:06:54.0897 4344 DXGKrnl - ok
20:06:54.0914 4344 [ 5DB7CEB8FB44ABF01614E33BAD2056E0 ] e1cexpress C:\windows\system32\DRIVERS\e1c62x64.sys
20:06:54.0917 4344 e1cexpress - ok
20:06:54.0931 4344 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
20:06:54.0934 4344 EapHost - ok
20:06:54.0987 4344 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
20:06:55.0015 4344 ebdrv - ok
20:06:55.0030 4344 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:06:55.0034 4344 eeCtrl - ok
20:06:55.0042 4344 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
20:06:55.0044 4344 EFS - ok
20:06:55.0063 4344 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
20:06:55.0070 4344 ehRecvr - ok
20:06:55.0076 4344 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
20:06:55.0078 4344 ehSched - ok
20:06:55.0092 4344 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
20:06:55.0097 4344 elxstor - ok
20:06:55.0105 4344 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:06:55.0107 4344 EraserUtilRebootDrv - ok
20:06:55.0112 4344 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
20:06:55.0113 4344 ErrDev - ok
20:06:55.0129 4344 [ DF96C3CD6AE15F6D0A6BCB70F9C1E88D ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
20:06:55.0129 4344 esgiguard - ok
20:06:55.0144 4344 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
20:06:55.0149 4344 EventSystem - ok
20:06:55.0185 4344 [ 57E61DC4F7980D57C0B162FC5B9F0B38 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:06:55.0199 4344 EvtEng - ok
20:06:55.0216 4344 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
20:06:55.0218 4344 exfat - ok
20:06:55.0229 4344 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
20:06:55.0231 4344 fastfat - ok
20:06:55.0252 4344 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
20:06:55.0259 4344 Fax - ok
20:06:55.0266 4344 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
20:06:55.0267 4344 fdc - ok
20:06:55.0273 4344 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
20:06:55.0275 4344 fdPHost - ok
20:06:55.0280 4344 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
20:06:55.0282 4344 FDResPub - ok
20:06:55.0289 4344 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
20:06:55.0291 4344 FileInfo - ok
20:06:55.0296 4344 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
20:06:55.0297 4344 Filetrace - ok
20:06:55.0303 4344 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
20:06:55.0304 4344 flpydisk - ok
20:06:55.0315 4344 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
20:06:55.0318 4344 FltMgr - ok
20:06:55.0341 4344 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
20:06:55.0352 4344 FontCache - ok
20:06:55.0361 4344 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:06:55.0362 4344 FontCache3.0.0.0 - ok
20:06:55.0368 4344 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
20:06:55.0370 4344 FsDepends - ok
20:06:55.0377 4344 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
20:06:55.0378 4344 Fs_Rec - ok
20:06:55.0386 4344 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
20:06:55.0389 4344 fvevol - ok
20:06:55.0394 4344 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
20:06:55.0396 4344 gagp30kx - ok
20:06:55.0402 4344 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:06:55.0403 4344 GEARAspiWDM - ok
20:06:55.0420 4344 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
20:06:55.0428 4344 gpsvc - ok
20:06:55.0439 4344 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:06:55.0441 4344 gupdate - ok
20:06:55.0446 4344 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:06:55.0448 4344 gupdatem - ok
20:06:55.0454 4344 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
20:06:55.0455 4344 hcw85cir - ok
20:06:55.0466 4344 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
20:06:55.0469 4344 HdAudAddService - ok
20:06:55.0476 4344 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
20:06:55.0478 4344 HDAudBus - ok
20:06:55.0484 4344 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
20:06:55.0485 4344 HidBatt - ok
20:06:55.0491 4344 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
20:06:55.0493 4344 HidBth - ok
20:06:55.0499 4344 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
20:06:55.0500 4344 HidIr - ok
20:06:55.0507 4344 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
20:06:55.0509 4344 hidserv - ok
20:06:55.0515 4344 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
20:06:55.0515 4344 HidUsb - ok
20:06:55.0523 4344 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
20:06:55.0525 4344 hkmsvc - ok
20:06:55.0535 4344 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
20:06:55.0539 4344 HomeGroupListener - ok
20:06:55.0548 4344 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
20:06:55.0552 4344 HomeGroupProvider - ok
20:06:55.0558 4344 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
20:06:55.0559 4344 HpSAMD - ok
20:06:55.0575 4344 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
20:06:55.0586 4344 HTTP - ok
20:06:55.0591 4344 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
20:06:55.0592 4344 hwpolicy - ok
20:06:55.0600 4344 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
20:06:55.0602 4344 i8042prt - ok
20:06:55.0617 4344 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
20:06:55.0622 4344 iaStor - ok
20:06:55.0634 4344 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
20:06:55.0638 4344 iaStorV - ok
20:06:55.0657 4344 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:06:55.0665 4344 idsvc - ok
20:06:55.0682 4344 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120914.001\IDSvia64.sys
20:06:55.0688 4344 IDSVia64 - ok
20:06:55.0861 4344 [ 0D1B8C64BDF0E5CDC523A1409FFB5EF0 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
20:06:55.0966 4344 igfx - ok
20:06:55.0976 4344 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
20:06:55.0978 4344 iirsp - ok
20:06:56.0000 4344 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
20:06:56.0009 4344 IKEEXT - ok
20:06:56.0021 4344 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
20:06:56.0022 4344 intaud_WaveExtensible - ok
20:06:56.0072 4344 [ E7E0E8F2F44BCB48143FBBA70106D8C1 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
20:06:56.0099 4344 IntcAzAudAddService - ok
20:06:56.0110 4344 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
20:06:56.0114 4344 IntcDAud - ok
20:06:56.0119 4344 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
20:06:56.0120 4344 intelide - ok
20:06:56.0126 4344 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
20:06:56.0127 4344 intelppm - ok
20:06:56.0134 4344 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
20:06:56.0136 4344 IPBusEnum - ok
20:06:56.0142 4344 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
20:06:56.0144 4344 IpFilterDriver - ok
20:06:56.0158 4344 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
20:06:56.0165 4344 iphlpsvc - ok
20:06:56.0172 4344 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
20:06:56.0173 4344 IPMIDRV - ok
20:06:56.0181 4344 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
20:06:56.0182 4344 IPNAT - ok
20:06:56.0203 4344 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:06:56.0212 4344 iPod Service - ok
20:06:56.0219 4344 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
20:06:56.0220 4344 IRENUM - ok
20:06:56.0227 4344 irstrtsv - ok
20:06:56.0232 4344 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
20:06:56.0233 4344 isapnp - ok
20:06:56.0244 4344 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
20:06:56.0247 4344 iScsiPrt - ok
20:06:56.0254 4344 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\windows\system32\DRIVERS\iwdbus.sys
20:06:56.0255 4344 iwdbus - ok
20:06:56.0268 4344 [ 8112496F91A80D9EEE8442D61CDF07D7 ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
20:06:56.0270 4344 jhi_service - ok
20:06:56.0278 4344 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
20:06:56.0279 4344 kbdclass - ok
20:06:56.0285 4344 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
20:06:56.0286 4344 kbdhid - ok
20:06:56.0293 4344 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
20:06:56.0295 4344 KeyIso - ok
20:06:56.0302 4344 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
20:06:56.0304 4344 KSecDD - ok
20:06:56.0313 4344 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
20:06:56.0315 4344 KSecPkg - ok
20:06:56.0320 4344 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
20:06:56.0321 4344 ksthunk - ok
20:06:56.0331 4344 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
20:06:56.0336 4344 KtmRm - ok
20:06:56.0345 4344 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
20:06:56.0350 4344 LanmanServer - ok
20:06:56.0357 4344 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
20:06:56.0361 4344 LanmanWorkstation - ok
20:06:56.0370 4344 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
20:06:56.0371 4344 lltdio - ok
20:06:56.0381 4344 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
20:06:56.0385 4344 lltdsvc - ok
20:06:56.0389 4344 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
20:06:56.0391 4344 lmhosts - ok
20:06:56.0402 4344 [ 5495EB40DF7061059C57F0DEFDBD72A1 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:06:56.0405 4344 LMS - ok
20:06:56.0415 4344 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
20:06:56.0417 4344 LSI_FC - ok
20:06:56.0424 4344 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
20:06:56.0426 4344 LSI_SAS - ok
20:06:56.0433 4344 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
20:06:56.0434 4344 LSI_SAS2 - ok
20:06:56.0442 4344 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
20:06:56.0444 4344 LSI_SCSI - ok
20:06:56.0451 4344 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
20:06:56.0453 4344 luafv - ok
20:06:56.0465 4344 [ B712940A0A11D8C70C36B06135EC3FFA ] lxddCATSCustConnectService C:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe
20:06:56.0467 4344 lxddCATSCustConnectService - ok
20:06:56.0473 4344 lxdd_device - ok
20:06:56.0482 4344 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
20:06:56.0483 4344 MBAMProtector - ok
20:06:56.0499 4344 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:06:56.0502 4344 MBAMScheduler - ok
20:06:56.0517 4344 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:06:56.0523 4344 MBAMService - ok
20:06:56.0530 4344 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
20:06:56.0532 4344 Mcx2Svc - ok
20:06:56.0539 4344 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
20:06:56.0539 4344 megasas - ok
20:06:56.0549 4344 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
20:06:56.0552 4344 MegaSR - ok
20:06:56.0558 4344 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
20:06:56.0560 4344 MEIx64 - ok
20:06:56.0566 4344 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
20:06:56.0568 4344 MMCSS - ok
20:06:56.0575 4344 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
20:06:56.0576 4344 Modem - ok
20:06:56.0582 4344 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
20:06:56.0582 4344 monitor - ok
20:06:56.0589 4344 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
20:06:56.0590 4344 mouclass - ok
20:06:56.0597 4344 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
20:06:56.0598 4344 mouhid - ok
20:06:56.0605 4344 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
20:06:56.0606 4344 mountmgr - ok
20:06:56.0614 4344 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
20:06:56.0616 4344 mpio - ok
20:06:56.0622 4344 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
20:06:56.0624 4344 mpsdrv - ok
20:06:56.0642 4344 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
20:06:56.0650 4344 MpsSvc - ok
20:06:56.0657 4344 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
20:06:56.0659 4344 MRxDAV - ok
20:06:56.0667 4344 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
20:06:56.0669 4344 mrxsmb - ok
20:06:56.0678 4344 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
20:06:56.0681 4344 mrxsmb10 - ok
20:06:56.0688 4344 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
20:06:56.0690 4344 mrxsmb20 - ok
20:06:56.0695 4344 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
20:06:56.0696 4344 msahci - ok
20:06:56.0705 4344 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
20:06:56.0707 4344 msdsm - ok
20:06:56.0716 4344 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
20:06:56.0718 4344 MSDTC - ok
20:06:56.0730 4344 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
20:06:56.0731 4344 Msfs - ok
20:06:56.0736 4344 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
20:06:56.0737 4344 mshidkmdf - ok
20:06:56.0743 4344 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
20:06:56.0744 4344 msisadrv - ok
20:06:56.0753 4344 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
20:06:56.0756 4344 MSiSCSI - ok
20:06:56.0761 4344 msiserver - ok
20:06:56.0768 4344 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
20:06:56.0769 4344 MSKSSRV - ok
20:06:56.0775 4344 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
20:06:56.0776 4344 MSPCLOCK - ok
20:06:56.0782 4344 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
20:06:56.0783 4344 MSPQM - ok
20:06:56.0794 4344 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
20:06:56.0798 4344 MsRPC - ok
20:06:56.0806 4344 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
20:06:56.0807 4344 mssmbios - ok
20:06:56.0813 4344 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
20:06:56.0814 4344 MSTEE - ok
20:06:56.0819 4344 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
20:06:56.0820 4344 MTConfig - ok
20:06:56.0826 4344 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
20:06:56.0827 4344 Mup - ok
20:06:56.0839 4344 [ 50B99D53BC013458381C6476D790C9F3 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:06:56.0842 4344 MyWiFiDHCPDNS - ok
20:06:56.0855 4344 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
20:06:56.0862 4344 napagent - ok
20:06:56.0874 4344 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
20:06:56.0877 4344 NativeWifiP - ok
20:06:56.0889 4344 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120915.008\ENG64.SYS
20:06:56.0891 4344 NAVENG - ok
20:06:56.0928 4344 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120915.008\EX64.SYS
20:06:56.0948 4344 NAVEX15 - ok
20:06:56.0970 4344 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
20:06:56.0979 4344 NDIS - ok
20:06:56.0986 4344 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
20:06:56.0987 4344 NdisCap - ok
20:06:56.0993 4344 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
20:06:56.0994 4344 NdisTapi - ok
20:06:57.0001 4344 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
20:06:57.0002 4344 Ndisuio - ok
20:06:57.0017 4344 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
20:06:57.0019 4344 NdisWan - ok
20:06:57.0026 4344 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
20:06:57.0028 4344 NDProxy - ok
20:06:57.0034 4344 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
20:06:57.0036 4344 NetBIOS - ok
20:06:57.0045 4344 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
20:06:57.0048 4344 NetBT - ok
20:06:57.0054 4344 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
20:06:57.0056 4344 Netlogon - ok
20:06:57.0068 4344 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
20:06:57.0073 4344 Netman - ok
20:06:57.0085 4344 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
20:06:57.0090 4344 netprofm - ok
20:06:57.0098 4344 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:06:57.0099 4344 NetTcpPortSharing - ok
20:06:57.0225 4344 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
20:06:57.0301 4344 NETwNs64 - ok
20:06:57.0312 4344 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
20:06:57.0313 4344 nfrd960 - ok
20:06:57.0336 4344 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
20:06:57.0338 4344 NIS - ok
20:06:57.0349 4344 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
20:06:57.0354 4344 NlaSvc - ok
20:06:57.0360 4344 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
20:06:57.0361 4344 Npfs - ok
20:06:57.0368 4344 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
20:06:57.0370 4344 nsi - ok
20:06:57.0375 4344 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
20:06:57.0376 4344 nsiproxy - ok
20:06:57.0382 4344 NSNDIS5 - ok
20:06:57.0414 4344 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
20:06:57.0429 4344 Ntfs - ok
20:06:57.0435 4344 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\windows\system32\DRIVERS\NuidFltr.sys
20:06:57.0436 4344 NuidFltr - ok
20:06:57.0442 4344 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
20:06:57.0442 4344 Null - ok
20:06:57.0451 4344 [ 550BE6C46110B74C1ED7B156598D67AF ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
20:06:57.0453 4344 nusb3hub - ok
20:06:57.0462 4344 [ 17401C97DCF93F121B89B554D733B836 ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
20:06:57.0464 4344 nusb3xhc - ok
20:06:57.0472 4344 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
20:06:57.0474 4344 nvraid - ok
20:06:57.0482 4344 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
20:06:57.0484 4344 nvstor - ok
20:06:57.0491 4344 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
20:06:57.0493 4344 nv_agp - ok
20:06:57.0500 4344 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
20:06:57.0501 4344 ohci1394 - ok
20:06:57.0509 4344 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:06:57.0511 4344 ose - ok
20:06:57.0588 4344 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:06:57.0632 4344 osppsvc - ok
20:06:57.0650 4344 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
20:06:57.0654 4344 p2pimsvc - ok
20:06:57.0666 4344 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
20:06:57.0671 4344 p2psvc - ok
20:06:57.0680 4344 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
20:06:57.0681 4344 Parport - ok
20:06:57.0689 4344 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
20:06:57.0691 4344 partmgr - ok
20:06:57.0701 4344 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
20:06:57.0704 4344 PcaSvc - ok
20:06:57.0712 4344 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
20:06:57.0714 4344 pci - ok
20:06:57.0719 4344 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
20:06:57.0719 4344 pciide - ok
20:06:57.0728 4344 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
20:06:57.0730 4344 pcmcia - ok
20:06:57.0737 4344 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
20:06:57.0738 4344 pcw - ok
20:06:57.0752 4344 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
20:06:57.0758 4344 PEAUTH - ok
20:06:57.0798 4344 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
20:06:57.0800 4344 PerfHost - ok
20:06:57.0835 4344 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
20:06:57.0849 4344 pla - ok
20:06:57.0864 4344 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
20:06:57.0869 4344 PlugPlay - ok
20:06:57.0876 4344 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
20:06:57.0879 4344 PNRPAutoReg - ok
20:06:57.0890 4344 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
20:06:57.0896 4344 PNRPsvc - ok
20:06:57.0903 4344 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\windows\system32\DRIVERS\point64.sys
20:06:57.0905 4344 Point64 - ok
20:06:57.0920 4344 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
20:06:57.0926 4344 PolicyAgent - ok
20:06:57.0944 4344 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
20:06:57.0949 4344 Power - ok
20:06:57.0963 4344 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
20:06:57.0965 4344 PptpMiniport - ok
20:06:57.0972 4344 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
20:06:57.0974 4344 Processor - ok
20:06:57.0984 4344 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
20:06:57.0988 4344 ProfSvc - ok
20:06:57.0993 4344 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
20:06:57.0995 4344 ProtectedStorage - ok
20:06:58.0002 4344 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
20:06:58.0004 4344 Psched - ok
20:06:58.0030 4344 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
20:06:58.0044 4344 ql2300 - ok
20:06:58.0051 4344 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
20:06:58.0053 4344 ql40xx - ok
20:06:58.0063 4344 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
20:06:58.0066 4344 QWAVE - ok
20:06:58.0072 4344 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
20:06:58.0073 4344 QWAVEdrv - ok
20:06:58.0084 4344 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\windows\WindowsMobile\rapimgr.dll
20:06:58.0087 4344 RapiMgr - ok
20:06:58.0093 4344 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
20:06:58.0094 4344 RasAcd - ok
20:06:58.0101 4344 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
20:06:58.0102 4344 RasAgileVpn - ok
20:06:58.0110 4344 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
20:06:58.0113 4344 RasAuto - ok
20:06:58.0120 4344 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
20:06:58.0122 4344 Rasl2tp - ok
20:06:58.0132 4344 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
20:06:58.0137 4344 RasMan - ok
20:06:58.0144 4344 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
20:06:58.0146 4344 RasPppoe - ok
20:06:58.0151 4344 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
20:06:58.0153 4344 RasSstp - ok
20:06:58.0163 4344 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
20:06:58.0167 4344 rdbss - ok
20:06:58.0171 4344 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
20:06:58.0172 4344 rdpbus - ok
20:06:58.0178 4344 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
20:06:58.0179 4344 RDPCDD - ok
20:06:58.0187 4344 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
20:06:58.0188 4344 RDPENCDD - ok
20:06:58.0197 4344 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
20:06:58.0198 4344 RDPREFMP - ok
20:06:58.0207 4344 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
20:06:58.0209 4344 RDPWD - ok
20:06:58.0219 4344 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
20:06:58.0221 4344 rdyboost - ok
20:06:58.0241 4344 [ 18505D90FEE940EE9EAE4C5B421F22B4 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:06:58.0249 4344 RegSrvc - ok
20:06:58.0257 4344 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
20:06:58.0260 4344 RemoteAccess - ok
20:06:58.0272 4344 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
20:06:58.0275 4344 RemoteRegistry - ok
20:06:58.0283 4344 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
20:06:58.0285 4344 RFCOMM - ok
20:06:58.0293 4344 [ 5790BCA445CC40DF8B38C2C48608AAC2 ] RimUsb C:\windows\system32\Drivers\RimUsb_AMD64.sys
20:06:58.0295 4344 RimUsb - ok
20:06:58.0302 4344 [ 5A227511ED22DDFEDF7EF7323C8F7D2F ] risdxc C:\windows\system32\DRIVERS\risdxc64.sys
20:06:58.0304 4344 risdxc - ok
20:06:58.0315 4344 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
20:06:58.0317 4344 RpcEptMapper - ok
20:06:58.0323 4344 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
20:06:58.0325 4344 RpcLocator - ok
20:06:58.0338 4344 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
20:06:58.0345 4344 RpcSs - ok
20:06:58.0353 4344 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
20:06:58.0355 4344 rspndr - ok
20:06:58.0361 4344 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
20:06:58.0363 4344 SamSs - ok
20:06:58.0371 4344 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
20:06:58.0373 4344 sbp2port - ok
20:06:58.0384 4344 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
20:06:58.0388 4344 SCardSvr - ok
20:06:58.0397 4344 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
20:06:58.0398 4344 scfilter - ok
20:06:58.0419 4344 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
20:06:58.0431 4344 Schedule - ok
20:06:58.0438 4344 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
20:06:58.0440 4344 SCPolicySvc - ok
20:06:58.0449 4344 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
20:06:58.0453 4344 SDRSVC - ok
20:06:58.0458 4344 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
20:06:58.0460 4344 secdrv - ok
20:06:58.0467 4344 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
20:06:58.0469 4344 seclogon - ok
20:06:58.0477 4344 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
20:06:58.0481 4344 SENS - ok
20:06:58.0488 4344 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
20:06:58.0490 4344 SensrSvc - ok
20:06:58.0496 4344 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
20:06:58.0497 4344 Serenum - ok
20:06:58.0505 4344 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
20:06:58.0507 4344 Serial - ok
20:06:58.0513 4344 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
20:06:58.0514 4344 sermouse - ok
20:06:58.0532 4344 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
20:06:58.0535 4344 SessionEnv - ok
20:06:58.0541 4344 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
20:06:58.0542 4344 sffdisk - ok
20:06:58.0547 4344 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
20:06:58.0549 4344 sffp_mmc - ok
20:06:58.0554 4344 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
20:06:58.0555 4344 sffp_sd - ok
20:06:58.0560 4344 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
20:06:58.0561 4344 sfloppy - ok
20:06:58.0572 4344 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
20:06:58.0576 4344 SharedAccess - ok
20:06:58.0588 4344 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
20:06:58.0593 4344 ShellHWDetection - ok
20:06:58.0599 4344 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
20:06:58.0600 4344 SiSRaid2 - ok
20:06:58.0608 4344 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
20:06:58.0609 4344 SiSRaid4 - ok
20:06:58.0621 4344 [ 8C5477EB1C03CA76CD8EB66A610A9E90 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:06:58.0623 4344 SkypeUpdate - ok
20:06:58.0631 4344 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
20:06:58.0633 4344 Smb - ok
20:06:58.0647 4344 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
20:06:58.0650 4344 SNMPTRAP - ok
20:06:58.0656 4344 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
20:06:58.0657 4344 spldr - ok
20:06:58.0675 4344 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
20:06:58.0682 4344 Spooler - ok
20:06:58.0738 4344 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
20:06:58.0770 4344 sppsvc - ok
20:06:58.0778 4344 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
20:06:58.0781 4344 sppuinotify - ok
20:06:58.0807 4344 [ 2ED464C8CBC399E69FBF776A8EBC3302 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
20:06:58.0816 4344 SpyHunter 4 Service - ok
20:06:58.0837 4344 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS
20:06:58.0843 4344 SRTSP - ok
20:06:58.0849 4344 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\windows\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS
20:06:58.0850 4344 SRTSPX - ok
20:06:58.0864 4344 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
20:06:58.0868 4344 srv - ok
20:06:58.0880 4344 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
20:06:58.0884 4344 srv2 - ok
20:06:58.0893 4344 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
20:06:58.0896 4344 srvnet - ok
20:06:58.0908 4344 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
20:06:58.0913 4344 SSDPSRV - ok
20:06:58.0924 4344 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
20:06:58.0928 4344 SstpSvc - ok
20:06:58.0942 4344 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
20:06:58.0942 4344 stexstor - ok
20:06:58.0963 4344 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
20:06:58.0971 4344 stisvc - ok
20:06:58.0981 4344 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
20:06:58.0982 4344 swenum - ok
20:06:59.0002 4344 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
20:06:59.0010 4344 swprv - ok
20:06:59.0031 4344 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS
20:06:59.0036 4344 SymDS - ok
20:06:59.0057 4344 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS
20:06:59.0067 4344 SymEFA - ok
20:06:59.0076 4344 [ 894579207E39C465737E850A252CE4F2 ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
20:06:59.0078 4344 SymEvent - ok
20:06:59.0087 4344 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS
20:06:59.0089 4344 SymIRON - ok
20:06:59.0103 4344 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS
20:06:59.0107 4344 SymNetS - ok
20:06:59.0133 4344 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
20:06:59.0145 4344 SynTP - ok
20:06:59.0176 4344 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
20:06:59.0193 4344 SysMain - ok
20:06:59.0201 4344 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
20:06:59.0205 4344 TabletInputService - ok
20:06:59.0218 4344 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
20:06:59.0223 4344 TapiSrv - ok
20:06:59.0230 4344 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
20:06:59.0233 4344 TBS - ok
20:06:59.0265 4344 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
20:06:59.0282 4344 Tcpip - ok
20:06:59.0315 4344 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
20:06:59.0333 4344 TCPIP6 - ok
20:06:59.0343 4344 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
20:06:59.0344 4344 tcpipreg - ok
20:06:59.0353 4344 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
20:06:59.0354 4344 TDPIPE - ok
20:06:59.0361 4344 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
20:06:59.0362 4344 TDTCP - ok
20:06:59.0369 4344 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
20:06:59.0371 4344 tdx - ok
20:06:59.0377 4344 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
20:06:59.0378 4344 TermDD - ok
20:06:59.0394 4344 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
20:06:59.0403 4344 TermService - ok
20:06:59.0408 4344 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
20:06:59.0412 4344 Themes - ok
20:06:59.0418 4344 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
20:06:59.0421 4344 THREADORDER - ok
20:06:59.0435 4344 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
20:06:59.0439 4344 tos_sps64 - ok
20:06:59.0446 4344 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\windows\system32\drivers\tpm.sys
20:06:59.0447 4344 TPM - ok
20:06:59.0455 4344 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
20:06:59.0458 4344 TrkWks - ok
20:06:59.0466 4344 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
20:06:59.0469 4344 TrustedInstaller - ok
20:06:59.0480 4344 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
20:06:59.0481 4344 tssecsrv - ok
20:06:59.0487 4344 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
20:06:59.0489 4344 TsUsbFlt - ok
20:06:59.0495 4344 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
20:06:59.0497 4344 TsUsbGD - ok
20:06:59.0505 4344 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
20:06:59.0507 4344 tunnel - ok
20:06:59.0514 4344 [ EFFCE6E033EBDD0F3C0F14A413558F65 ] TVALZ C:\windows\system32\DRIVERS\TVALZ.SYS
20:06:59.0515 4344 TVALZ - ok
20:06:59.0522 4344 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
20:06:59.0523 4344 uagp35 - ok
20:06:59.0534 4344 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
20:06:59.0538 4344 udfs - ok
20:06:59.0551 4344 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
20:06:59.0553 4344 UI0Detect - ok
20:06:59.0559 4344 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
20:06:59.0561 4344 uliagpkx - ok
20:06:59.0568 4344 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
20:06:59.0569 4344 umbus - ok
20:06:59.0573 4344 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
20:06:59.0574 4344 UmPass - ok
20:06:59.0623 4344 [ D329A1589257FB671338E8CDBC6CB6DB ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:06:59.0646 4344 UNS - ok
20:06:59.0659 4344 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
20:06:59.0664 4344 upnphost - ok
20:06:59.0672 4344 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
20:06:59.0673 4344 USBAAPL64 - ok
20:06:59.0681 4344 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
20:06:59.0683 4344 usbccgp - ok
20:06:59.0692 4344 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
20:06:59.0695 4344 usbcir - ok
20:06:59.0701 4344 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
20:06:59.0703 4344 usbehci - ok
20:06:59.0713 4344 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
20:06:59.0717 4344 usbhub - ok
20:06:59.0722 4344 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
20:06:59.0723 4344 usbohci - ok
20:06:59.0730 4344 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
20:06:59.0731 4344 usbprint - ok
20:06:59.0738 4344 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
20:06:59.0739 4344 usbscan - ok
20:06:59.0746 4344 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
20:06:59.0748 4344 USBSTOR - ok
20:06:59.0754 4344 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
20:06:59.0756 4344 usbuhci - ok
20:06:59.0765 4344 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
20:06:59.0768 4344 usbvideo - ok
20:06:59.0775 4344 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\windows\system32\drivers\usb8023x.sys
20:06:59.0777 4344 usb_rndisx - ok
20:06:59.0784 4344 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
20:06:59.0786 4344 UxSms - ok
20:06:59.0792 4344 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
20:06:59.0795 4344 VaultSvc - ok
20:06:59.0801 4344 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
20:06:59.0802 4344 vdrvroot - ok
20:06:59.0818 4344 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
20:06:59.0826 4344 vds - ok
20:06:59.0833 4344 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
20:06:59.0834 4344 vga - ok
20:06:59.0839 4344 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
20:06:59.0840 4344 VgaSave - ok
20:06:59.0849 4344 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
20:06:59.0851 4344 vhdmp - ok
20:06:59.0859 4344 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
20:06:59.0861 4344 viaide - ok
20:06:59.0867 4344 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
20:06:59.0869 4344 volmgr - ok
20:06:59.0879 4344 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
20:06:59.0883 4344 volmgrx - ok
20:06:59.0892 4344 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
20:06:59.0895 4344 volsnap - ok
20:06:59.0904 4344 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
20:06:59.0906 4344 vsmraid - ok
20:06:59.0937 4344 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
20:06:59.0954 4344 VSS - ok
20:06:59.0960 4344 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
20:06:59.0961 4344 vwifibus - ok
20:06:59.0970 4344 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
20:06:59.0972 4344 vwififlt - ok
20:06:59.0979 4344 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
20:06:59.0980 4344 vwifimp - ok
20:06:59.0992 4344 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
20:06:59.0998 4344 W32Time - ok
20:07:00.0007 4344 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
20:07:00.0008 4344 WacomPen - ok
20:07:00.0017 4344 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
20:07:00.0019 4344 WANARP - ok
20:07:00.0024 4344 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
20:07:00.0027 4344 Wanarpv6 - ok
20:07:00.0052 4344 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
20:07:00.0063 4344 WatAdminSvc - ok
20:07:00.0093 4344 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
20:07:00.0108 4344 wbengine - ok
20:07:00.0117 4344 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
20:07:00.0121 4344 WbioSrvc - ok
20:07:00.0133 4344 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\windows\WindowsMobile\wcescomm.dll
20:07:00.0137 4344 WcesComm - ok
20:07:00.0148 4344 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
20:07:00.0153 4344 wcncsvc - ok
20:07:00.0159 4344 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
20:07:00.0162 4344 WcsPlugInService - ok
20:07:00.0169 4344 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
20:07:00.0169 4344 Wd - ok
20:07:00.0183 4344 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
20:07:00.0189 4344 Wdf01000 - ok
20:07:00.0196 4344 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
20:07:00.0199 4344 WdiServiceHost - ok
20:07:00.0205 4344 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
20:07:00.0208 4344 WdiSystemHost - ok
20:07:00.0218 4344 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
20:07:00.0222 4344 WebClient - ok
20:07:00.0232 4344 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
20:07:00.0236 4344 Wecsvc - ok
20:07:00.0244 4344 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
20:07:00.0248 4344 wercplsupport - ok
20:07:00.0256 4344 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
20:07:00.0259 4344 WerSvc - ok
20:07:00.0266 4344 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
20:07:00.0267 4344 WfpLwf - ok
20:07:00.0274 4344 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
20:07:00.0276 4344 WIMMount - ok
20:07:00.0281 4344 WinDefend - ok
20:07:00.0289 4344 WinHttpAutoProxySvc - ok
20:07:00.0306 4344 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
20:07:00.0309 4344 Winmgmt - ok
20:07:00.0344 4344 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
20:07:00.0363 4344 WinRM - ok
20:07:00.0378 4344 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\windows\system32\DRIVERS\WinUSB.sys
20:07:00.0380 4344 WinUSB - ok
20:07:00.0398 4344 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
20:07:00.0409 4344 Wlansvc - ok
20:07:00.0417 4344 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:07:00.0418 4344 wlcrasvc - ok
20:07:00.0456 4344 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:07:00.0476 4344 wlidsvc - ok
20:07:00.0483 4344 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
20:07:00.0484 4344 WmiAcpi - ok
20:07:00.0498 4344 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
20:07:00.0500 4344 wmiApSrv - ok
20:07:00.0506 4344 WMPNetworkSvc - ok
20:07:00.0523 4344 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
20:07:00.0526 4344 WMZuneComm - ok
20:07:00.0533 4344 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
20:07:00.0536 4344 WPCSvc - ok
20:07:00.0546 4344 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
20:07:00.0549 4344 WPDBusEnum - ok
20:07:00.0556 4344 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
20:07:00.0557 4344 ws2ifsl - ok
20:07:00.0566 4344 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
20:07:00.0569 4344 wscsvc - ok
20:07:00.0574 4344 WSearch - ok
20:07:00.0621 4344 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
20:07:00.0645 4344 wuauserv - ok
20:07:00.0652 4344 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
20:07:00.0654 4344 WudfPf - ok
20:07:00.0663 4344 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
20:07:00.0665 4344 WUDFRd - ok
20:07:00.0672 4344 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
20:07:00.0675 4344 wudfsvc - ok
20:07:00.0684 4344 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
20:07:00.0688 4344 WwanSvc - ok
20:07:00.0812 4344 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
20:07:00.0885 4344 ZuneNetworkSvc - ok
20:07:00.0903 4344 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
20:07:00.0908 4344 ZuneWlanCfgSvc - ok
20:07:00.0929 4344 ================ Scan global ===============================
20:07:00.0935 4344 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
20:07:00.0944 4344 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
20:07:00.0955 4344 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
20:07:00.0967 4344 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
20:07:00.0979 4344 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
20:07:00.0984 4344 [Global] - ok
20:07:00.0985 4344 ================ Scan MBR ==================================
20:07:00.0990 4344 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
20:07:01.0139 4344 \Device\Harddisk0\DR0 - ok
20:07:01.0148 4344 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
20:07:01.0225 4344 \Device\Harddisk1\DR1 - ok
20:07:01.0225 4344 ================ Scan VBR ==================================
20:07:01.0229 4344 [ D77C807A833B63ECE904D05320FDD72D ] \Device\Harddisk0\DR0\Partition1
20:07:01.0231 4344 \Device\Harddisk0\DR0\Partition1 - ok
20:07:01.0236 4344 [ E6AE09652CE945C953B23F0D4E5C15F4 ] \Device\Harddisk1\DR1\Partition1
20:07:01.0237 4344 \Device\Harddisk1\DR1\Partition1 - ok
20:07:01.0238 4344 ============================================================
20:07:01.0238 4344 Scan finished
20:07:01.0238 4344 ============================================================
20:07:01.0249 4228 Detected object count: 0
20:07:01.0249 4228 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-16 20:08:25
-----------------------------
20:08:25.647 OS Version: Windows x64 6.1.7601 Service Pack 1
20:08:25.647 Number of processors: 4 586 0x2A07
20:08:25.648 ComputerName: NLLANOS-PC UserName: nllanos
20:08:26.119 Initialize success
20:10:01.967 AVAST engine defs: 12091400
20:10:18.655 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:10:18.658 Disk 0 Vendor: TOSHIBA_ AJTA Size: 122104MB BusType: 3
20:10:18.665 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007e
20:10:18.669 Disk 1 Vendor: RICOH 01 Size: 7580MB BusType: 0
20:10:18.674 Disk 0 MBR read successfully
20:10:18.679 Disk 0 MBR scan
20:10:18.687 Disk 0 Windows VISTA default MBR code
20:10:18.693 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:10:18.702 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 108166 MB offset 3074048
20:10:18.711 Disk 0 Partition 3 00 84 OS/2 hidden C: 4096 MB offset 224598016
20:10:18.721 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 8341 MB offset 232986624
20:10:18.738 Disk 0 scanning C:\windows\system32\drivers
20:10:25.287 Service scanning
20:10:42.535 Modules scanning
20:10:42.548 Disk 0 trace - called modules:
20:10:42.559 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
20:10:42.567 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800789c060]
20:10:42.573 3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> [0xfffffa8005af8890]
20:10:42.579 5 ACPI.sys[fffff88000ec27a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8005af7050]
20:10:43.199 AVAST engine scan C:\
20:37:32.568 File: C:\Windows\SysWOW64\wcncsvcw.dll **INFECTED** Win32:Diller-B [Trj]
21:24:03.196 Scan finished successfully
21:31:08.281 Disk 0 MBR has been saved successfully to "C:\Users\nllanos\Desktop\browser hijack removal\MBR.dat"
21:31:08.290 The log file has been saved successfully to "C:\Users\nllanos\Desktop\browser hijack removal\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 16 September 2012 - 11:52 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\Windows\SysWOW64\wcncsvcw.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 nllanos

nllanos
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 17 September 2012 - 07:35 AM

ComboFix 12-09-16.01 - nllanos 09/17/2012 5:25.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6045.3459 [GMT -7:00]
Running from: c:\users\nllanos\Desktop\ComboFix.exe
Command switches used :: c:\users\nllanos\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\SysWOW64\wcncsvcw.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWOW64\wcncsvcw.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))))
.
.
2012-09-17 12:31 . 2012-09-17 12:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-16 19:01 . 2009-07-14 00:00 94208 ----a-w- c:\windows\system32\drivers\Serial.sys
2012-09-16 05:59 . 2012-09-16 05:59 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-16 05:59 . 2012-09-16 05:59 -------- d-----w- c:\programdata\McAfee
2012-09-13 19:42 . 2012-09-13 19:42 -------- d-----w- c:\users\nllanos\AppData\Roaming\Malwarebytes
2012-09-13 19:40 . 2012-09-13 19:40 -------- d-----w- c:\programdata\Malwarebytes
2012-09-13 19:40 . 2012-09-08 00:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 19:40 . 2012-09-13 19:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-12 12:44 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 12:44 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 12:44 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 12:44 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2012-09-12 12:44 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 12:44 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 12:44 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 12:44 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-05 01:49 . 2012-09-05 01:49 110080 ----a-r- c:\users\nllanos\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconF7A21AF7.exe
2012-09-05 01:49 . 2012-09-05 01:49 110080 ----a-r- c:\users\nllanos\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconD7F16134.exe
2012-09-05 01:49 . 2012-09-05 01:49 110080 ----a-r- c:\users\nllanos\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\Icon1226A4C5.exe
2012-09-05 01:49 . 2012-09-05 02:06 -------- d-----w- c:\program files\Enigma Software Group
2012-09-05 01:49 . 2012-09-05 01:49 -------- d-----w- C:\sh4ldr
2012-09-05 01:49 . 2012-09-05 01:49 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-05 01:48 . 2012-09-05 02:05 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-16 05:59 . 2011-09-21 01:08 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-12 13:10 . 2012-01-10 06:12 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-15 05:29 . 2012-08-13 01:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 05:29 . 2011-09-21 01:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 18:15 . 2012-08-16 04:07 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-16 05:01 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-06 02:17 . 2012-08-15 04:20 37536 ----a-w- c:\windows\system32\drivers\NISx64\1308000.00E\srtspx64.sys
2012-07-06 02:17 . 2012-08-15 04:20 737952 ----a-w- c:\windows\system32\drivers\NISx64\1308000.00E\srtsp64.sys
2012-07-04 22:16 . 2012-08-16 04:07 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-16 04:07 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-16 04:07 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-16 04:07 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-16 05:00 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-16 05:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-16 05:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-16 05:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-16 05:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-16 05:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-16 05:00 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-16 05:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-16 05:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-16 05:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-16 05:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-16 05:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-16 05:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-16 05:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-16 05:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-16 05:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-16 05:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-16 05:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-16 05:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-17_00.50.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-10 04:50 . 2012-09-17 12:19 365226 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-10 136176]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe [2007-05-25 34224]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 ALSysIO;ALSysIO;c:\users\nllanos\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-29 52584]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-03 13088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-10 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-01 340240]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-10 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2011-07-26 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120905.001\BHDrvx64.sys [2012-08-31 1385120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120914.001\IDSvia64.sys [2012-09-01 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 irstrtsv;Intel® Rapid Start Technology Service;c:\windows\system32\irstrtsv.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-07-21 212944]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 567216]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-26 101888]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-12-01 358576]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-13 138912]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-07-28 92672]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-07-28 209408]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 71424152
*NewlyCreated* - 84102315
*NewlyCreated* - ASWMBR
*Deregistered* - 71424152
*Deregistered* - 84102315
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-13 05:29]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-10 03:01]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-10 03:01]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190050894-1442018703-1282903292-1001Core.job
- c:\users\nllanos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-17 21:45]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190050894-1442018703-1282903292-1001UA.job
- c:\users\nllanos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-17 21:45]
.
2012-09-17 c:\windows\Tasks\Vucxpp.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-09 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"TOSHIBA Face Recognition"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"lxddmon.exe"="c:\program files (x86)\Lexmark 2500 Series\lxddmon.exe" [2009-04-27 291496]
"lxddamon"="c:\program files (x86)\Lexmark 2500 Series\lxddamon.exe" [2009-04-27 25256]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"EPSON Stylus Photo 2200"="c:\windows\system32\spool\DRIVERS\x64\3\E_S10IC2.EXE" [2003-05-27 99840]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.100.1;192.168.100.100;192.168.100.2;*.local;<local>
uInternet Settings,ProxyServer = proxy01.atlascopco.de:8085
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 4.2.2.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-17 05:34:04
ComboFix-quarantined-files.txt 2012-09-17 12:34
ComboFix2.txt 2012-09-17 01:14
.
Pre-Run: 28,734,345,216 bytes free
Post-Run: 28,925,227,008 bytes free
.
- - End Of File - - 815CE27117F6352ADCA4C0E78907BB1C

#14 nllanos

nllanos
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 17 September 2012 - 07:36 AM

still getting the scour/click.gethotresults.com redirecting.....

#15 nllanos

nllanos
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 17 September 2012 - 07:45 AM

after doing a restart, im not getting the redirect after a dozen searches or so, and before it'd be the 2nd or 3rd click and it was toast!

I will report shortly again with any news after tying more searches to be sure




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users