Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Syshost.exe Virus Infection


  • This topic is locked This topic is locked
26 replies to this topic

#16 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:33 PM

Posted 18 September 2012 - 11:20 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

BC AdBot (Login to Remove)

 


#17 Daftward

Daftward
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 18 September 2012 - 12:23 PM

11:42:21.0011 53228 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
11:42:21.0332 53228 ============================================================
11:42:21.0333 53228 Current date / time: 2012/09/18 11:42:21.0332
11:42:21.0333 53228 SystemInfo:
11:42:21.0333 53228
11:42:21.0333 53228 OS Version: 6.1.7600 ServicePack: 0.0
11:42:21.0333 53228 Product type: Workstation
11:42:21.0333 53228 ComputerName: JOE-PC
11:42:21.0333 53228 UserName: Joe
11:42:21.0333 53228 Windows directory: C:\Windows
11:42:21.0333 53228 System windows directory: C:\Windows
11:42:21.0333 53228 Running under WOW64
11:42:21.0333 53228 Processor architecture: Intel x64
11:42:21.0333 53228 Number of processors: 4
11:42:21.0334 53228 Page size: 0x1000
11:42:21.0334 53228 Boot type: Normal boot
11:42:21.0334 53228 ============================================================
11:42:49.0751 53228 !crdlk
11:42:49.0776 53228 Drive \Device\Harddisk0\DR0 - Size: 0x9502F90000 (596.05 Gb), SectorSize: 0x200, Cylinders: 0x12FF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:42:49.0842 53228 ============================================================
11:42:49.0842 53228 \Device\Harddisk0\DR0:
11:42:49.0843 53228 MBR partitions:
11:42:49.0843 53228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:42:49.0843 53228 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x48FBA000
11:42:49.0843 53228 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x48FEC800, BlocksNum 0x182A800
11:42:49.0843 53228 ============================================================
11:42:49.0884 53228 C: <-> \Device\Harddisk0\DR0\Partition2
11:42:49.0939 53228 D: <-> \Device\Harddisk0\DR0\Partition3
11:42:49.0939 53228 ============================================================
11:42:49.0939 53228 Initialize success
11:42:49.0939 53228 ============================================================
11:43:37.0739 55392 ============================================================
11:43:37.0739 55392 Scan started
11:43:37.0739 55392 Mode: Manual;
11:43:37.0739 55392 ============================================================
11:43:38.0096 55392 ================ Scan system memory ========================
11:43:38.0096 55392 System memory - ok
11:43:38.0097 55392 ================ Scan services =============================
11:43:38.0261 55392 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
11:43:38.0266 55392 1394ohci - ok
11:43:38.0270 55392 Suspicious service (NoAccess): 481d6f34a27e453e
11:43:38.0303 55392 [ CF8A7E7536983E7F94BC760AF8B17451 ] 481d6f34a27e453e C:\Windows\System32\Drivers\481d6f34a27e453e.sys
11:43:38.0303 55392 Suspicious file (NoAccess): C:\Windows\System32\Drivers\481d6f34a27e453e.sys. md5: CF8A7E7536983E7F94BC760AF8B17451
11:43:38.0482 55392 481d6f34a27e453e ( Rootkit.Win32.Necurs.gen ) - infected
11:43:38.0483 55392 481d6f34a27e453e - detected Rootkit.Win32.Necurs.gen (0)
11:43:38.0534 55392 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
11:43:38.0550 55392 ACPI - ok
11:43:38.0574 55392 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
11:43:38.0575 55392 AcpiPmi - ok
11:43:38.0762 55392 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:43:38.0764 55392 AdobeARMservice - ok
11:43:38.0796 55392 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:43:38.0810 55392 adp94xx - ok
11:43:38.0868 55392 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:43:38.0884 55392 adpahci - ok
11:43:38.0922 55392 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:43:38.0927 55392 adpu320 - ok
11:43:38.0964 55392 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:43:38.0965 55392 AeLookupSvc - ok
11:43:39.0049 55392 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
11:43:39.0066 55392 AFD - ok
11:43:39.0087 55392 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
11:43:39.0090 55392 agp440 - ok
11:43:39.0117 55392 [ AA3F73CCBF498BD56800F840D75E40E4 ] ahcix64s C:\Windows\system32\DRIVERS\ahcix64s.sys
11:43:39.0118 55392 ahcix64s - ok
11:43:39.0135 55392 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:43:39.0137 55392 ALG - ok
11:43:39.0152 55392 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
11:43:39.0152 55392 aliide - ok
11:43:39.0218 55392 [ B5E2434FC851698C1F119CF1C3935A50 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:43:39.0223 55392 AMD External Events Utility - ok
11:43:39.0360 55392 AMD FUEL Service - ok
11:43:39.0423 55392 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
11:43:39.0424 55392 amdide - ok
11:43:39.0494 55392 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
11:43:39.0496 55392 amdiox64 - ok
11:43:39.0525 55392 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:43:39.0528 55392 AmdK8 - ok
11:43:39.0790 55392 [ 9E3B4946F7E1BCA0B763E19D81EDBF2C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:43:39.0980 55392 amdkmdag - ok
11:43:40.0038 55392 [ B9E1C7B7F1865F99B16FF2E1BB94EDB6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:43:40.0056 55392 amdkmdap - ok
11:43:40.0115 55392 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:43:40.0116 55392 AmdPPM - ok
11:43:40.0173 55392 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:43:40.0176 55392 amdsata - ok
11:43:40.0200 55392 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:43:40.0205 55392 amdsbs - ok
11:43:40.0255 55392 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:43:40.0256 55392 amdxata - ok
11:43:40.0320 55392 [ 2B8D1C23D204C0E70EFF48A3FFA1C67B ] AMD_RAIDXpert C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
11:43:40.0322 55392 AMD_RAIDXpert - ok
11:43:40.0374 55392 [ F312FAD7DBD49ED21A194AC71B497832 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:43:40.0375 55392 AODDriver4.01 - ok
11:43:40.0445 55392 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
11:43:40.0447 55392 AppID - ok
11:43:40.0480 55392 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:43:40.0482 55392 AppIDSvc - ok
11:43:40.0512 55392 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
11:43:40.0514 55392 Appinfo - ok
11:43:40.0530 55392 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:43:40.0531 55392 arc - ok
11:43:40.0543 55392 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:43:40.0545 55392 arcsas - ok
11:43:40.0564 55392 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:43:40.0564 55392 AsyncMac - ok
11:43:40.0592 55392 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
11:43:40.0593 55392 atapi - ok
11:43:40.0656 55392 [ 230CF51113CD4B830B3BFD09B0D4C066 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
11:43:40.0659 55392 AtiHDAudioService - ok
11:43:40.0679 55392 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
11:43:40.0680 55392 AtiPcie - ok
11:43:40.0711 55392 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:43:40.0728 55392 AudioEndpointBuilder - ok
11:43:40.0749 55392 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:43:40.0753 55392 AudioSrv - ok
11:43:40.0815 55392 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:43:40.0817 55392 AxInstSV - ok
11:43:40.0895 55392 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:43:40.0913 55392 b06bdrv - ok
11:43:40.0987 55392 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:43:41.0004 55392 b57nd60a - ok
11:43:41.0118 55392 [ 44E6E51AEDBF3E0B38A6CD5432649E57 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
11:43:41.0154 55392 BCMH43XX - ok
11:43:41.0184 55392 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:43:41.0186 55392 BDESVC - ok
11:43:41.0201 55392 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:43:41.0201 55392 Beep - ok
11:43:41.0230 55392 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
11:43:41.0247 55392 BFE - ok
11:43:41.0424 55392 [ 2175FBC1639E623872081B0F057409C8 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110701.001\BHDrvx64.sys
11:43:41.0438 55392 BHDrvx64 - ok
11:43:41.0495 55392 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:43:41.0498 55392 blbdrive - ok
11:43:41.0568 55392 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
11:43:41.0572 55392 Bonjour Service - ok
11:43:41.0635 55392 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:43:41.0638 55392 bowser - ok
11:43:41.0707 55392 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:43:41.0708 55392 BrFiltLo - ok
11:43:41.0729 55392 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:43:41.0730 55392 BrFiltUp - ok
11:43:41.0800 55392 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
11:43:41.0803 55392 Browser - ok
11:43:41.0834 55392 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:43:41.0851 55392 Brserid - ok
11:43:41.0869 55392 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:43:41.0871 55392 BrSerWdm - ok
11:43:41.0893 55392 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:43:41.0893 55392 BrUsbMdm - ok
11:43:41.0909 55392 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:43:41.0910 55392 BrUsbSer - ok
11:43:41.0940 55392 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:43:41.0941 55392 BTHMODEM - ok
11:43:42.0021 55392 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:43:42.0024 55392 bthserv - ok
11:43:42.0182 55392 [ 37F1BAEC39B505B3B51893A35C8337EA ] ccHP C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys
11:43:42.0200 55392 ccHP - ok
11:43:42.0225 55392 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:43:42.0227 55392 cdfs - ok
11:43:42.0295 55392 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:43:42.0299 55392 cdrom - ok
11:43:42.0324 55392 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
11:43:42.0327 55392 CertPropSvc - ok
11:43:42.0344 55392 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:43:42.0345 55392 circlass - ok
11:43:42.0364 55392 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:43:42.0368 55392 CLFS - ok
11:43:42.0440 55392 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:43:42.0442 55392 clr_optimization_v2.0.50727_32 - ok
11:43:42.0509 55392 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:43:42.0511 55392 clr_optimization_v2.0.50727_64 - ok
11:43:42.0618 55392 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:43:42.0621 55392 clr_optimization_v4.0.30319_32 - ok
11:43:42.0698 55392 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:43:42.0701 55392 clr_optimization_v4.0.30319_64 - ok
11:43:42.0746 55392 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:43:42.0747 55392 CmBatt - ok
11:43:42.0784 55392 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
11:43:42.0786 55392 cmdide - ok
11:43:42.0849 55392 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
11:43:42.0867 55392 CNG - ok
11:43:42.0886 55392 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:43:42.0888 55392 Compbatt - ok
11:43:42.0941 55392 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:43:42.0943 55392 CompositeBus - ok
11:43:42.0959 55392 COMSysApp - ok
11:43:42.0988 55392 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:43:42.0989 55392 crcdisk - ok
11:43:43.0051 55392 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
11:43:43.0053 55392 Creative ALchemy AL6 Licensing Service - ok
11:43:43.0072 55392 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
11:43:43.0074 55392 Creative Audio Engine Licensing Service - ok
11:43:43.0153 55392 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:43:43.0158 55392 CryptSvc - ok
11:43:43.0193 55392 [ 2C8A387412678EF70B6FA8634D14D202 ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
11:43:43.0199 55392 CT20XUT - ok
11:43:43.0226 55392 [ 2C8A387412678EF70B6FA8634D14D202 ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
11:43:43.0230 55392 CT20XUT.SYS - ok
11:43:43.0270 55392 [ 7AEF517275991AE676101B8CA532930C ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
11:43:43.0291 55392 ctac32k - ok
11:43:43.0329 55392 [ 5133C6DCDBE21142958B15736D6E04CA ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
11:43:43.0355 55392 ctaud2k - ok
11:43:43.0399 55392 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
11:43:43.0404 55392 CTAudSvcService - ok
11:43:43.0459 55392 [ 97A108DB4E0E546F23A02900784E4696 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
11:43:43.0496 55392 CTEXFIFX - ok
11:43:43.0548 55392 [ 97A108DB4E0E546F23A02900784E4696 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
11:43:43.0568 55392 CTEXFIFX.SYS - ok
11:43:43.0581 55392 [ A2474CDF422753710BF740A8E7CD6649 ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
11:43:43.0583 55392 CTHWIUT - ok
11:43:43.0593 55392 [ A2474CDF422753710BF740A8E7CD6649 ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
11:43:43.0594 55392 CTHWIUT.SYS - ok
11:43:43.0610 55392 [ 87F73098EA4155B129D845342FEBD7D9 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
11:43:43.0611 55392 ctprxy2k - ok
11:43:43.0633 55392 [ ABC4A71714AEA91FBE810B2503B4CA94 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
11:43:43.0636 55392 ctsfm2k - ok
11:43:43.0700 55392 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
11:43:43.0701 55392 dc3d - ok
11:43:43.0797 55392 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:43:43.0857 55392 DcomLaunch - ok
11:43:43.0908 55392 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:43:43.0925 55392 defragsvc - ok
11:43:43.0991 55392 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:43:43.0994 55392 DfsC - ok
11:43:44.0069 55392 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
11:43:44.0086 55392 Dhcp - ok
11:43:44.0125 55392 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:43:44.0127 55392 discache - ok
11:43:44.0153 55392 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:43:44.0156 55392 Disk - ok
11:43:44.0217 55392 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:43:44.0222 55392 Dnscache - ok
11:43:44.0256 55392 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
11:43:44.0263 55392 dot3svc - ok
11:43:44.0293 55392 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
11:43:44.0298 55392 DPS - ok
11:43:44.0366 55392 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:43:44.0367 55392 drmkaud - ok
11:43:44.0451 55392 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:43:44.0478 55392 DXGKrnl - ok
11:43:44.0503 55392 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:43:44.0504 55392 EapHost - ok
11:43:44.0587 55392 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:43:44.0655 55392 ebdrv - ok
11:43:44.0706 55392 [ EB0883462AC43829E47929D705D40933 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:43:44.0712 55392 eeCtrl - ok
11:43:44.0785 55392 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
11:43:44.0788 55392 EFS - ok
11:43:44.0914 55392 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:43:44.0925 55392 ehRecvr - ok
11:43:44.0954 55392 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:43:44.0957 55392 ehSched - ok
11:43:44.0989 55392 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:43:45.0006 55392 elxstor - ok
11:43:45.0068 55392 [ 0CFF1542AB3E5FB1C2D7302FFE501688 ] emupia C:\Windows\system32\drivers\emupia2k.sys
11:43:45.0072 55392 emupia - ok
11:43:45.0151 55392 [ 86FC0D272F6BB43E7214D4BA955A41E7 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:43:45.0153 55392 EraserUtilRebootDrv - ok
11:43:45.0169 55392 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
11:43:45.0171 55392 ErrDev - ok
11:43:45.0276 55392 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:43:45.0294 55392 EventSystem - ok
11:43:45.0322 55392 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:43:45.0327 55392 exfat - ok
11:43:45.0351 55392 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:43:45.0356 55392 fastfat - ok
11:43:45.0435 55392 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
11:43:45.0462 55392 Fax - ok
11:43:45.0479 55392 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:43:45.0481 55392 fdc - ok
11:43:45.0501 55392 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:43:45.0503 55392 fdPHost - ok
11:43:45.0525 55392 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:43:45.0526 55392 FDResPub - ok
11:43:45.0542 55392 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:43:45.0543 55392 FileInfo - ok
11:43:45.0560 55392 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:43:45.0561 55392 Filetrace - ok
11:43:45.0654 55392 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:43:45.0664 55392 FLEXnet Licensing Service - ok
11:43:45.0706 55392 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:43:45.0707 55392 flpydisk - ok
11:43:45.0730 55392 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:43:45.0733 55392 FltMgr - ok
11:43:45.0812 55392 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
11:43:45.0848 55392 FontCache - ok
11:43:45.0936 55392 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:43:45.0937 55392 FontCache3.0.0.0 - ok
11:43:45.0962 55392 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:43:45.0965 55392 FsDepends - ok
11:43:46.0015 55392 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:43:46.0016 55392 Fs_Rec - ok
11:43:46.0098 55392 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:43:46.0103 55392 fvevol - ok
11:43:46.0121 55392 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:43:46.0122 55392 gagp30kx - ok
11:43:46.0165 55392 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
11:43:46.0190 55392 gpsvc - ok
11:43:46.0280 55392 [ 89B2244C7A220E6FE74364BB11330B5F ] ha20x22k C:\Windows\system32\drivers\ha20x22k.sys
11:43:46.0324 55392 ha20x22k - ok
11:43:46.0406 55392 [ 809DA6E3820CF8FA451FED7AB9D44F71 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
11:43:46.0438 55392 ha20x2k - ok
11:43:46.0511 55392 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
11:43:46.0513 55392 hamachi - ok
11:43:46.0690 55392 [ F10C3F2E002100BF8B797DCF283FEA7D ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
11:43:46.0704 55392 Hamachi2Svc - ok
11:43:46.0743 55392 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:43:46.0744 55392 hcw85cir - ok
11:43:46.0815 55392 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:43:46.0833 55392 HdAudAddService - ok
11:43:46.0859 55392 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:43:46.0862 55392 HDAudBus - ok
11:43:46.0883 55392 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:43:46.0885 55392 HidBatt - ok
11:43:46.0908 55392 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:43:46.0910 55392 HidBth - ok
11:43:46.0929 55392 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:43:46.0930 55392 HidIr - ok
11:43:46.0959 55392 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:43:46.0961 55392 hidserv - ok
11:43:46.0972 55392 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:43:46.0973 55392 HidUsb - ok
11:43:47.0004 55392 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:43:47.0006 55392 hkmsvc - ok
11:43:47.0077 55392 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:43:47.0083 55392 HomeGroupListener - ok
11:43:47.0123 55392 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:43:47.0133 55392 HomeGroupProvider - ok
11:43:47.0231 55392 [ 00B239202F7756695C8CCDF8BAFA7D3D ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
11:43:47.0233 55392 HP Health Check Service - ok
11:43:47.0304 55392 [ DEAB3BF5AEFBDC3F9AC0E020926EC81D ] HPBtnSrv C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
11:43:47.0308 55392 HPBtnSrv - ok
11:43:47.0385 55392 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
11:43:47.0388 55392 hpqwmiex - ok
11:43:47.0413 55392 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
11:43:47.0416 55392 HpSAMD - ok
11:43:47.0453 55392 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:43:47.0480 55392 HTTP - ok
11:43:47.0517 55392 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:43:47.0518 55392 hwpolicy - ok
11:43:47.0541 55392 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:43:47.0544 55392 i8042prt - ok
11:43:47.0610 55392 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:43:47.0627 55392 iaStorV - ok
11:43:47.0719 55392 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:43:47.0732 55392 idsvc - ok
11:43:47.0843 55392 [ D321FF68FF6986BCC18FE85943CB55EF ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110708.032\IDSvia64.sys
11:43:47.0850 55392 IDSVia64 - ok
11:43:47.0867 55392 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:43:47.0868 55392 iirsp - ok
11:43:47.0910 55392 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
11:43:47.0928 55392 IKEEXT - ok
11:43:47.0945 55392 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
11:43:47.0946 55392 intelide - ok
11:43:47.0990 55392 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:43:47.0993 55392 intelppm - ok
11:43:48.0025 55392 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:43:48.0030 55392 IPBusEnum - ok
11:43:48.0051 55392 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:43:48.0054 55392 IpFilterDriver - ok
11:43:48.0095 55392 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:43:48.0113 55392 iphlpsvc - ok
11:43:48.0130 55392 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:43:48.0133 55392 IPMIDRV - ok
11:43:48.0154 55392 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:43:48.0157 55392 IPNAT - ok
11:43:48.0209 55392 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:43:48.0211 55392 IRENUM - ok
11:43:48.0229 55392 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
11:43:48.0231 55392 isapnp - ok
11:43:48.0253 55392 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
11:43:48.0256 55392 iScsiPrt - ok
11:43:48.0274 55392 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:43:48.0276 55392 kbdclass - ok
11:43:48.0289 55392 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:43:48.0290 55392 kbdhid - ok
11:43:48.0310 55392 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
11:43:48.0311 55392 KeyIso - ok
11:43:48.0368 55392 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:43:48.0371 55392 KSecDD - ok
11:43:48.0399 55392 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:43:48.0403 55392 KSecPkg - ok
11:43:48.0425 55392 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:43:48.0427 55392 ksthunk - ok
11:43:48.0479 55392 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:43:48.0497 55392 KtmRm - ok
11:43:48.0579 55392 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:43:48.0596 55392 LanmanServer - ok
11:43:48.0639 55392 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:43:48.0645 55392 LanmanWorkstation - ok
11:43:48.0694 55392 [ 0EE66BDF485C6828AA65C0EF5D591133 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:43:48.0695 55392 LightScribeService - ok
11:43:48.0765 55392 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:43:48.0768 55392 lltdio - ok
11:43:48.0799 55392 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:43:48.0817 55392 lltdsvc - ok
11:43:48.0894 55392 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:43:48.0897 55392 lmhosts - ok
11:43:48.0957 55392 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:43:48.0961 55392 LSI_FC - ok
11:43:48.0983 55392 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:43:48.0986 55392 LSI_SAS - ok
11:43:49.0008 55392 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:43:49.0010 55392 LSI_SAS2 - ok
11:43:49.0025 55392 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:43:49.0027 55392 LSI_SCSI - ok
11:43:49.0047 55392 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:43:49.0048 55392 luafv - ok
11:43:49.0137 55392 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
11:43:49.0154 55392 LVRS64 - ok
11:43:49.0340 55392 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
11:43:49.0466 55392 LVUVC64 - ok
11:43:49.0529 55392 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:43:49.0531 55392 MBAMProtector - ok
11:43:49.0623 55392 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:43:49.0629 55392 MBAMScheduler - ok
11:43:49.0694 55392 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:43:49.0704 55392 MBAMService - ok
11:43:49.0809 55392 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
11:43:49.0813 55392 McComponentHostService - ok
11:43:49.0858 55392 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:43:49.0862 55392 Mcx2Svc - ok
11:43:49.0912 55392 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:43:49.0914 55392 megasas - ok
11:43:49.0941 55392 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:43:49.0947 55392 MegaSR - ok
11:43:49.0987 55392 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:43:49.0991 55392 MMCSS - ok
11:43:50.0010 55392 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:43:50.0012 55392 Modem - ok
11:43:50.0044 55392 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:43:50.0044 55392 monitor - ok
11:43:50.0062 55392 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:43:50.0064 55392 mouclass - ok
11:43:50.0076 55392 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:43:50.0077 55392 mouhid - ok
11:43:50.0094 55392 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:43:50.0096 55392 mountmgr - ok
11:43:50.0170 55392 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:43:50.0172 55392 MozillaMaintenance - ok
11:43:50.0203 55392 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
11:43:50.0207 55392 mpio - ok
11:43:50.0235 55392 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:43:50.0238 55392 mpsdrv - ok
11:43:50.0286 55392 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:43:50.0313 55392 MpsSvc - ok
11:43:50.0373 55392 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:43:50.0377 55392 MRxDAV - ok
11:43:50.0445 55392 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:43:50.0449 55392 mrxsmb - ok
11:43:50.0517 55392 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:43:50.0524 55392 mrxsmb10 - ok
11:43:50.0551 55392 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:43:50.0555 55392 mrxsmb20 - ok
11:43:50.0579 55392 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
11:43:50.0581 55392 msahci - ok
11:43:50.0607 55392 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
11:43:50.0611 55392 msdsm - ok
11:43:50.0646 55392 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:43:50.0652 55392 MSDTC - ok
11:43:50.0726 55392 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:43:50.0727 55392 Msfs - ok
11:43:50.0741 55392 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:43:50.0741 55392 mshidkmdf - ok
11:43:50.0759 55392 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
11:43:50.0760 55392 msisadrv - ok
11:43:50.0808 55392 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:43:50.0814 55392 MSiSCSI - ok
11:43:50.0833 55392 msiserver - ok
11:43:50.0893 55392 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:43:50.0895 55392 MSKSSRV - ok
11:43:50.0946 55392 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:43:50.0947 55392 MSPCLOCK - ok
11:43:50.0970 55392 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:43:50.0971 55392 MSPQM - ok
11:43:50.0997 55392 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:43:51.0002 55392 MsRPC - ok
11:43:51.0019 55392 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:43:51.0020 55392 mssmbios - ok
11:43:51.0029 55392 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:43:51.0030 55392 MSTEE - ok
11:43:51.0044 55392 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:43:51.0044 55392 MTConfig - ok
11:43:51.0063 55392 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:43:51.0064 55392 Mup - ok
11:43:51.0106 55392 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
11:43:51.0124 55392 napagent - ok
11:43:51.0178 55392 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:43:51.0195 55392 NativeWifiP - ok
11:43:51.0333 55392 [ F594E1ACBBB3BA48586B5DD69B3A6BC2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110708.037\ENG64.SYS
11:43:51.0335 55392 NAVENG - ok
11:43:51.0429 55392 [ CFE00B55488ACF0CD9F62B0401297864 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110708.037\EX64.SYS
11:43:51.0441 55392 NAVEX15 - ok
11:43:51.0521 55392 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
11:43:51.0548 55392 NDIS - ok
11:43:51.0610 55392 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:43:51.0612 55392 NdisCap - ok
11:43:51.0671 55392 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:43:51.0673 55392 NdisTapi - ok
11:43:51.0732 55392 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:43:51.0734 55392 Ndisuio - ok
11:43:51.0758 55392 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:43:51.0761 55392 NdisWan - ok
11:43:51.0781 55392 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:43:51.0782 55392 NDProxy - ok
11:43:51.0827 55392 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:43:51.0829 55392 NetBIOS - ok
11:43:51.0899 55392 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:43:51.0908 55392 NetBT - ok
11:43:51.0976 55392 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
11:43:51.0979 55392 Netlogon - ok
11:43:52.0029 55392 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:43:52.0047 55392 Netman - ok
11:43:52.0080 55392 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:43:52.0098 55392 netprofm - ok
11:43:52.0172 55392 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:43:52.0174 55392 NetTcpPortSharing - ok
11:43:52.0195 55392 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:43:52.0198 55392 nfrd960 - ok
11:43:52.0334 55392 [ B4187346F54E362DAFFE647B25A58D50 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
11:43:52.0336 55392 NIS - ok
11:43:52.0373 55392 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:43:52.0391 55392 NlaSvc - ok
11:43:52.0466 55392 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\DRIVERS\npf.sys
11:43:52.0468 55392 NPF - ok
11:43:52.0511 55392 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:43:52.0513 55392 Npfs - ok
11:43:52.0539 55392 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:43:52.0543 55392 nsi - ok
11:43:52.0562 55392 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:43:52.0564 55392 nsiproxy - ok
11:43:52.0657 55392 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:43:52.0688 55392 Ntfs - ok
11:43:52.0747 55392 [ 4C08A14D04E62963E96E0BB57BBC953B ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
11:43:52.0749 55392 NuidFltr - ok
11:43:52.0773 55392 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:43:52.0775 55392 Null - ok
11:43:52.0811 55392 NVHDA - ok
11:43:52.0874 55392 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:43:52.0879 55392 nvraid - ok
11:43:52.0936 55392 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:43:52.0940 55392 nvstor - ok
11:43:52.0960 55392 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
11:43:52.0964 55392 nv_agp - ok
11:43:52.0989 55392 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
11:43:52.0991 55392 ohci1394 - ok
11:43:53.0061 55392 [ 2467CD6866A744C0E9C69861390BD6BC ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
11:43:53.0066 55392 ossrv - ok
11:43:53.0159 55392 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:43:53.0176 55392 p2pimsvc - ok
11:43:53.0222 55392 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:43:53.0239 55392 p2psvc - ok
11:43:53.0261 55392 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:43:53.0264 55392 Parport - ok
11:43:53.0334 55392 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:43:53.0337 55392 partmgr - ok
11:43:53.0363 55392 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:43:53.0372 55392 PcaSvc - ok
11:43:53.0392 55392 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
11:43:53.0396 55392 pci - ok
11:43:53.0419 55392 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
11:43:53.0421 55392 pciide - ok
11:43:53.0442 55392 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:43:53.0445 55392 pcmcia - ok
11:43:53.0464 55392 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:43:53.0465 55392 pcw - ok
11:43:53.0494 55392 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:43:53.0512 55392 PEAUTH - ok
11:43:53.0589 55392 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:43:53.0592 55392 PerfHost - ok
11:43:53.0665 55392 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
11:43:53.0708 55392 pla - ok
11:43:53.0789 55392 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:43:53.0807 55392 PlugPlay - ok
11:43:53.0852 55392 PnkBstrA - ok
11:43:53.0908 55392 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:43:53.0912 55392 PNRPAutoReg - ok
11:43:53.0942 55392 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:43:53.0950 55392 PNRPsvc - ok
11:43:54.0007 55392 [ B8D8EC78B0F9ED8E220506181274F3D3 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
11:43:54.0009 55392 Point64 - ok
11:43:54.0054 55392 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:43:54.0072 55392 PolicyAgent - ok
11:43:54.0113 55392 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:43:54.0116 55392 Power - ok
11:43:54.0140 55392 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:43:54.0142 55392 PptpMiniport - ok
11:43:54.0159 55392 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:43:54.0160 55392 Processor - ok
11:43:54.0242 55392 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
11:43:54.0251 55392 ProfSvc - ok
11:43:54.0270 55392 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:43:54.0273 55392 ProtectedStorage - ok
11:43:54.0291 55392 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:43:54.0292 55392 Psched - ok
11:43:54.0329 55392 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:43:54.0355 55392 ql2300 - ok
11:43:54.0376 55392 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:43:54.0378 55392 ql40xx - ok
11:43:54.0410 55392 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:43:54.0413 55392 QWAVE - ok
11:43:54.0428 55392 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:43:54.0429 55392 QWAVEdrv - ok
11:43:54.0439 55392 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:43:54.0439 55392 RasAcd - ok
11:43:54.0460 55392 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:43:54.0461 55392 RasAgileVpn - ok
11:43:54.0496 55392 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:43:54.0502 55392 RasAuto - ok
11:43:54.0545 55392 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:43:54.0548 55392 Rasl2tp - ok
11:43:54.0581 55392 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
11:43:54.0599 55392 RasMan - ok
11:43:54.0617 55392 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:43:54.0618 55392 RasPppoe - ok
11:43:54.0633 55392 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:43:54.0634 55392 RasSstp - ok
11:43:54.0657 55392 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:43:54.0661 55392 rdbss - ok
11:43:54.0681 55392 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:43:54.0682 55392 rdpbus - ok
11:43:54.0697 55392 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:43:54.0698 55392 RDPCDD - ok
11:43:54.0717 55392 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:43:54.0718 55392 RDPENCDD - ok
11:43:54.0739 55392 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:43:54.0740 55392 RDPREFMP - ok
11:43:54.0805 55392 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:43:54.0811 55392 RDPWD - ok
11:43:54.0846 55392 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:43:54.0851 55392 rdyboost - ok
11:43:54.0887 55392 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:43:54.0892 55392 RemoteAccess - ok
11:43:54.0931 55392 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:43:54.0940 55392 RemoteRegistry - ok
11:43:55.0011 55392 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:43:55.0015 55392 RpcEptMapper - ok
11:43:55.0053 55392 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:43:55.0056 55392 RpcLocator - ok
11:43:55.0097 55392 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
11:43:55.0107 55392 RpcSs - ok
11:43:55.0152 55392 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:43:55.0155 55392 rspndr - ok
11:43:55.0194 55392 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:43:55.0200 55392 RTL8167 - ok
11:43:55.0226 55392 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
11:43:55.0229 55392 SamSs - ok
11:43:55.0250 55392 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
11:43:55.0253 55392 sbp2port - ok
11:43:55.0278 55392 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:43:55.0281 55392 SCardSvr - ok
11:43:55.0293 55392 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:43:55.0294 55392 scfilter - ok
11:43:55.0358 55392 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
11:43:55.0394 55392 Schedule - ok
11:43:55.0471 55392 [ 2A50BE713FAF033420466C25979C028E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
11:43:55.0473 55392 SCMNdisP - ok
11:43:55.0514 55392 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:43:55.0515 55392 SCPolicySvc - ok
11:43:55.0569 55392 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:43:55.0578 55392 SDRSVC - ok
11:43:55.0604 55392 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:43:55.0607 55392 secdrv - ok
11:43:55.0628 55392 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
11:43:55.0631 55392 seclogon - ok
11:43:55.0659 55392 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:43:55.0661 55392 SENS - ok
11:43:55.0695 55392 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:43:55.0699 55392 SensrSvc - ok
11:43:55.0742 55392 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:43:55.0743 55392 Serenum - ok
11:43:55.0760 55392 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:43:55.0762 55392 Serial - ok
11:43:55.0773 55392 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:43:55.0774 55392 sermouse - ok
11:43:55.0809 55392 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
11:43:55.0812 55392 SessionEnv - ok
11:43:55.0830 55392 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
11:43:55.0831 55392 sffdisk - ok
11:43:55.0845 55392 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:43:55.0846 55392 sffp_mmc - ok
11:43:55.0860 55392 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
11:43:55.0861 55392 sffp_sd - ok
11:43:55.0870 55392 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:43:55.0871 55392 sfloppy - ok
11:43:55.0901 55392 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:43:55.0906 55392 SharedAccess - ok
11:43:55.0933 55392 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:43:55.0938 55392 ShellHWDetection - ok
11:43:55.0954 55392 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:43:55.0955 55392 SiSRaid2 - ok
11:43:55.0969 55392 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:43:55.0970 55392 SiSRaid4 - ok
11:43:56.0054 55392 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:43:56.0057 55392 SkypeUpdate - ok
11:43:56.0085 55392 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:43:56.0088 55392 Smb - ok
11:43:56.0122 55392 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:43:56.0124 55392 SNMPTRAP - ok
11:43:56.0181 55392 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:43:56.0182 55392 spldr - ok
11:43:56.0241 55392 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
11:43:56.0259 55392 Spooler - ok
11:43:56.0354 55392 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
11:43:56.0471 55392 sppsvc - ok
11:43:56.0511 55392 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:43:56.0513 55392 sppuinotify - ok
11:43:56.0659 55392 [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS
11:43:56.0677 55392 SRTSP - ok
11:43:56.0708 55392 [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS
11:43:56.0710 55392 SRTSPX - ok
11:43:56.0779 55392 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:43:56.0797 55392 srv - ok
11:43:56.0830 55392 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:43:56.0848 55392 srv2 - ok
11:43:56.0915 55392 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:43:56.0919 55392 srvnet - ok
11:43:56.0951 55392 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:43:56.0960 55392 SSDPSRV - ok
11:43:56.0989 55392 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:43:56.0994 55392 SstpSvc - ok
11:43:57.0078 55392 Steam Client Service - ok
11:43:57.0141 55392 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:43:57.0143 55392 stexstor - ok
11:43:57.0236 55392 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
11:43:57.0263 55392 stisvc - ok
11:43:57.0286 55392 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:43:57.0288 55392 swenum - ok
11:43:57.0325 55392 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:43:57.0344 55392 swprv - ok
11:43:57.0409 55392 [ 659B227A72B76115975A6A9491B2FE1F ] SymDS C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS
11:43:57.0427 55392 SymDS - ok
11:43:57.0504 55392 [ 9F5783A4A03D0091CDBDAA858B566926 ] SymEFA C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS
11:43:57.0509 55392 SymEFA - ok
11:43:57.0578 55392 [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:43:57.0583 55392 SymEvent - ok
11:43:57.0653 55392 [ F7F3DEB5FDD6CEA69A8D1544F7BECAF1 ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
11:43:57.0656 55392 SymIM - ok
11:43:57.0721 55392 [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS
11:43:57.0725 55392 SymIRON - ok
11:43:57.0792 55392 [ 3ADFB72F0797AE3832509FE030755E21 ] SYMTDIv C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS
11:43:57.0809 55392 SYMTDIv - ok
11:43:57.0816 55392 Suspicious service (NoAccess): syshost32
11:43:57.0934 55392 [ 517423B23C0011D585A4CF7E5D78C8BA ] syshost32 C:\Windows\Installer\{BC557894-8C26-BA70-21BB-F5330168D228}\syshost.exe
11:43:57.0935 55392 Suspicious file (NoAccess): C:\Windows\Installer\{BC557894-8C26-BA70-21BB-F5330168D228}\syshost.exe. md5: 517423B23C0011D585A4CF7E5D78C8BA
11:43:58.0014 55392 syshost32 ( Rootkit.Win32.Necurs.gen ) - infected
11:43:58.0014 55392 syshost32 - detected Rootkit.Win32.Necurs.gen (0)
11:43:58.0057 55392 SysInfo - ok
11:43:58.0164 55392 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
11:43:58.0204 55392 SysMain - ok
11:43:58.0224 55392 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:43:58.0226 55392 TabletInputService - ok
11:43:58.0252 55392 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
11:43:58.0257 55392 TapiSrv - ok
11:43:58.0307 55392 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:43:58.0311 55392 TBS - ok
11:43:58.0429 55392 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:43:58.0480 55392 Tcpip - ok
11:43:58.0592 55392 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:43:58.0606 55392 TCPIP6 - ok
11:43:58.0641 55392 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:43:58.0642 55392 tcpipreg - ok
11:43:58.0663 55392 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:43:58.0664 55392 TDPIPE - ok
11:43:58.0713 55392 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:43:58.0714 55392 TDTCP - ok
11:43:58.0735 55392 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:43:58.0738 55392 tdx - ok
11:43:58.0767 55392 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:43:58.0770 55392 TermDD - ok
11:43:58.0805 55392 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
11:43:58.0823 55392 TermService - ok
11:43:58.0881 55392 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:43:58.0886 55392 Themes - ok
11:43:58.0920 55392 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:43:58.0923 55392 THREADORDER - ok
11:43:58.0949 55392 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:43:58.0955 55392 TrkWks - ok
11:43:59.0017 55392 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:43:59.0020 55392 TrustedInstaller - ok
11:43:59.0048 55392 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:43:59.0049 55392 tssecsrv - ok
11:43:59.0115 55392 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:43:59.0118 55392 tunnel - ok
11:43:59.0180 55392 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:43:59.0182 55392 uagp35 - ok
11:43:59.0212 55392 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:43:59.0228 55392 udfs - ok
11:43:59.0254 55392 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:43:59.0256 55392 UI0Detect - ok
11:43:59.0299 55392 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
11:43:59.0302 55392 uliagpkx - ok
11:43:59.0362 55392 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:43:59.0364 55392 umbus - ok
11:43:59.0429 55392 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:43:59.0431 55392 UmPass - ok
11:43:59.0465 55392 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:43:59.0483 55392 upnphost - ok
11:43:59.0559 55392 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:43:59.0563 55392 usbaudio - ok
11:43:59.0613 55392 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:43:59.0615 55392 usbccgp - ok
11:43:59.0636 55392 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
11:43:59.0636 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7
11:43:59.0667 55392 usbcir ( LockedFile.Multi.Generic ) - warning
11:43:59.0667 55392 usbcir - detected LockedFile.Multi.Generic (1)
11:43:59.0723 55392 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:43:59.0724 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbehci.sys. md5: 92969BA5AC44E229C55A332864F79677
11:43:59.0728 55392 usbehci ( LockedFile.Multi.Generic ) - warning
11:43:59.0728 55392 usbehci - detected LockedFile.Multi.Generic (1)
11:43:59.0789 55392 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
11:43:59.0790 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbfilter.sys. md5: 6648C6D7323A2CE0C4776C36CEFBCB14
11:43:59.0818 55392 usbfilter ( LockedFile.Multi.Generic ) - warning
11:43:59.0819 55392 usbfilter - detected LockedFile.Multi.Generic (1)
11:43:59.0874 55392 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:43:59.0874 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbhub.sys. md5: E7DF1CFD28CA86B35EF5ADD0735CEEF3
11:43:59.0880 55392 usbhub ( LockedFile.Multi.Generic ) - warning
11:43:59.0881 55392 usbhub - detected LockedFile.Multi.Generic (1)
11:43:59.0944 55392 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:43:59.0945 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbohci.sys. md5: F1BB1E55F1E7A65C5839CCC7B36D773E
11:43:59.0949 55392 usbohci ( LockedFile.Multi.Generic ) - warning
11:43:59.0949 55392 usbohci - detected LockedFile.Multi.Generic (1)
11:43:59.0970 55392 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:43:59.0971 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D
11:43:59.0975 55392 usbprint ( LockedFile.Multi.Generic ) - warning
11:43:59.0975 55392 usbprint - detected LockedFile.Multi.Generic (1)
11:44:00.0027 55392 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
11:44:00.0027 55392 Suspicious file (NoAccess): C:\Windows\system32\drivers\USBSTOR.SYS. md5: F39983647BC1F3E6100778DDFE9DCE29
11:44:00.0030 55392 USBSTOR ( LockedFile.Multi.Generic ) - warning
11:44:00.0030 55392 USBSTOR - detected LockedFile.Multi.Generic (1)
11:44:00.0090 55392 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:44:00.0090 55392 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbuhci.sys. md5: BC3070350A491D84B518D7CCA9ABD36F
11:44:00.0095 55392 usbuhci ( LockedFile.Multi.Generic ) - warning
11:44:00.0095 55392 usbuhci - detected LockedFile.Multi.Generic (1)
11:44:00.0128 55392 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:44:00.0133 55392 UxSms - ok
11:44:00.0160 55392 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
11:44:00.0161 55392 VaultSvc - ok
11:44:00.0209 55392 [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
11:44:00.0210 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\VClone.sys. md5: 84BB306B7863883018D7F3EB0C453BD5
11:44:00.0215 55392 VClone ( LockedFile.Multi.Generic ) - warning
11:44:00.0216 55392 VClone - detected LockedFile.Multi.Generic (1)
11:44:00.0279 55392 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
11:44:00.0279 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD
11:44:00.0283 55392 vdrvroot ( LockedFile.Multi.Generic ) - warning
11:44:00.0283 55392 vdrvroot - detected LockedFile.Multi.Generic (1)
11:44:00.0321 55392 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
11:44:00.0340 55392 vds - ok
11:44:00.0360 55392 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:44:00.0361 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD
11:44:00.0368 55392 vga ( LockedFile.Multi.Generic ) - warning
11:44:00.0368 55392 vga - detected LockedFile.Multi.Generic (1)
11:44:00.0428 55392 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:44:00.0428 55392 Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC
11:44:00.0435 55392 VgaSave ( LockedFile.Multi.Generic ) - warning
11:44:00.0436 55392 VgaSave - detected LockedFile.Multi.Generic (1)
11:44:00.0496 55392 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
11:44:00.0497 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vhdmp.sys. md5: C82E748660F62A242B2DFAC1442F22A4
11:44:00.0504 55392 vhdmp ( LockedFile.Multi.Generic ) - warning
11:44:00.0504 55392 vhdmp - detected LockedFile.Multi.Generic (1)
11:44:00.0525 55392 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
11:44:00.0526 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54
11:44:00.0530 55392 viaide ( LockedFile.Multi.Generic ) - warning
11:44:00.0531 55392 viaide - detected LockedFile.Multi.Generic (1)
11:44:00.0550 55392 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
11:44:00.0550 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\volmgr.sys. md5: 2B1A3DAE2B4E70DBBA822B7A03FBD4A3
11:44:00.0554 55392 volmgr ( LockedFile.Multi.Generic ) - warning
11:44:00.0554 55392 volmgr - detected LockedFile.Multi.Generic (1)
11:44:00.0573 55392 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:44:00.0573 55392 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: 99B0CBB569CA79ACAED8C91461D765FB
11:44:00.0577 55392 volmgrx ( LockedFile.Multi.Generic ) - warning
11:44:00.0577 55392 volmgrx - detected LockedFile.Multi.Generic (1)
11:44:00.0597 55392 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
11:44:00.0598 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\volsnap.sys. md5: 58F82EED8CA24B461441F9C3E4F0BF5C
11:44:00.0601 55392 volsnap ( LockedFile.Multi.Generic ) - warning
11:44:00.0601 55392 volsnap - detected LockedFile.Multi.Generic (1)
11:44:00.0618 55392 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:44:00.0618 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997
11:44:00.0622 55392 vsmraid ( LockedFile.Multi.Generic ) - warning
11:44:00.0622 55392 vsmraid - detected LockedFile.Multi.Generic (1)
11:44:00.0660 55392 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
11:44:00.0687 55392 VSS - ok
11:44:00.0710 55392 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:44:00.0711 55392 vwifibus - ok
11:44:00.0775 55392 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:44:00.0775 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F
11:44:00.0780 55392 vwififlt ( LockedFile.Multi.Generic ) - warning
11:44:00.0780 55392 vwififlt - detected LockedFile.Multi.Generic (1)
11:44:00.0829 55392 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:44:00.0836 55392 W32Time - ok
11:44:00.0856 55392 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:44:00.0856 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E
11:44:00.0859 55392 WacomPen ( LockedFile.Multi.Generic ) - warning
11:44:00.0859 55392 WacomPen - detected LockedFile.Multi.Generic (1)
11:44:00.0914 55392 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:44:00.0915 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 47CA49400643EFFD3F1C9A27E1D69324
11:44:00.0937 55392 WANARP ( LockedFile.Multi.Generic ) - warning
11:44:00.0937 55392 WANARP - detected LockedFile.Multi.Generic (1)
11:44:00.0951 55392 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:44:00.0952 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 47CA49400643EFFD3F1C9A27E1D69324
11:44:00.0958 55392 Wanarpv6 ( LockedFile.Multi.Generic ) - warning
11:44:00.0958 55392 Wanarpv6 - detected LockedFile.Multi.Generic (1)
11:44:01.0058 55392 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:44:01.0091 55392 WatAdminSvc - ok
11:44:01.0136 55392 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
11:44:01.0163 55392 wbengine - ok
11:44:01.0216 55392 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:44:01.0233 55392 WbioSrvc - ok
11:44:01.0307 55392 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:44:01.0325 55392 wcncsvc - ok
11:44:01.0356 55392 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:44:01.0359 55392 WcsPlugInService - ok
11:44:01.0374 55392 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:44:01.0374 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC
11:44:01.0377 55392 Wd ( LockedFile.Multi.Generic ) - warning
11:44:01.0377 55392 Wd - detected LockedFile.Multi.Generic (1)
11:44:01.0404 55392 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:44:01.0404 55392 Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250
11:44:01.0408 55392 Wdf01000 ( LockedFile.Multi.Generic ) - warning
11:44:01.0408 55392 Wdf01000 - detected LockedFile.Multi.Generic (1)
11:44:01.0431 55392 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:44:01.0433 55392 WdiServiceHost - ok
11:44:01.0447 55392 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:44:01.0448 55392 WdiSystemHost - ok
11:44:01.0515 55392 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
11:44:01.0533 55392 WebClient - ok
11:44:01.0606 55392 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:44:01.0623 55392 Wecsvc - ok
11:44:01.0690 55392 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:44:01.0696 55392 wercplsupport - ok
11:44:01.0724 55392 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:44:01.0730 55392 WerSvc - ok
11:44:01.0755 55392 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:44:01.0756 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725
11:44:01.0761 55392 WfpLwf ( LockedFile.Multi.Generic ) - warning
11:44:01.0762 55392 WfpLwf - detected LockedFile.Multi.Generic (1)
11:44:01.0784 55392 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:44:01.0785 55392 Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC
11:44:01.0791 55392 WIMMount ( LockedFile.Multi.Generic ) - warning
11:44:01.0791 55392 WIMMount - detected LockedFile.Multi.Generic (1)
11:44:01.0814 55392 WinHttpAutoProxySvc - ok
11:44:01.0918 55392 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:44:01.0924 55392 Winmgmt - ok
11:44:01.0996 55392 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
11:44:02.0049 55392 WinRM - ok
11:44:02.0135 55392 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:44:02.0135 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: 817EAFF5D38674EDD7713B9DFB8E9791
11:44:02.0138 55392 WinUsb ( LockedFile.Multi.Generic ) - warning
11:44:02.0139 55392 WinUsb - detected LockedFile.Multi.Generic (1)
11:44:02.0222 55392 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:44:02.0241 55392 Wlansvc - ok
11:44:02.0409 55392 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:44:02.0423 55392 wlidsvc - ok
11:44:02.0496 55392 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
11:44:02.0497 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778
11:44:02.0501 55392 WmiAcpi ( LockedFile.Multi.Generic ) - warning
11:44:02.0501 55392 WmiAcpi - detected LockedFile.Multi.Generic (1)
11:44:02.0550 55392 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:44:02.0553 55392 wmiApSrv - ok
11:44:02.0577 55392 WMPNetworkSvc - ok
11:44:02.0594 55392 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:44:02.0596 55392 WPCSvc - ok
11:44:02.0616 55392 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:44:02.0619 55392 WPDBusEnum - ok
11:44:02.0680 55392 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:44:02.0681 55392 Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52
11:44:02.0687 55392 ws2ifsl ( LockedFile.Multi.Generic ) - warning
11:44:02.0687 55392 ws2ifsl - detected LockedFile.Multi.Generic (1)
11:44:02.0704 55392 WSearch - ok
11:44:02.0858 55392 [ D161D62AE8D3F3EC1197B012D5E47431 ] WSWNDA3100v2 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
11:44:02.0863 55392 WSWNDA3100v2 - ok
11:44:02.0925 55392 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:44:02.0926 55392 Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: 7CADC74271DD6461C452C271B30BD378
11:44:02.0930 55392 WudfPf ( LockedFile.Multi.Generic ) - warning
11:44:02.0930 55392 WudfPf - detected LockedFile.Multi.Generic (1)
11:44:02.0981 55392 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:44:02.0981 55392 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: 3B197AF0FFF08AA66B6B2241CA538D64
11:44:02.0986 55392 WUDFRd ( LockedFile.Multi.Generic ) - warning
11:44:02.0986 55392 WUDFRd - detected LockedFile.Multi.Generic (1)
11:44:03.0018 55392 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:44:03.0024 55392 wudfsvc - ok
11:44:03.0056 55392 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:44:03.0073 55392 WwanSvc - ok
11:44:03.0130 55392 ================ Scan global ===============================
11:44:03.0168 55392 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:44:03.0225 55392 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
11:44:03.0251 55392 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
11:44:03.0283 55392 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:44:03.0306 55392 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:44:03.0315 55392 [Global] - ok
11:44:03.0315 55392 ================ Scan MBR ==================================
11:44:03.0330 55392 [ 26E2BD2FC85D2611796F2D6FCC7322A2 ] \Device\Harddisk0\DR0
11:44:03.0546 55392 \Device\Harddisk0\DR0 - ok
11:44:03.0547 55392 ================ Scan VBR ==================================
11:44:03.0550 55392 [ 125DF1804444E7BDAD0D57A7026885E3 ] \Device\Harddisk0\DR0\Partition1
11:44:03.0551 55392 \Device\Harddisk0\DR0\Partition1 - ok
11:44:03.0563 55392 [ D766BAD46A984859E4237981AC196C39 ] \Device\Harddisk0\DR0\Partition2
11:44:03.0564 55392 \Device\Harddisk0\DR0\Partition2 - ok
11:44:03.0592 55392 [ B1CD9A689E72363393E2B1131EBA57B6 ] \Device\Harddisk0\DR0\Partition3
11:44:03.0593 55392 \Device\Harddisk0\DR0\Partition3 - ok
11:44:03.0593 55392 ============================================================
11:44:03.0593 55392 Scan finished
11:44:03.0593 55392 ============================================================
11:44:03.0602 53840 Detected object count: 33
11:44:03.0602 53840 Actual detected object count: 33
11:44:33.0386 53840 C:\Windows\System32\Drivers\481d6f34a27e453e.sys - copied to quarantine
11:44:33.0426 53840 HKLM\SYSTEM\ControlSet001\services\481d6f34a27e453e - will be deleted on reboot
11:44:33.0472 53840 HKLM\SYSTEM\ControlSet002\services\481d6f34a27e453e - will be deleted on reboot
11:44:33.0798 53840 C:\Windows\System32\Drivers\481d6f34a27e453e.sys - will be deleted on reboot
11:44:33.0798 53840 481d6f34a27e453e ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
11:44:33.0838 53840 C:\Windows\Installer\{BC557894-8C26-BA70-21BB-F5330168D228}\syshost.exe - copied to quarantine
11:44:33.0866 53840 HKLM\SYSTEM\ControlSet001\services\syshost32 - will be deleted on reboot
11:44:33.0907 53840 HKLM\SYSTEM\ControlSet002\services\syshost32 - will be deleted on reboot
11:44:34.0223 53840 C:\Windows\Installer\{BC557894-8C26-BA70-21BB-F5330168D228}\syshost.exe - will be deleted on reboot
11:44:34.0223 53840 syshost32 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
11:44:34.0228 53840 usbcir ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0228 53840 usbcir ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0232 53840 usbehci ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0233 53840 usbehci ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0237 53840 usbfilter ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0237 53840 usbfilter ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0241 53840 usbhub ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0241 53840 usbhub ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0246 53840 usbohci ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0246 53840 usbohci ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0250 53840 usbprint ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0250 53840 usbprint ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0255 53840 USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0255 53840 USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0259 53840 usbuhci ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0259 53840 usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0264 53840 VClone ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0264 53840 VClone ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0268 53840 vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0268 53840 vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0269 53840 vga ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0269 53840 vga ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0271 53840 VgaSave ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0271 53840 VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0274 53840 vhdmp ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0274 53840 vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0276 53840 viaide ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0276 53840 viaide ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0278 53840 volmgr ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0278 53840 volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0280 53840 volmgrx ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0280 53840 volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0281 53840 volsnap ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0282 53840 volsnap ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0283 53840 vsmraid ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0283 53840 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0285 53840 vwififlt ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0285 53840 vwififlt ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0287 53840 WacomPen ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0287 53840 WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0288 53840 WANARP ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0289 53840 WANARP ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0290 53840 Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0290 53840 Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0292 53840 Wd ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0292 53840 Wd ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0295 53840 Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0295 53840 Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0296 53840 WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0296 53840 WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0298 53840 WIMMount ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0298 53840 WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0299 53840 WinUsb ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0299 53840 WinUsb ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0301 53840 WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0301 53840 WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0302 53840 ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0302 53840 ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0304 53840 WudfPf ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0304 53840 WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:34.0305 53840 WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
11:44:34.0305 53840 WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip
11:44:53.0779 49896 Deinitialize success

There was another log for this, so I'll post that as well. I'm guessing this is from when I booted back up after the restart.

11:50:54.0129 3292 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
11:50:54.0675 3292 ============================================================
11:50:54.0675 3292 Current date / time: 2012/09/18 11:50:54.0675
11:50:54.0675 3292 SystemInfo:
11:50:54.0675 3292
11:50:54.0675 3292 OS Version: 6.1.7600 ServicePack: 0.0
11:50:54.0675 3292 Product type: Workstation
11:50:54.0675 3292 ComputerName: JOE-PC
11:50:54.0675 3292 UserName: Joe
11:50:54.0675 3292 Windows directory: C:\Windows
11:50:54.0675 3292 System windows directory: C:\Windows
11:50:54.0675 3292 Running under WOW64
11:50:54.0675 3292 Processor architecture: Intel x64
11:50:54.0675 3292 Number of processors: 4
11:50:54.0675 3292 Page size: 0x1000
11:50:54.0675 3292 Boot type: Normal boot
11:50:54.0675 3292 ============================================================
11:52:30.0522 3292 BG loaded
11:52:31.0396 3292 Drive \Device\Harddisk0\DR0 - Size: 0x9502F90000 (596.05 Gb), SectorSize: 0x200, Cylinders: 0x12FF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:52:31.0442 3292 ============================================================
11:52:31.0442 3292 \Device\Harddisk0\DR0:
11:52:31.0474 3292 MBR partitions:
11:52:31.0474 3292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:52:31.0474 3292 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x48FBA000
11:52:31.0474 3292 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x48FEC800, BlocksNum 0x182A800
11:52:31.0474 3292 ============================================================
11:52:31.0864 3292 C: <-> \Device\Harddisk0\DR0\Partition2
11:52:32.0066 3292 D: <-> \Device\Harddisk0\DR0\Partition3
11:52:32.0066 3292 ============================================================
11:52:32.0066 3292 Initialize success
11:52:32.0066 3292 ============================================================
11:53:22.0845 4032 Deinitialize success



And then the log from the other program.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-18 11:58:16
-----------------------------
11:58:16.742 OS Version: Windows x64 6.1.7600
11:58:16.742 Number of processors: 4 586 0x403
11:58:16.742 ComputerName: JOE-PC UserName: Joe
11:58:18.726 Initialize success
12:00:15.095 AVAST engine defs: 12091400
12:00:41.056 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007b
12:00:41.060 Disk 0 Vendor: WDC_____ 01.0 Size: 610351MB BusType: 8
12:00:41.079 Disk 0 MBR read successfully
12:00:41.084 Disk 0 MBR scan
12:00:41.137 Disk 0 unknown MBR code
12:00:41.146 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:00:41.178 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 597876 MB offset 206848
12:00:41.232 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12373 MB offset 1224656896
12:00:41.565 Disk 0 scanning C:\Windows\system32\drivers
12:00:53.695 Service scanning
12:01:13.427 Modules scanning
12:01:13.444 Disk 0 trace - called modules:
12:01:13.461 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
12:01:13.473 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005de5060]
12:01:13.484 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\0000007b[0xfffffa8005d1d9c0]
12:01:17.841 AVAST engine scan C:\Windows
12:01:20.846 AVAST engine scan C:\Windows\system32
12:04:28.180 AVAST engine scan C:\Windows\system32\drivers
12:04:42.755 AVAST engine scan C:\Users\Joe
12:16:22.496 AVAST engine scan C:\ProgramData
12:19:07.522 Scan finished successfully
12:19:28.240 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat"
12:19:28.243 The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt"

#18 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:33 PM

Posted 18 September 2012 - 12:34 PM

rerun MBAM once more for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#19 Daftward

Daftward
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 18 September 2012 - 01:42 PM

Ran the scan and it said no malicious items were detected.

#20 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:33 PM

Posted 18 September 2012 - 02:35 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

BitTorrent
Java™ 6 Update 25
Java™ 7 Update 5
JavaFX 2.1.1
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#21 Daftward

Daftward
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 18 September 2012 - 03:34 PM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.18.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Joe :: JOE-PC [administrator]

9/18/2012 3:28:44 PM
mbam-log-2012-09-18 (15-28-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222095
Time elapsed: 2 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:33:31 PM, on 9/18/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Joe\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: NETGEAR WNDA3100v2 Genie.lnk = ?
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: HIMYM.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNDA3100v2 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe

--
End of file - 11316 bytes






Don't seem to be having any issues on my end, and had no problems running the scans.

#22 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:33 PM

Posted 18 September 2012 - 04:04 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
      O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
      O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
      O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
      O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
      O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
      O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Google Update] "C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
      O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#23 Daftward

Daftward
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 18 September 2012 - 08:05 PM

Few threats found from the scan.

C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll Win32/OpenCandy application
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlipso-qlipso-silent-us.exe a variant of Win32/Toolbar.Zugo application
C:\TDSSKiller_Quarantine\18.09.2012_11.42.21\necurs0000\svc0000\tsk0000.dta a variant of Win64/TrojanDownloader.Necurs.G trojan
C:\TDSSKiller_Quarantine\18.09.2012_11.42.21\necurs0001\svc0000\tsk0000.dta a variant of Win32/Kryptik.ALUF trojan
C:\Users\Joe\Downloads\cnet_SwfToGifConverter_setup_zip.exe a variant of Win32/InstallCore.D application
C:\Users\Joe\Downloads\VeohWebPlayerSetup_eng.exe multiple threats

#24 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:33 PM

Posted 19 September 2012 - 12:58 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    rd /s /q "C:\TDSSKiller_Quarantine\"
    del /f /s /q "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll"
    del /f /s /q "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlipso-qlipso-silent-us.exe"
    del /f /s /q "C:\Users\Joe\Downloads\cnet_SwfToGifConverter_setup_zip.exe"
    del /f /s /q "C:\Users\Joe\Downloads\VeohWebPlayerSetup_eng.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#25 Daftward

Daftward
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 20 September 2012 - 01:08 PM

Almost everything went smoothly, and the computer seems to be running great!

However, when I attempted to uninstall ComboFix I get the following error: "Windows cannot find 'ComboFix'. Make sure you typed the name correctly, and then try again. I made sure it was copied correctly, so I'm not really sure what else the problem could be. It would be nice to remove, but I'm also no completely computer illiterate and know enough not to mess around with the tool. So I suppose it wouldn't be the end of the world if it remained on my PC for the time being, unless it needs to be removed for some specific reason.

Other than that, seems to be working great. I can't thank you enough for your help, and while I can't right this minute, I'll see what I can send your way in the form of a donation. Thanks again.

#26 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:33 PM

Posted 20 September 2012 - 04:44 PM

You are more than welcome and go ahead and run this to remove any leftover files from combofix - http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#27 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:33 PM

Posted 23 September 2012 - 06:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users