Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect virus


  • This topic is locked This topic is locked
16 replies to this topic

#1 Sachin1101

Sachin1101

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 02 October 2012 - 07:08 PM

Attached File  Attach.txt   10.71KB   0 downloadsHi,
Please help.

google redirect virus keeps redirecting randomly to click.livesearchnow.com, bts.scour.com, 63.209.69.107, az307127.vo.msecnd.net etc

DDS log is below, Attach.txt is attached.
Please help.
Thanks
Sachin


[======================= DDS =========== ]
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.5.0_12
Run by win7 at 19:39:03 on 2012-10-02
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4063.2183 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
E:\Windows\system32\wininit.exe
E:\Windows\system32\lsm.exe
E:\Windows\system32\svchost.exe -k DcomLaunch
E:\Windows\system32\nvvsvc.exe
E:\Windows\system32\svchost.exe -k RPCSS
E:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
E:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
E:\Windows\system32\svchost.exe -k netsvcs
E:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
E:\Windows\system32\svchost.exe -k LocalService
E:\Windows\system32\Hpservice.exe
E:\Windows\system32\nvvsvc.exe
E:\Windows\system32\vfsFPService.exe
E:\Windows\system32\svchost.exe -k NetworkService
E:\Windows\System32\spoolsv.exe
E:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
E:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
E:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
E:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
E:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
E:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
E:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
E:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
E:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
E:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
E:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
E:\Windows\system32\svchost.exe -k imgsvc
E:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
E:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
E:\Windows\system32\wbem\wmiprvse.exe
E:\Windows\system32\SearchIndexer.exe
E:\Windows\system32\taskhost.exe
E:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
E:\Windows\system32\Dwm.exe
E:\Windows\Explorer.EXE
E:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
E:\Program Files\IDT\WDM\sttray64.exe
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\Program Files\Windows Sidebar\sidebar.exe
E:\Users\win7\AppData\Roaming\Google\Google Talk\googletalk.exe
E:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\E_Program Files (x86)\Messenger\YahooMessenger.exe
E:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
E:\Windows\System32\rundll32.exe
E:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
E:\Windows\SysWOW64\rundll32.exe
E:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
E:\Program Files\Windows Media Player\wmpnetwk.exe
E:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
E:\Program Files\DigitalPersona\Bin\DPAgent.exe
E:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
E:\Windows\system32\wbem\wmiprvse.exe
E:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\E_Program Files (x86)\iTunesHelper.exe
E:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
E:\Program Files\iPod\bin\iPodService.exe
C:\E_Program Files (x86)\Messenger\YahooMessenger.exe
E:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
E:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
E:\Program Files (x86)\Internet Explorer\iexplore.exe
E:\Program Files (x86)\Internet Explorer\iexplore.exe
E:\Program Files (x86)\Internet Explorer\iexplore.exe
E:\Program Files (x86)\Internet Explorer\iexplore.exe
E:\Users\win7\AppData\Local\Google\Update\GoogleUpdate.exe
E:\Program Files (x86)\Internet Explorer\iexplore.exe
E:\Windows\system32\DllHost.exe
E:\Windows\system32\DllHost.exe
E:\Windows\SysWOW64\cmd.exe
E:\Windows\system32\conhost.exe
E:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 127.0.0.1:5555
uURLSearchHooks: H - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - E:\ProgramData\Real

\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - E:\Program Files (x86)\DigitalPersona\Bin

\DpOtsPluginIe8.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - E:\Program Files (x86)\Norton Internet Security\Engine

\19.9.0.9\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - E:\Program Files (x86)\Norton Internet Security\Engine

\19.9.0.9\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\E_PROG~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - E:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\E_PROG~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - E:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - E:\Program Files (x86)\Norton Internet Security\Engine

\19.9.0.9\coIEPlg.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
uRun: [Sidebar] E:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [googletalk] E:\Users\win7\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Facebook Update] "E:\Users\win7\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "E:\Users\win7\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "C:\E_PROG~1\Messenger\YahooMessenger.exe" -quiet
uRun: [<NO NAME>]
uRun: [NokiaSuite.exe] E:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
uRun: [Adobe] rundll32.exe "E:\Users\win7\AppData\Local\Amazon\Adobe\hcusz.dll",DllRegisterServerW
mRun: [DpAgent] E:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun: [QlbCtrl.exe] E:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HPCam_Menu] "E:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "E:\Program Files

(x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [TkBellExe] "E:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [APSDaemon] "E:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\E_Program Files (x86)\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: E:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDQUIC~1.LNK - E:\Program Files (x86)\Western Digital\WD

SmartWare\WD Drive Manager\WDDMStatus.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - E:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\E_PROG~1\Office14\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect114a.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {B1647320-9EC8-4B0F-BF53-93D4A43FA614} -

hxxps://usportal3.amdocs.com/prx/000/http/localhost/tcs/global/TerminalServices/TerminalSvcsTCS.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {F6A553B1-4B5F-4974-866F-98C1D1EBD3DE} - hxxps://usportal.amdocs.com/prx/000/http/wwwstl2/tc/CPubAppsTCS.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{D59C4F87-1696-4328-8DF4-043CA5B51DCA} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{D59C4F87-1696-4328-8DF4-043CA5B51DCA}\2427F6E6A756D41676E6F6C69616D27657563747 : DhcpNameServer = 75.75.75.75

75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - E:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\E_PROG~1\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli DPPWDFLT
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\ProgramData\Real

\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - E:\Program Files (x86)\DigitalPersona\Bin

\DpOtsPluginIe8.dll
BHO-X64: DigitalPersona Personal Extension - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - E:\Program Files (x86)\Norton Internet Security\Engine

\19.9.0.9\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - E:\Program Files (x86)\Norton Internet Security

\Engine\19.9.0.9\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\E_PROG~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\E_PROG~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - E:\Program Files (x86)\Norton Internet Security\Engine

\19.9.0.9\coIEPlg.dll
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
mRun-x64: [DpAgent] E:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun-x64: [QlbCtrl.exe] E:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [HPCam_Menu] "E:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "E:\Program Files

(x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [TkBellExe] "E:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [APSDaemon] "E:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\E_Program Files (x86)\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\E_PROG~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 johci;JMicron 1394 Filter Driver;E:\Windows\system32\DRIVERS\johci.sys --> E:\Windows\system32\DRIVERS\johci.sys [?]
R0 SymDS;Symantec Data Store;E:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS --> E:\Windows\system32\drivers

\NISx64\1309000.009\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;E:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS --> E:\Windows

\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;E:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs

\20120928.001\BHDrvx64.sys [2012-10-1 1385120]
R1 ccSet_NIS;Norton Internet Security Settings Manager;E:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys --> E:\Windows

\system32\drivers\NISx64\1309000.009\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;E:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs

\20120929.001\IDSviA64.sys [2012-10-2 513184]
R1 SymIRON;Symantec Iron Driver;E:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS --> E:\Windows\system32\drivers

\NISx64\1309000.009\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;E:\Windows\system32\Drivers\NISx64\1309000.009\SYMNETS.SYS --> E:\Windows

\system32\Drivers\NISx64\1309000.009\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;E:\Windows\system32\DRIVERS\vwififlt.sys --> E:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;E:\Windows\System32\DriverStore\FileRepository

\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 hpsrv;HP Service;E:\Windows\system32\Hpservice.exe --> E:\Windows\system32\Hpservice.exe [?]
R2 MBAMScheduler;MBAMScheduler;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-30 399432]
R2 NetBalancer Windows Service;NetBalancer Windows Service;E:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2012-2-18

10240]
R2 NIS;Norton Internet Security;E:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;E:\Program Files\Common Files\Nitro PDF\Reader

\2.0\NitroPDFReaderDriverService2x64.exe [2012-7-26 216080]
R2 NovacomD;Palm Novacom;E:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-6-24 72192]
R2 Skype C2C Service;Skype C2C Service;E:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R2 vfsFPService;Validity Fingerprint Service;E:\Windows\System32\vfsFPService.exe [2008-9-16 599344]
R2 WDDMService;WDDMService;E:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-8-1 311296]
R3 Com4QLBEx;Com4QLBEx;E:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2011-10-20 228408]
R3 enecir;ENE CIR Receiver;E:\Windows\system32\DRIVERS\enecir.sys --> E:\Windows\system32\DRIVERS\enecir.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;E:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-

8-9 138912]
R3 JMCR;JMCR;E:\Windows\system32\DRIVERS\jmcr.sys --> E:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 MBAMProtector;MBAMProtector;\??\E:\Windows\system32\drivers\mbam.sys --> E:\Windows\system32\drivers\mbam.sys [?]
R3 Nbdrv;NetBalancer;E:\Windows\system32\DRIVERS\nbdrv.sys --> E:\Windows\system32\DRIVERS\nbdrv.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;E:\Windows\system32\DRIVERS\NETw5s64.sys -->

E:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;E:\Windows\system32\drivers\nvhda64v.sys --> E:\Windows\system32\drivers

\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;E:\Windows\system32\DRIVERS\Rt64win7.sys --> E:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vfs101a;vfs101a;E:\Windows\system32\drivers\vfs101a.sys --> E:\Windows\system32\drivers\vfs101a.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;E:\Windows\system32\DRIVERS\vwifimp.sys --> E:\Windows\system32\DRIVERS\vwifimp.sys

[?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;E:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;E:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-30 676936]
S2 SkypeUpdate;Skype Updater;E:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 dmvsc;dmvsc;E:\Windows\system32\drivers\dmvsc.sys --> E:\Windows\system32\drivers\dmvsc.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\E_Program Files

(x86)\Office14\GROOVE.EXE [2010-12-28 31124344]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;E:\Windows\system32\DRIVERS\netw5v64.sys

--> E:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;E:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform

\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;E:\Windows\system32\drivers\rdpvideominiport.sys --> E:\Windows

\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;E:\Windows\system32\drivers\synth3dvsc.sys --> E:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;E:\Windows\system32\drivers\terminpt.sys --> E:\Windows\system32\drivers

\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;E:\Windows\system32\drivers\tsusbflt.sys --> E:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;E:\Windows\system32\drivers\TsUsbGD.sys --> E:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;E:\Windows\system32\drivers\tsusbhub.sys --> E:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;E:\Windows\system32\Drivers\usbaapl64.sys --> E:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;E:\Windows\system32\Wat\WatAdminSvc.exe --> E:\Windows\system32\Wat

\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-10-02 22:59:20 477168 ----a-w- E:\Windows\SysWow64\npdeployJava1.dll
2012-10-02 00:45:51 -------- d-sh--w- E:\$RECYCLE.BIN
2012-10-01 23:56:21 98816 ----a-w- E:\Windows\sed.exe
2012-10-01 23:56:21 518144 ----a-w- E:\Windows\SWREG.exe
2012-10-01 23:56:21 256000 ----a-w- E:\Windows\PEV.exe
2012-10-01 23:56:21 208896 ----a-w- E:\Windows\MBR.exe
2012-10-01 23:56:13 -------- d-s---w- E:\ComboFix
2012-10-01 23:26:46 405624 ----a-w- E:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys
2012-10-01 23:26:45 737952 ----a-w- E:\Windows\System32\drivers\NISx64\1309000.009\srtsp64.sys
2012-10-01 23:26:45 451192 ----a-r- E:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys
2012-10-01 23:26:45 37536 ----a-w- E:\Windows\System32\drivers\NISx64\1309000.009\srtspx64.sys
2012-10-01 23:26:45 190072 ----a-w- E:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys
2012-10-01 23:26:45 1129120 ----a-w- E:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys
2012-10-01 23:26:44 167072 ----a-w- E:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys
2012-10-01 23:26:11 -------- d-----w- E:\Windows\System32\drivers\NISx64\1309000.009
2012-09-30 21:36:31 -------- d-----w- E:\Users\win7\AppData\Local\NPE
2012-09-30 20:55:43 -------- d-----w- E:\Program Files (x86)\ESET
2012-09-30 20:11:52 -------- d-----w- E:\Users\win7\AppData\Roaming\DriverCure
2012-09-30 20:11:51 -------- d-----w- E:\Users\win7\AppData\Roaming\SpeedyPC Software
2012-09-30 20:11:17 -------- d-----w- E:\ProgramData\SpeedyPC Software
2012-09-30 19:55:54 3767504 ----a-w- E:\Windows\System32\d3dx9_26.dll
2012-09-30 19:55:54 2297552 ----a-w- E:\Windows\SysWow64\d3dx9_26.dll
2012-09-30 17:25:29 -------- d-----w- E:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-25 17:23:22 245760 ----a-w- E:\Windows\System32\OxpsConverter.exe
2012-09-13 00:10:01 -------- d-----w- E:\Users\win7\AppData\Roaming

\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-09-12 00:30:21 950128 ----a-w- E:\Windows\System32\drivers\ndis.sys
2012-09-12 00:30:21 41472 ----a-w- E:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 00:30:20 574464 ----a-w- E:\Windows\System32\d3d10level9.dll
2012-09-12 00:30:20 490496 ----a-w- E:\Windows\SysWow64\d3d10level9.dll
2012-09-12 00:30:20 376688 ----a-w- E:\Windows\System32\drivers\netio.sys
2012-09-12 00:30:20 1913200 ----a-w- E:\Windows\System32\drivers\tcpip.sys
2012-09-12 00:30:19 288624 ----a-w- E:\Windows\System32\drivers\FWPKCLNT.SYS
.
==================== Find3M ====================
.
2012-10-02 22:59:01 473072 ----a-w- E:\Windows\SysWow64\deployJava1.dll
2012-09-07 21:04:46 25928 ----a-w- E:\Windows\System32\drivers\mbam.sys
2012-08-24 10:31:32 2312704 ----a-w- E:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- E:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- E:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- E:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- E:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- E:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- E:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- E:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- E:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- E:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- E:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- E:\Windows\SysWow64\mshtml.tlb
2012-07-26 18:39:14 17936 ----a-w- E:\Windows\System32\nitrolocalui2.dll
2012-07-26 18:39:12 29712 ----a-w- E:\Windows\System32\nitrolocalmon2.dll
2012-07-18 18:15:06 3148800 ----a-w- E:\Windows\System32\win32k.sys
2012-07-06 20:07:42 552960 ----a-w- E:\Windows\System32\drivers\bthport.sys
.
============= FINISH: 19:39:30.21 ===============

[======================= DDS =========== ]

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 PM

Posted 03 October 2012 - 06:53 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Sachin1101

Sachin1101
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 03 October 2012 - 07:46 PM

Hi Gringo ,

Thanks for helping me .

Followings are the logs
=========================== Checkup.txt =============================
Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 35
Java version out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive E: 6%
````````````````````End of Log``````````````````````

======================================================================





==================================== AdwCleaner[S3].txt ======================================
# AdwCleaner v2.003 - Logfile created 10/03/2012 at 20:15:27
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : win7 - WIN7-PC
# Boot Mode : Normal
# Running from : E:\Users\win7\Desktop\bleeping Computer\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Google Chrome v [Unable to get version]

File : E:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3936 octets] - [30/09/2012 16:53:50]
AdwCleaner[R2].txt - [2063 octets] - [01/10/2012 20:40:27]
AdwCleaner[S1].txt - [2504 octets] - [01/10/2012 20:41:49]
AdwCleaner[R3].txt - [959 octets] - [01/10/2012 21:58:44]
AdwCleaner[R4].txt - [1018 octets] - [01/10/2012 21:59:11]
AdwCleaner[S2].txt - [1053 octets] - [01/10/2012 21:59:33]
AdwCleaner[R5].txt - [1166 octets] - [03/10/2012 20:14:41]
AdwCleaner[S3].txt - [1072 octets] - [03/10/2012 20:15:27]

########## EOF - E:\AdwCleaner[S3].txt - [1132 octets] ##########

=======================================================================




============================================ RKreport[2].txt ================================

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : win7 [Admin rights]
Mode : Remove -- Date : 10/03/2012 20:27:53

Bad processes : 0

Registry Entries : 5
[RUN][SUSP PATH] HKCU\[...]\Run : Adobe (rundll32.exe "E:\Users\win7\AppData\Local\Amazon\Adobe\hcusz.dll",DllRegisterServerW) -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:5555) -> NOT REMOVED, USE PROXYFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (E:\$Recycle.Bin\S-1-5-18\$c4788ec3a32b317a6ff84e8b8b4dcae0\n.) -> REPLACED (E:\Windows\system32\wbem\fastprox.dll)

Particular Files / Folders:

Driver : [NOT LOADED]

Extern Hives:
-> C:\windows\system32\config\SOFTWARE
-> C:\Users\Default\NTUSER.DAT
-> C:\Users\Default User\NTUSER.DAT
-> C:\Users\test\NTUSER.DAT
-> C:\Users\UpdatusUser\NTUSER.DAT
-> C:\Documents and Settings\Default\NTUSER.DAT
-> C:\Documents and Settings\Default User\NTUSER.DAT
-> C:\Documents and Settings\test\NTUSER.DAT
-> C:\Documents and Settings\UpdatusUser\NTUSER.DAT

Infection : ZeroAccess

HOSTS File:
--> E:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: Hitachi HTS543232L9A300 +++++
--- User ---
[MBR] 86d9850dfb6feccc96af43986dc003f8
[BSP] 47b5c2b5738cf83e16df9ca690c3e1f5 : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 167861 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 343781376 | Size: 92168 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 532541440 | Size: 34717 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 603643904 | Size: 10496 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


========================================================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 PM

Posted 04 October 2012 - 12:31 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Sachin1101

Sachin1101
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 06 October 2012 - 09:28 PM

Hi Gringo ,

Thanks for your help. Virus is no longer present in the system.
RogueKiller detected the Virus hidden in the dlls.

Below is the comboFix log.


ComboFix 12-10-04.02 - win7 10/06/2012 21:36:59.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4063.2305 [GMT -4:00]
Running from: e:\users\win7\Desktop\bleeping Computer\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\windows\7Loader.TAG
.
.
((((((((((((((((((((((((( Files Created from 2012-09-07 to 2012-10-07 )))))))))))))))))))))))))))))))
.
.
2012-10-07 01:42 . 2012-10-07 01:42 -------- d-----w- e:\users\newAdmin\AppData\Local\temp
2012-10-07 01:42 . 2012-10-07 01:42 -------- d-----w- e:\users\Mcx1-WIN7-PC\AppData\Local\temp
2012-10-07 01:42 . 2012-10-07 01:42 -------- d-----w- e:\users\Default\AppData\Local\temp
2012-10-03 01:51 . 2012-10-03 01:51 73136 ----a-w- e:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-03 01:51 . 2012-10-03 01:51 696240 ----a-w- e:\windows\SysWow64\FlashPlayerApp.exe
2012-10-03 01:15 . 2009-02-24 22:35 255552 ----a-w- e:\windows\SysWow64\drivers\mcdbus.sys
2012-10-03 01:15 . 2009-02-24 22:35 255552 ----a-w- e:\windows\system32\drivers\mcdbus.sys
2012-10-03 01:15 . 2012-10-03 01:16 -------- d-----w- e:\program files (x86)\MagicDisc
2012-10-02 22:59 . 2012-10-02 22:59 477168 ----a-w- e:\windows\SysWow64\npdeployJava1.dll
2012-10-02 22:57 . 2012-10-02 22:57 -------- d-----w- e:\programdata\McAfee
2012-10-01 23:26 . 2012-10-03 01:36 -------- d-----w- e:\windows\system32\drivers\NISx64\1309000.009
2012-09-30 21:36 . 2012-09-30 21:47 -------- d-----w- e:\users\win7\AppData\Local\NPE
2012-09-30 20:55 . 2012-09-30 20:55 -------- d-----w- e:\program files (x86)\ESET
2012-09-30 20:11 . 2012-09-30 20:11 -------- d-----w- e:\users\win7\AppData\Roaming\DriverCure
2012-09-30 20:11 . 2012-09-30 20:11 -------- d-----w- e:\users\win7\AppData\Roaming\SpeedyPC Software
2012-09-30 20:11 . 2012-10-02 00:24 -------- d-----w- e:\programdata\SpeedyPC Software
2012-09-30 19:55 . 2005-05-26 19:34 3767504 ----a-w- e:\windows\system32\d3dx9_26.dll
2012-09-30 19:55 . 2005-05-26 19:34 2297552 ----a-w- e:\windows\SysWow64\d3dx9_26.dll
2012-09-30 19:55 . 2005-03-18 21:19 3823312 ----a-w- e:\windows\system32\d3dx9_25.dll
2012-09-30 17:25 . 2012-09-30 17:25 -------- d-----w- e:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-25 17:23 . 2012-08-21 21:01 245760 ----a-w- e:\windows\system32\OxpsConverter.exe
2012-09-13 00:10 . 2012-09-13 00:10 -------- d-----w- e:\users\win7\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-09-12 00:30 . 2012-08-22 18:12 950128 ----a-w- e:\windows\system32\drivers\ndis.sys
2012-09-12 00:30 . 2012-07-04 20:26 41472 ----a-w- e:\windows\system32\drivers\RNDISMP.sys
2012-09-12 00:30 . 2012-08-22 18:12 1913200 ----a-w- e:\windows\system32\drivers\tcpip.sys
2012-09-12 00:30 . 2012-08-22 18:12 376688 ----a-w- e:\windows\system32\drivers\netio.sys
2012-09-12 00:30 . 2012-08-02 17:58 574464 ----a-w- e:\windows\system32\d3d10level9.dll
2012-09-12 00:30 . 2012-08-02 16:57 490496 ----a-w- e:\windows\SysWow64\d3d10level9.dll
2012-09-12 00:30 . 2012-08-22 18:12 288624 ----a-w- e:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-02 22:59 . 2011-11-06 22:15 473072 ----a-w- e:\windows\SysWow64\deployJava1.dll
2012-09-12 02:33 . 2011-10-20 14:23 64462936 ----a-w- e:\windows\system32\MRT.exe
2012-09-07 21:04 . 2011-10-20 04:04 25928 ----a-w- e:\windows\system32\drivers\mbam.sys
2012-07-26 18:39 . 2012-08-24 23:13 17936 ----a-w- e:\windows\system32\nitrolocalui2.dll
2012-07-26 18:39 . 2012-08-24 23:13 29712 ----a-w- e:\windows\system32\nitrolocalmon2.dll
2012-07-18 18:15 . 2012-08-15 14:36 3148800 ----a-w- e:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="e:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"googletalk"="e:\users\win7\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Facebook Update"="e:\users\win7\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Messenger (Yahoo!)"="c:\e_prog~1\Messenger\YahooMessenger.exe" [2011-11-24 6497592]
"NokiaSuite.exe"="e:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DpAgent"="e:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-09-29 842816]
"QlbCtrl.exe"="e:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"HPCam_Menu"="e:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"TkBellExe"="e:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-10-22 273528]
"APSDaemon"="e:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\e_program files (x86)\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="e:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
e:\users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - e:\program files (x86)\MagicDisc\MagicDisc.exe [2012-10-2 576000]
.
e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WD Quick View.lnk - e:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-8-1 4215808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;e:\windows\system32\Drivers\CSN5PDTS82.sys [x]
R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;e:\windows\system32\Drivers\CSN5PDTS82x64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;e:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 SkypeUpdate;Skype Updater;e:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 Com4QLBEx;Com4QLBEx;e:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 dmvsc;dmvsc;e:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\e_program files (x86)\Office14\GROOVE.EXE [2010-12-28 31124344]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;e:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;e:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;e:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;e:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;e:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;e:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;e:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;e:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;e:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;e:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;e:\windows\system32\Wat\WatAdminSvc.exe [2011-10-25 1255736]
S0 johci;JMicron 1394 Filter Driver;e:\windows\system32\DRIVERS\johci.sys [2009-07-27 20392]
S0 SymDS;Symantec Data Store;e:\windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2011-07-26 451192]
S0 SymEFA;Symantec Extended File Attributes;e:\windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;e:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-08-31 1385120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;e:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;e:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121005.002\IDSvia64.sys [2012-09-06 513184]
S1 SymIRON;Symantec Iron Driver;e:\windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;e:\windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 405624]
S1 vwififlt;Virtual WiFi Filter Driver;e:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;e:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-03 89600]
S2 hpsrv;HP Service;e:\windows\system32\Hpservice.exe [2008-03-18 23040]
S2 MBAMScheduler;MBAMScheduler;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 NetBalancer Windows Service;NetBalancer Windows Service;e:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2012-02-16 10240]
S2 NIS;Norton Internet Security;e:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;e:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-07-26 216080]
S2 NovacomD;Palm Novacom;e:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-06-25 72192]
S2 Skype C2C Service;Skype C2C Service;e:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S2 vfsFPService;Validity Fingerprint Service;e:\windows\system32\vfsFPService.exe [2008-09-16 719152]
S2 WDDMService;WDDMService;e:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-08-01 311296]
S3 enecir;ENE CIR Receiver;e:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;e:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 JMCR;JMCR;e:\windows\system32\DRIVERS\jmcr.sys [2009-09-23 144496]
S3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 Nbdrv;NetBalancer;e:\windows\system32\DRIVERS\nbdrv.sys [2011-05-18 41256]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;e:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;e:\windows\system32\drivers\nvhda64v.sys [2009-11-12 84584]
S3 RTL8167;Realtek 8167 NT Driver;e:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
S3 vfs101a;vfs101a;e:\windows\system32\drivers\vfs101a.sys [2008-09-16 49968]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;e:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-06 e:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4266925297-4085516124-178540677-1000Core.job
- e:\users\win7\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-03 22:43]
.
2012-10-07 e:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4266925297-4085516124-178540677-1000UA.job
- e:\users\win7\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-03 22:43]
.
2012-10-05 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266925297-4085516124-178540677-1000Core.job
- e:\users\win7\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 01:49]
.
2012-10-07 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266925297-4085516124-178540677-1000UA.job
- e:\users\win7\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 01:49]
.
2012-10-04 e:\windows\Tasks\ReclaimerUpdateFiles_win7.job
- e:\users\win7\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-27 14:04]
.
2012-10-05 e:\windows\Tasks\ReclaimerUpdateXML_win7.job
- e:\users\win7\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-27 14:04]
.
2012-10-07 e:\windows\Tasks\RNUpgradeHelperLogonPrompt_win7.job
- e:\users\win7\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-27 14:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="e:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"SysTrayApp"="e:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
.
------- Supplementary Scan -------
.
uLocal Page = e:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = e:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - e:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\e_prog~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
DPF: {F6A553B1-4B5F-4974-866F-98C1D1EBD3DE} - hxxps://usportal.amdocs.com/prx/000/http/wwwstl2/tc/CPubAppsTCS.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
SafeBoot-53122004.sys
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKLM-Run-SynTPEnh - e:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Citrix ICA Web Client - e:\windows\system32\ctxsetup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"e:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"e:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="e:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
e:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
e:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
e:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-10-06 21:53:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-07 01:53
.
Pre-Run: 4,905,742,336 bytes free
Post-Run: 4,711,292,928 bytes free
.
- - End Of File - - 4C4F091A247C5688518850ECF6F1FE11

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 PM

Posted 06 October 2012 - 10:07 PM

Greetings

I want to make sure nothing else is hidden

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 PM

Posted 09 October 2012 - 12:58 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Sachin1101

Sachin1101
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 09 October 2012 - 06:19 AM

Hi Gringo,

Pls give me 2 more days. I will do scan and post the results.

Thanks and regards
Sachin

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 PM

Posted 09 October 2012 - 07:12 AM

take all the time you need but I will come back and check on you in a couple of days - and if you still need more time just let me know



gringo9
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Sachin1101

Sachin1101
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 12 October 2012 - 07:35 PM

TDS log


19:45:58.0109 3232 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:45:59.0210 3232 ============================================================
19:45:59.0210 3232 Current date / time: 2012/10/12 19:45:59.0210
19:45:59.0210 3232 SystemInfo:
19:45:59.0210 3232
19:45:59.0210 3232 OS Version: 6.1.7601 ServicePack: 1.0
19:45:59.0210 3232 Product type: Workstation
19:45:59.0211 3232 ComputerName: WIN7-PC
19:45:59.0211 3232 UserName: win7
19:45:59.0211 3232 Windows directory: E:\Windows
19:45:59.0211 3232 System windows directory: E:\Windows
19:45:59.0211 3232 Running under WOW64
19:45:59.0211 3232 Processor architecture: Intel x64
19:45:59.0211 3232 Number of processors: 2
19:45:59.0211 3232 Page size: 0x1000
19:45:59.0211 3232 Boot type: Normal boot
19:45:59.0211 3232 ============================================================
19:45:59.0942 3232 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:45:59.0965 3232 ============================================================
19:45:59.0965 3232 \Device\Harddisk0\DR0:
19:45:59.0965 3232 MBR partitions:
19:45:59.0965 3232 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x147DA9A0
19:45:59.0984 3232 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x147DB800, BlocksNum 0xB403800
19:45:59.0984 3232 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1FBDF000, BlocksNum 0x43CE800
19:45:59.0984 3232 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x23FAE000, BlocksNum 0x1480000
19:45:59.0984 3232 ============================================================
19:46:00.0019 3232 C: <-> \Device\Harddisk0\DR0\Partition1
19:46:00.0081 3232 E: <-> \Device\Harddisk0\DR0\Partition3
19:46:00.0137 3232 F: <-> \Device\Harddisk0\DR0\Partition4
19:46:00.0204 3232 D: <-> \Device\Harddisk0\DR0\Partition2
19:46:00.0205 3232 ============================================================
19:46:00.0205 3232 Initialize success
19:46:00.0205 3232 ============================================================
19:46:10.0589 5276 ============================================================
19:46:10.0589 5276 Scan started
19:46:10.0589 5276 Mode: Manual;
19:46:10.0589 5276 ============================================================
19:46:11.0115 5276 ================ Scan system memory ========================
19:46:11.0116 5276 System memory - ok
19:46:11.0117 5276 ================ Scan services =============================
19:46:11.0430 5276 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci E:\Windows\system32\DRIVERS\1394ohci.sys
19:46:11.0439 5276 1394ohci - ok
19:46:11.0487 5276 [ 60FBB29CCCE48B4C3A6517CAF42C3496 ] Accelerometer E:\Windows\system32\DRIVERS\Accelerometer.sys
19:46:11.0491 5276 Accelerometer - ok
19:46:11.0534 5276 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI E:\Windows\system32\drivers\ACPI.sys
19:46:11.0539 5276 ACPI - ok
19:46:11.0571 5276 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi E:\Windows\system32\drivers\acpipmi.sys
19:46:11.0573 5276 AcpiPmi - ok
19:46:11.0621 5276 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx E:\Windows\system32\drivers\adp94xx.sys
19:46:11.0629 5276 adp94xx - ok
19:46:11.0700 5276 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci E:\Windows\system32\drivers\adpahci.sys
19:46:11.0706 5276 adpahci - ok
19:46:11.0735 5276 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 E:\Windows\system32\drivers\adpu320.sys
19:46:11.0739 5276 adpu320 - ok
19:46:11.0773 5276 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc E:\Windows\System32\aelupsvc.dll
19:46:11.0774 5276 AeLookupSvc - ok
19:46:11.0882 5276 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters E:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
19:46:11.0884 5276 AESTFilters - ok
19:46:11.0931 5276 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD E:\Windows\system32\drivers\afd.sys
19:46:11.0938 5276 AFD - ok
19:46:11.0985 5276 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 E:\Windows\system32\drivers\agp440.sys
19:46:11.0987 5276 agp440 - ok
19:46:12.0020 5276 [ 3290D6946B5E30E70414990574883DDB ] ALG E:\Windows\System32\alg.exe
19:46:12.0024 5276 ALG - ok
19:46:12.0057 5276 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide E:\Windows\system32\drivers\aliide.sys
19:46:12.0059 5276 aliide - ok
19:46:12.0082 5276 [ 1FF8B4431C353CE385C875F194924C0C ] amdide E:\Windows\system32\drivers\amdide.sys
19:46:12.0084 5276 amdide - ok
19:46:12.0117 5276 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 E:\Windows\system32\drivers\amdk8.sys
19:46:12.0120 5276 AmdK8 - ok
19:46:12.0132 5276 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM E:\Windows\system32\drivers\amdppm.sys
19:46:12.0134 5276 AmdPPM - ok
19:46:12.0177 5276 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata E:\Windows\system32\drivers\amdsata.sys
19:46:12.0180 5276 amdsata - ok
19:46:12.0217 5276 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs E:\Windows\system32\drivers\amdsbs.sys
19:46:12.0221 5276 amdsbs - ok
19:46:12.0250 5276 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata E:\Windows\system32\drivers\amdxata.sys
19:46:12.0251 5276 amdxata - ok
19:46:12.0313 5276 [ 89A69C3F2F319B43379399547526D952 ] AppID E:\Windows\system32\drivers\appid.sys
19:46:12.0315 5276 AppID - ok
19:46:12.0344 5276 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc E:\Windows\System32\appidsvc.dll
19:46:12.0346 5276 AppIDSvc - ok
19:46:12.0367 5276 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo E:\Windows\System32\appinfo.dll
19:46:12.0369 5276 Appinfo - ok
19:46:12.0476 5276 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device E:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:46:12.0480 5276 Apple Mobile Device - ok
19:46:12.0533 5276 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt E:\Windows\System32\appmgmts.dll
19:46:12.0537 5276 AppMgmt - ok
19:46:12.0583 5276 [ C484F8CEB1717C540242531DB7845C4E ] arc E:\Windows\system32\drivers\arc.sys
19:46:12.0586 5276 arc - ok
19:46:12.0606 5276 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas E:\Windows\system32\drivers\arcsas.sys
19:46:12.0609 5276 arcsas - ok
19:46:12.0732 5276 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state E:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:46:12.0733 5276 aspnet_state - ok
19:46:12.0781 5276 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac E:\Windows\system32\DRIVERS\asyncmac.sys
19:46:12.0783 5276 AsyncMac - ok
19:46:12.0807 5276 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi E:\Windows\system32\drivers\atapi.sys
19:46:12.0807 5276 atapi - ok
19:46:12.0874 5276 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder E:\Windows\System32\Audiosrv.dll
19:46:12.0882 5276 AudioEndpointBuilder - ok
19:46:12.0895 5276 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv E:\Windows\System32\Audiosrv.dll
19:46:12.0900 5276 AudioSrv - ok
19:46:12.0951 5276 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV E:\Windows\System32\AxInstSV.dll
19:46:12.0954 5276 AxInstSV - ok
19:46:13.0024 5276 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv E:\Windows\system32\drivers\bxvbda.sys
19:46:13.0031 5276 b06bdrv - ok
19:46:13.0067 5276 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a E:\Windows\system32\DRIVERS\b57nd60a.sys
19:46:13.0072 5276 b57nd60a - ok
19:46:13.0114 5276 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC E:\Windows\System32\bdesvc.dll
19:46:13.0117 5276 BDESVC - ok
19:46:13.0138 5276 [ 16A47CE2DECC9B099349A5F840654746 ] Beep E:\Windows\system32\drivers\Beep.sys
19:46:13.0139 5276 Beep - ok
19:46:13.0448 5276 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE E:\Windows\System32\bfe.dll
19:46:13.0463 5276 BFE - ok
19:46:13.0665 5276 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 E:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
19:46:13.0687 5276 BHDrvx64 - ok
19:46:13.0753 5276 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS E:\Windows\system32\qmgr.dll
19:46:13.0777 5276 BITS - ok
19:46:13.0808 5276 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive E:\Windows\system32\DRIVERS\blbdrive.sys
19:46:13.0810 5276 blbdrive - ok
19:46:13.0910 5276 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service E:\Program Files\Bonjour\mDNSResponder.exe
19:46:13.0918 5276 Bonjour Service - ok
19:46:13.0968 5276 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser E:\Windows\system32\DRIVERS\bowser.sys
19:46:13.0969 5276 bowser - ok
19:46:13.0999 5276 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo E:\Windows\system32\drivers\BrFiltLo.sys
19:46:14.0001 5276 BrFiltLo - ok
19:46:14.0019 5276 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp E:\Windows\system32\drivers\BrFiltUp.sys
19:46:14.0021 5276 BrFiltUp - ok
19:46:14.0053 5276 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP E:\Windows\system32\DRIVERS\bridge.sys
19:46:14.0057 5276 BridgeMP - ok
19:46:14.0094 5276 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser E:\Windows\System32\browser.dll
19:46:14.0098 5276 Browser - ok
19:46:14.0124 5276 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid E:\Windows\System32\Drivers\Brserid.sys
19:46:14.0130 5276 Brserid - ok
19:46:14.0146 5276 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm E:\Windows\System32\Drivers\BrSerWdm.sys
19:46:14.0150 5276 BrSerWdm - ok
19:46:14.0163 5276 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm E:\Windows\System32\Drivers\BrUsbMdm.sys
19:46:14.0165 5276 BrUsbMdm - ok
19:46:14.0179 5276 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer E:\Windows\System32\Drivers\BrUsbSer.sys
19:46:14.0181 5276 BrUsbSer - ok
19:46:14.0217 5276 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum E:\Windows\system32\drivers\BthEnum.sys
19:46:14.0220 5276 BthEnum - ok
19:46:14.0235 5276 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM E:\Windows\system32\DRIVERS\bthmodem.sys
19:46:14.0238 5276 BTHMODEM - ok
19:46:14.0283 5276 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan E:\Windows\system32\DRIVERS\bthpan.sys
19:46:14.0286 5276 BthPan - ok
19:46:14.0334 5276 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT E:\Windows\System32\Drivers\BTHport.sys
19:46:14.0352 5276 BTHPORT - ok
19:46:14.0387 5276 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv E:\Windows\system32\bthserv.dll
19:46:14.0390 5276 bthserv - ok
19:46:14.0434 5276 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB E:\Windows\System32\Drivers\BTHUSB.sys
19:46:14.0437 5276 BTHUSB - ok
19:46:14.0465 5276 catchme - ok
19:46:14.0547 5276 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS E:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys
19:46:14.0554 5276 ccSet_NIS - ok
19:46:14.0596 5276 [ B8BD2BB284668C84865658C77574381A ] cdfs E:\Windows\system32\DRIVERS\cdfs.sys
19:46:14.0597 5276 cdfs - ok
19:46:14.0634 5276 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom E:\Windows\system32\DRIVERS\cdrom.sys
19:46:14.0637 5276 cdrom - ok
19:46:14.0675 5276 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc E:\Windows\System32\certprop.dll
19:46:14.0677 5276 CertPropSvc - ok
19:46:14.0712 5276 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass E:\Windows\system32\DRIVERS\circlass.sys
19:46:14.0713 5276 circlass - ok
19:46:14.0745 5276 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS E:\Windows\system32\CLFS.sys
19:46:14.0751 5276 CLFS - ok
19:46:14.0820 5276 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:46:14.0825 5276 clr_optimization_v2.0.50727_32 - ok
19:46:14.0878 5276 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 E:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:46:14.0883 5276 clr_optimization_v2.0.50727_64 - ok
19:46:14.0978 5276 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:46:14.0982 5276 clr_optimization_v4.0.30319_32 - ok
19:46:15.0005 5276 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 E:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:46:15.0007 5276 clr_optimization_v4.0.30319_64 - ok
19:46:15.0035 5276 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt E:\Windows\system32\DRIVERS\CmBatt.sys
19:46:15.0037 5276 CmBatt - ok
19:46:15.0071 5276 [ E19D3F095812725D88F9001985B94EDD ] cmdide E:\Windows\system32\drivers\cmdide.sys
19:46:15.0073 5276 cmdide - ok
19:46:15.0127 5276 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG E:\Windows\system32\Drivers\cng.sys
19:46:15.0134 5276 CNG - ok
19:46:15.0322 5276 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx E:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
19:46:15.0325 5276 Com4QLBEx - ok
19:46:15.0346 5276 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt E:\Windows\system32\DRIVERS\compbatt.sys
19:46:15.0347 5276 Compbatt - ok
19:46:15.0373 5276 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus E:\Windows\system32\DRIVERS\CompositeBus.sys
19:46:15.0375 5276 CompositeBus - ok
19:46:15.0394 5276 COMSysApp - ok
19:46:15.0410 5276 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk E:\Windows\system32\drivers\crcdisk.sys
19:46:15.0412 5276 crcdisk - ok
19:46:15.0468 5276 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc E:\Windows\system32\cryptsvc.dll
19:46:15.0472 5276 CryptSvc - ok
19:46:15.0535 5276 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC E:\Windows\system32\drivers\csc.sys
19:46:15.0545 5276 CSC - ok
19:46:15.0666 5276 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService E:\Windows\System32\cscsvc.dll
19:46:15.0683 5276 CscService - ok
19:46:15.0699 5276 CSN5PDTS82 - ok
19:46:15.0715 5276 CSN5PDTS82x64 - ok
19:46:15.0779 5276 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch E:\Windows\system32\rpcss.dll
19:46:15.0794 5276 DcomLaunch - ok
19:46:15.0834 5276 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc E:\Windows\System32\defragsvc.dll
19:46:15.0839 5276 defragsvc - ok
19:46:15.0878 5276 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC E:\Windows\system32\Drivers\dfsc.sys
19:46:15.0880 5276 DfsC - ok
19:46:15.0920 5276 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp E:\Windows\system32\dhcpcore.dll
19:46:15.0926 5276 Dhcp - ok
19:46:15.0940 5276 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache E:\Windows\system32\drivers\discache.sys
19:46:15.0941 5276 discache - ok
19:46:15.0970 5276 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk E:\Windows\system32\drivers\disk.sys
19:46:15.0972 5276 Disk - ok
19:46:15.0998 5276 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc E:\Windows\system32\drivers\dmvsc.sys
19:46:16.0001 5276 dmvsc - ok
19:46:16.0044 5276 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache E:\Windows\System32\dnsrslvr.dll
19:46:16.0048 5276 Dnscache - ok
19:46:16.0081 5276 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc E:\Windows\System32\dot3svc.dll
19:46:16.0087 5276 dot3svc - ok
19:46:16.0134 5276 [ 5BC1D876DFD53C31C5FC65D2E9614015 ] DpHost E:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
19:46:16.0142 5276 DpHost - ok
19:46:16.0214 5276 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS E:\Windows\system32\dps.dll
19:46:16.0219 5276 DPS - ok
19:46:16.0265 5276 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud E:\Windows\system32\drivers\drmkaud.sys
19:46:16.0267 5276 drmkaud - ok
19:46:16.0338 5276 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl E:\Windows\System32\drivers\dxgkrnl.sys
19:46:16.0355 5276 DXGKrnl - ok
19:46:16.0400 5276 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost E:\Windows\System32\eapsvc.dll
19:46:16.0404 5276 EapHost - ok
19:46:16.0568 5276 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv E:\Windows\system32\drivers\evbda.sys
19:46:16.0732 5276 ebdrv - ok
19:46:16.0834 5276 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl E:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:46:16.0848 5276 eeCtrl - ok
19:46:16.0877 5276 [ C118A82CD78818C29AB228366EBF81C3 ] EFS E:\Windows\System32\lsass.exe
19:46:16.0880 5276 EFS - ok
19:46:16.0955 5276 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr E:\Windows\ehome\ehRecvr.exe
19:46:16.0973 5276 ehRecvr - ok
19:46:16.0998 5276 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched E:\Windows\ehome\ehsched.exe
19:46:17.0002 5276 ehSched - ok
19:46:17.0052 5276 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor E:\Windows\system32\drivers\elxstor.sys
19:46:17.0061 5276 elxstor - ok
19:46:17.0102 5276 [ 524C79054636D2E5751169005006460B ] enecir E:\Windows\system32\DRIVERS\enecir.sys
19:46:17.0105 5276 enecir - ok
19:46:17.0263 5276 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv E:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:46:17.0267 5276 EraserUtilRebootDrv - ok
19:46:17.0283 5276 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev E:\Windows\system32\drivers\errdev.sys
19:46:17.0285 5276 ErrDev - ok
19:46:17.0336 5276 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem E:\Windows\system32\es.dll
19:46:17.0342 5276 EventSystem - ok
19:46:17.0370 5276 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat E:\Windows\system32\drivers\exfat.sys
19:46:17.0374 5276 exfat - ok
19:46:17.0396 5276 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat E:\Windows\system32\drivers\fastfat.sys
19:46:17.0399 5276 fastfat - ok
19:46:17.0457 5276 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax E:\Windows\system32\fxssvc.exe
19:46:17.0468 5276 Fax - ok
19:46:17.0498 5276 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc E:\Windows\system32\drivers\fdc.sys
19:46:17.0501 5276 fdc - ok
19:46:17.0548 5276 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost E:\Windows\system32\fdPHost.dll
19:46:17.0550 5276 fdPHost - ok
19:46:17.0562 5276 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub E:\Windows\system32\fdrespub.dll
19:46:17.0564 5276 FDResPub - ok
19:46:17.0576 5276 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo E:\Windows\system32\drivers\fileinfo.sys
19:46:17.0577 5276 FileInfo - ok
19:46:17.0601 5276 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace E:\Windows\system32\drivers\filetrace.sys
19:46:17.0604 5276 Filetrace - ok
19:46:17.0623 5276 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk E:\Windows\system32\drivers\flpydisk.sys
19:46:17.0626 5276 flpydisk - ok
19:46:17.0650 5276 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr E:\Windows\system32\drivers\fltmgr.sys
19:46:17.0653 5276 FltMgr - ok
19:46:17.0722 5276 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache E:\Windows\system32\FntCache.dll
19:46:17.0738 5276 FontCache - ok
19:46:17.0784 5276 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 E:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:46:17.0788 5276 FontCache3.0.0.0 - ok
19:46:17.0818 5276 [ D43703496149971890703B4B1B723EAC ] FsDepends E:\Windows\system32\drivers\FsDepends.sys
19:46:17.0820 5276 FsDepends - ok
19:46:17.0848 5276 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec E:\Windows\system32\drivers\Fs_Rec.sys
19:46:17.0850 5276 Fs_Rec - ok
19:46:17.0887 5276 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol E:\Windows\system32\DRIVERS\fvevol.sys
19:46:17.0891 5276 fvevol - ok
19:46:17.0911 5276 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx E:\Windows\system32\drivers\gagp30kx.sys
19:46:17.0914 5276 gagp30kx - ok
19:46:17.0969 5276 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM E:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:46:17.0972 5276 GEARAspiWDM - ok
19:46:18.0030 5276 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc E:\Windows\System32\gpsvc.dll
19:46:18.0041 5276 gpsvc - ok
19:46:18.0076 5276 [ C1B577B2169900F4CF7190C39F085794 ] gusvc E:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:46:18.0079 5276 gusvc - ok
19:46:18.0098 5276 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir E:\Windows\system32\drivers\hcw85cir.sys
19:46:18.0101 5276 hcw85cir - ok
19:46:18.0157 5276 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService E:\Windows\system32\drivers\HdAudio.sys
19:46:18.0162 5276 HdAudAddService - ok
19:46:18.0250 5276 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus E:\Windows\system32\DRIVERS\HDAudBus.sys
19:46:18.0252 5276 HDAudBus - ok
19:46:18.0273 5276 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt E:\Windows\system32\drivers\HidBatt.sys
19:46:18.0275 5276 HidBatt - ok
19:46:18.0297 5276 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth E:\Windows\system32\drivers\hidbth.sys
19:46:18.0300 5276 HidBth - ok
19:46:18.0325 5276 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr E:\Windows\system32\DRIVERS\hidir.sys
19:46:18.0327 5276 HidIr - ok
19:46:18.0356 5276 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv E:\Windows\System32\hidserv.dll
19:46:18.0358 5276 hidserv - ok
19:46:18.0399 5276 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb E:\Windows\system32\DRIVERS\hidusb.sys
19:46:18.0401 5276 HidUsb - ok
19:46:18.0433 5276 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc E:\Windows\system32\kmsvc.dll
19:46:18.0436 5276 hkmsvc - ok
19:46:18.0469 5276 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener E:\Windows\system32\ListSvc.dll
19:46:18.0475 5276 HomeGroupListener - ok
19:46:18.0510 5276 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider E:\Windows\system32\provsvc.dll
19:46:18.0515 5276 HomeGroupProvider - ok
19:46:18.0538 5276 [ 4A435CA815A54639CA09DDF75D751EBC ] hpdskflt E:\Windows\system32\DRIVERS\hpdskflt.sys
19:46:18.0539 5276 hpdskflt - ok
19:46:18.0590 5276 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr E:\Windows\system32\DRIVERS\HpqKbFiltr.sys
19:46:18.0592 5276 HpqKbFiltr - ok
19:46:18.0634 5276 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex E:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
19:46:18.0637 5276 hpqwmiex - ok
19:46:18.0663 5276 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD E:\Windows\system32\drivers\HpSAMD.sys
19:46:18.0666 5276 HpSAMD - ok
19:46:18.0685 5276 [ 6BF024EA61D7894BF4AF0B10A90B546E ] hpsrv E:\Windows\system32\Hpservice.exe
19:46:18.0686 5276 hpsrv - ok
19:46:18.0755 5276 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP E:\Windows\system32\drivers\HTTP.sys
19:46:18.0772 5276 HTTP - ok
19:46:18.0791 5276 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy E:\Windows\system32\drivers\hwpolicy.sys
19:46:18.0792 5276 hwpolicy - ok
19:46:18.0815 5276 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt E:\Windows\system32\DRIVERS\i8042prt.sys
19:46:18.0817 5276 i8042prt - ok
19:46:18.0878 5276 [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON E:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:46:18.0882 5276 IAANTMON - ok
19:46:18.0919 5276 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor E:\Windows\system32\DRIVERS\iaStor.sys
19:46:18.0922 5276 iaStor - ok
19:46:18.0970 5276 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV E:\Windows\system32\drivers\iaStorV.sys
19:46:18.0977 5276 iaStorV - ok
19:46:19.0054 5276 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT E:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:46:19.0059 5276 IDriverT - ok
19:46:19.0129 5276 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc E:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:46:19.0145 5276 idsvc - ok
19:46:19.0321 5276 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 E:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121011.001\IDSvia64.sys
19:46:19.0338 5276 IDSVia64 - ok
19:46:19.0370 5276 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp E:\Windows\system32\drivers\iirsp.sys
19:46:19.0372 5276 iirsp - ok
19:46:19.0437 5276 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT E:\Windows\System32\ikeext.dll
19:46:19.0459 5276 IKEEXT - ok
19:46:19.0485 5276 [ F00F20E70C6EC3AA366910083A0518AA ] intelide E:\Windows\system32\drivers\intelide.sys
19:46:19.0488 5276 intelide - ok
19:46:19.0511 5276 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm E:\Windows\system32\DRIVERS\intelppm.sys
19:46:19.0512 5276 intelppm - ok
19:46:19.0542 5276 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum E:\Windows\system32\ipbusenum.dll
19:46:19.0545 5276 IPBusEnum - ok
19:46:19.0566 5276 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver E:\Windows\system32\DRIVERS\ipfltdrv.sys
19:46:19.0569 5276 IpFilterDriver - ok
19:46:19.0612 5276 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc E:\Windows\System32\iphlpsvc.dll
19:46:19.0621 5276 iphlpsvc - ok
19:46:19.0645 5276 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV E:\Windows\system32\drivers\IPMIDrv.sys
19:46:19.0648 5276 IPMIDRV - ok
19:46:19.0689 5276 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT E:\Windows\system32\drivers\ipnat.sys
19:46:19.0692 5276 IPNAT - ok
19:46:19.0793 5276 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service E:\Program Files\iPod\bin\iPodService.exe
19:46:19.0807 5276 iPod Service - ok
19:46:19.0825 5276 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM E:\Windows\system32\drivers\irenum.sys
19:46:19.0827 5276 IRENUM - ok
19:46:19.0859 5276 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp E:\Windows\system32\drivers\isapnp.sys
19:46:19.0861 5276 isapnp - ok
19:46:19.0900 5276 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt E:\Windows\system32\drivers\msiscsi.sys
19:46:19.0906 5276 iScsiPrt - ok
19:46:19.0981 5276 [ 5BD76F820656AEAA2DCE66EED8DA84B9 ] JMCR E:\Windows\system32\DRIVERS\jmcr.sys
19:46:19.0987 5276 JMCR - ok
19:46:20.0020 5276 [ BB851EDA4211D8D013D93F361ADB13B5 ] johci E:\Windows\system32\DRIVERS\johci.sys
19:46:20.0021 5276 johci - ok
19:46:20.0043 5276 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass E:\Windows\system32\DRIVERS\kbdclass.sys
19:46:20.0046 5276 kbdclass - ok
19:46:20.0077 5276 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid E:\Windows\system32\DRIVERS\kbdhid.sys
19:46:20.0079 5276 kbdhid - ok
19:46:20.0089 5276 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso E:\Windows\system32\lsass.exe
19:46:20.0091 5276 KeyIso - ok
19:46:20.0120 5276 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD E:\Windows\system32\Drivers\ksecdd.sys
19:46:20.0122 5276 KSecDD - ok
19:46:20.0228 5276 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg E:\Windows\system32\Drivers\ksecpkg.sys
19:46:20.0232 5276 KSecPkg - ok
19:46:20.0290 5276 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk E:\Windows\system32\drivers\ksthunk.sys
19:46:20.0292 5276 ksthunk - ok
19:46:20.0350 5276 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm E:\Windows\system32\msdtckrm.dll
19:46:20.0359 5276 KtmRm - ok
19:46:20.0415 5276 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer E:\Windows\System32\srvsvc.dll
19:46:20.0421 5276 LanmanServer - ok
19:46:20.0456 5276 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation E:\Windows\System32\wkssvc.dll
19:46:20.0461 5276 LanmanWorkstation - ok
19:46:20.0502 5276 [ 1538831CF8AD2979A04C423779465827 ] lltdio E:\Windows\system32\DRIVERS\lltdio.sys
19:46:20.0504 5276 lltdio - ok
19:46:20.0548 5276 [ C1185803384AB3FEED115F79F109427F ] lltdsvc E:\Windows\System32\lltdsvc.dll
19:46:20.0559 5276 lltdsvc - ok
19:46:20.0582 5276 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts E:\Windows\System32\lmhsvc.dll
19:46:20.0584 5276 lmhosts - ok
19:46:20.0614 5276 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC E:\Windows\system32\drivers\lsi_fc.sys
19:46:20.0617 5276 LSI_FC - ok
19:46:20.0647 5276 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS E:\Windows\system32\drivers\lsi_sas.sys
19:46:20.0649 5276 LSI_SAS - ok
19:46:20.0670 5276 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 E:\Windows\system32\drivers\lsi_sas2.sys
19:46:20.0672 5276 LSI_SAS2 - ok
19:46:20.0688 5276 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI E:\Windows\system32\drivers\lsi_scsi.sys
19:46:20.0691 5276 LSI_SCSI - ok
19:46:20.0724 5276 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv E:\Windows\system32\drivers\luafv.sys
19:46:20.0726 5276 luafv - ok
19:46:20.0763 5276 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector E:\Windows\system32\drivers\mbam.sys
19:46:20.0763 5276 MBAMProtector - ok
19:46:20.0830 5276 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:46:20.0839 5276 MBAMScheduler - ok
19:46:20.0888 5276 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:46:20.0898 5276 MBAMService - ok
19:46:20.0974 5276 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus E:\Windows\system32\DRIVERS\mcdbus.sys
19:46:20.0981 5276 mcdbus - ok
19:46:21.0016 5276 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc E:\Windows\system32\Mcx2Svc.dll
19:46:21.0019 5276 Mcx2Svc - ok
19:46:21.0058 5276 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas E:\Windows\system32\drivers\megasas.sys
19:46:21.0060 5276 megasas - ok
19:46:21.0086 5276 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR E:\Windows\system32\drivers\MegaSR.sys
19:46:21.0093 5276 MegaSR - ok
19:46:21.0308 5276 Microsoft SharePoint Workspace Audit Service - ok
19:46:21.0354 5276 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS E:\Windows\system32\mmcss.dll
19:46:21.0357 5276 MMCSS - ok
19:46:21.0380 5276 [ 800BA92F7010378B09F9ED9270F07137 ] Modem E:\Windows\system32\drivers\modem.sys
19:46:21.0381 5276 Modem - ok
19:46:21.0411 5276 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor E:\Windows\system32\DRIVERS\monitor.sys
19:46:21.0412 5276 monitor - ok
19:46:21.0441 5276 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass E:\Windows\system32\DRIVERS\mouclass.sys
19:46:21.0443 5276 mouclass - ok
19:46:21.0481 5276 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid E:\Windows\system32\DRIVERS\mouhid.sys
19:46:21.0483 5276 mouhid - ok
19:46:21.0501 5276 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr E:\Windows\system32\drivers\mountmgr.sys
19:46:21.0503 5276 mountmgr - ok
19:46:21.0521 5276 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio E:\Windows\system32\drivers\mpio.sys
19:46:21.0525 5276 mpio - ok
19:46:21.0543 5276 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv E:\Windows\system32\drivers\mpsdrv.sys
19:46:21.0546 5276 mpsdrv - ok
19:46:21.0676 5276 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc E:\Windows\system32\mpssvc.dll
19:46:21.0688 5276 MpsSvc - ok
19:46:21.0715 5276 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV E:\Windows\system32\drivers\mrxdav.sys
19:46:21.0719 5276 MRxDAV - ok
19:46:21.0759 5276 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb E:\Windows\system32\DRIVERS\mrxsmb.sys
19:46:21.0762 5276 mrxsmb - ok
19:46:21.0793 5276 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 E:\Windows\system32\DRIVERS\mrxsmb10.sys
19:46:21.0797 5276 mrxsmb10 - ok
19:46:21.0807 5276 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 E:\Windows\system32\DRIVERS\mrxsmb20.sys
19:46:21.0810 5276 mrxsmb20 - ok
19:46:21.0852 5276 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci E:\Windows\system32\drivers\msahci.sys
19:46:21.0853 5276 msahci - ok
19:46:21.0879 5276 [ DB801A638D011B9633829EB6F663C900 ] msdsm E:\Windows\system32\drivers\msdsm.sys
19:46:21.0883 5276 msdsm - ok
19:46:21.0902 5276 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC E:\Windows\System32\msdtc.exe
19:46:21.0907 5276 MSDTC - ok
19:46:21.0927 5276 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs E:\Windows\system32\drivers\Msfs.sys
19:46:21.0928 5276 Msfs - ok
19:46:21.0961 5276 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf E:\Windows\System32\drivers\mshidkmdf.sys
19:46:21.0963 5276 mshidkmdf - ok
19:46:21.0979 5276 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv E:\Windows\system32\drivers\msisadrv.sys
19:46:21.0980 5276 msisadrv - ok
19:46:22.0034 5276 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI E:\Windows\system32\iscsiexe.dll
19:46:22.0039 5276 MSiSCSI - ok
19:46:22.0045 5276 msiserver - ok
19:46:22.0074 5276 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV E:\Windows\system32\drivers\MSKSSRV.sys
19:46:22.0076 5276 MSKSSRV - ok
19:46:22.0099 5276 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK E:\Windows\system32\drivers\MSPCLOCK.sys
19:46:22.0101 5276 MSPCLOCK - ok
19:46:22.0126 5276 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM E:\Windows\system32\drivers\MSPQM.sys
19:46:22.0128 5276 MSPQM - ok
19:46:22.0159 5276 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC E:\Windows\system32\drivers\MsRPC.sys
19:46:22.0164 5276 MsRPC - ok
19:46:22.0189 5276 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios E:\Windows\system32\DRIVERS\mssmbios.sys
19:46:22.0190 5276 mssmbios - ok
19:46:22.0205 5276 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE E:\Windows\system32\drivers\MSTEE.sys
19:46:22.0207 5276 MSTEE - ok
19:46:22.0223 5276 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig E:\Windows\system32\drivers\MTConfig.sys
19:46:22.0225 5276 MTConfig - ok
19:46:22.0244 5276 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup E:\Windows\system32\Drivers\mup.sys
19:46:22.0245 5276 Mup - ok
19:46:22.0290 5276 [ 582AC6D9873E31DFA28A4547270862DD ] napagent E:\Windows\system32\qagentRT.dll
19:46:22.0299 5276 napagent - ok
19:46:22.0370 5276 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP E:\Windows\system32\DRIVERS\nwifi.sys
19:46:22.0381 5276 NativeWifiP - ok
19:46:22.0468 5276 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG E:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121012.002\ENG64.SYS
19:46:22.0472 5276 NAVENG - ok
19:46:22.0585 5276 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 E:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121012.002\EX64.SYS
19:46:22.0601 5276 NAVEX15 - ok
19:46:22.0629 5276 [ 37BFE7CE56133F2E8E90EF68157D73C8 ] Nbdrv E:\Windows\system32\DRIVERS\nbdrv.sys
19:46:22.0631 5276 Nbdrv - ok
19:46:22.0699 5276 [ 760E38053BF56E501D562B70AD796B88 ] NDIS E:\Windows\system32\drivers\ndis.sys
19:46:22.0719 5276 NDIS - ok
19:46:22.0749 5276 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap E:\Windows\system32\DRIVERS\ndiscap.sys
19:46:22.0751 5276 NdisCap - ok
19:46:22.0781 5276 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi E:\Windows\system32\DRIVERS\ndistapi.sys
19:46:22.0783 5276 NdisTapi - ok
19:46:22.0797 5276 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio E:\Windows\system32\DRIVERS\ndisuio.sys
19:46:22.0799 5276 Ndisuio - ok
19:46:22.0821 5276 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan E:\Windows\system32\DRIVERS\ndiswan.sys
19:46:22.0825 5276 NdisWan - ok
19:46:22.0838 5276 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy E:\Windows\system32\drivers\NDProxy.sys
19:46:22.0840 5276 NDProxy - ok
19:46:22.0917 5276 [ BC4A5463CDAB54967671F500D5F2C79D ] NetBalancer Windows Service E:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
19:46:22.0917 5276 NetBalancer Windows Service - ok
19:46:22.0937 5276 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS E:\Windows\system32\DRIVERS\netbios.sys
19:46:22.0937 5276 NetBIOS - ok
19:46:22.0963 5276 [ 09594D1089C523423B32A4229263F068 ] NetBT E:\Windows\system32\DRIVERS\netbt.sys
19:46:22.0967 5276 NetBT - ok
19:46:23.0000 5276 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon E:\Windows\system32\lsass.exe
19:46:23.0001 5276 Netlogon - ok
19:46:23.0051 5276 [ 847D3AE376C0817161A14A82C8922A9E ] Netman E:\Windows\System32\netman.dll
19:46:23.0057 5276 Netman - ok
19:46:23.0117 5276 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator E:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:46:23.0121 5276 NetMsmqActivator - ok
19:46:23.0151 5276 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator E:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:46:23.0154 5276 NetPipeActivator - ok
19:46:23.0245 5276 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm E:\Windows\System32\netprofm.dll
19:46:23.0260 5276 netprofm - ok
19:46:23.0283 5276 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator E:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:46:23.0284 5276 NetTcpActivator - ok
19:46:23.0291 5276 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing E:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:46:23.0292 5276 NetTcpPortSharing - ok
19:46:23.0638 5276 [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64 E:\Windows\system32\DRIVERS\NETw5s64.sys
19:46:23.0998 5276 NETw5s64 - ok
19:46:24.0290 5276 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 E:\Windows\system32\DRIVERS\netw5v64.sys
19:46:24.0557 5276 netw5v64 - ok
19:46:24.0590 5276 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 E:\Windows\system32\drivers\nfrd960.sys
19:46:24.0592 5276 nfrd960 - ok
19:46:24.0651 5276 [ F2840DBFE9322F35557219AE82CC4597 ] NIS E:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
19:46:24.0652 5276 NIS - ok
19:46:24.0731 5276 [ 85B9891151AD3C1BDBBF7D3F1082DC1A ] NitroReaderDriverReadSpool2 E:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
19:46:24.0749 5276 NitroReaderDriverReadSpool2 - ok
19:46:24.0811 5276 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc E:\Windows\System32\nlasvc.dll
19:46:24.0817 5276 NlaSvc - ok
19:46:24.0846 5276 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd E:\Windows\system32\drivers\ccdcmbx64.sys
19:46:24.0847 5276 nmwcd - ok
19:46:24.0878 5276 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc E:\Windows\system32\drivers\ccdcmbox64.sys
19:46:24.0879 5276 nmwcdc - ok
19:46:24.0942 5276 [ 697CA586209E022D15DD0C838B235D6A ] nmwcdnsucx64 E:\Windows\system32\drivers\nmwcdnsucx64.sys
19:46:24.0944 5276 nmwcdnsucx64 - ok
19:46:24.0976 5276 [ 292DDF13F91F2CB2482B57AACD6AEB9B ] nmwcdnsux64 E:\Windows\system32\drivers\nmwcdnsux64.sys
19:46:24.0980 5276 nmwcdnsux64 - ok
19:46:25.0020 5276 [ 1675AC45BEFD9CFFADD3E251524A9468 ] NovacomD E:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
19:46:25.0030 5276 NovacomD - ok
19:46:25.0044 5276 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs E:\Windows\system32\drivers\Npfs.sys
19:46:25.0045 5276 Npfs - ok
19:46:25.0079 5276 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi E:\Windows\system32\nsisvc.dll
19:46:25.0082 5276 nsi - ok
19:46:25.0108 5276 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy E:\Windows\system32\drivers\nsiproxy.sys
19:46:25.0109 5276 nsiproxy - ok
19:46:25.0203 5276 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs E:\Windows\system32\drivers\Ntfs.sys
19:46:25.0226 5276 Ntfs - ok
19:46:25.0240 5276 [ 9899284589F75FA8724FF3D16AED75C1 ] Null E:\Windows\system32\drivers\Null.sys
19:46:25.0241 5276 Null - ok
19:46:25.0273 5276 [ 181E7FE39211E04128A30708906627D8 ] NVHDA E:\Windows\system32\drivers\nvhda64v.sys
19:46:25.0276 5276 NVHDA - ok
19:46:25.0776 5276 [ BBE872A814B00798C2D568D46C42A71B ] nvlddmkm E:\Windows\system32\DRIVERS\nvlddmkm.sys
19:46:26.0247 5276 nvlddmkm - ok
19:46:26.0337 5276 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid E:\Windows\system32\drivers\nvraid.sys
19:46:26.0343 5276 nvraid - ok
19:46:26.0389 5276 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor E:\Windows\system32\drivers\nvstor.sys
19:46:26.0395 5276 nvstor - ok
19:46:26.0469 5276 [ 4DFFB8DDBA4A0E8222E0E8D2CD590803 ] nvsvc E:\Windows\system32\nvvsvc.exe
19:46:26.0472 5276 nvsvc - ok
19:46:26.0493 5276 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp E:\Windows\system32\drivers\nv_agp.sys
19:46:26.0498 5276 nv_agp - ok
19:46:26.0526 5276 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 E:\Windows\system32\DRIVERS\ohci1394.sys
19:46:26.0528 5276 ohci1394 - ok
19:46:26.0591 5276 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose E:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:46:26.0593 5276 ose - ok
19:46:26.0861 5276 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc E:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:46:27.0072 5276 osppsvc - ok
19:46:27.0118 5276 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc E:\Windows\system32\pnrpsvc.dll
19:46:27.0125 5276 p2pimsvc - ok
19:46:27.0240 5276 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc E:\Windows\system32\p2psvc.dll
19:46:27.0256 5276 p2psvc - ok
19:46:27.0300 5276 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport E:\Windows\system32\drivers\parport.sys
19:46:27.0303 5276 Parport - ok
19:46:27.0327 5276 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr E:\Windows\system32\drivers\partmgr.sys
19:46:27.0328 5276 partmgr - ok
19:46:27.0348 5276 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc E:\Windows\System32\pcasvc.dll
19:46:27.0353 5276 PcaSvc - ok
19:46:27.0395 5276 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd E:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:46:27.0396 5276 pccsmcfd - ok
19:46:27.0415 5276 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci E:\Windows\system32\drivers\pci.sys
19:46:27.0417 5276 pci - ok
19:46:27.0434 5276 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide E:\Windows\system32\drivers\pciide.sys
19:46:27.0437 5276 pciide - ok
19:46:27.0466 5276 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia E:\Windows\system32\drivers\pcmcia.sys
19:46:27.0471 5276 pcmcia - ok
19:46:27.0493 5276 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw E:\Windows\system32\drivers\pcw.sys
19:46:27.0494 5276 pcw - ok
19:46:27.0525 5276 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH E:\Windows\system32\drivers\peauth.sys
19:46:27.0534 5276 PEAUTH - ok
19:46:27.0612 5276 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc E:\Windows\system32\peerdistsvc.dll
19:46:27.0637 5276 PeerDistSvc - ok
19:46:27.0723 5276 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost E:\Windows\SysWow64\perfhost.exe
19:46:27.0726 5276 PerfHost - ok
19:46:27.0820 5276 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla E:\Windows\system32\pla.dll
19:46:27.0845 5276 pla - ok
19:46:27.0900 5276 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay E:\Windows\system32\umpnpmgr.dll
19:46:27.0914 5276 PlugPlay - ok
19:46:27.0941 5276 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg E:\Windows\system32\pnrpauto.dll
19:46:27.0945 5276 PNRPAutoReg - ok
19:46:27.0975 5276 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc E:\Windows\system32\pnrpsvc.dll
19:46:27.0980 5276 PNRPsvc - ok
19:46:28.0026 5276 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent E:\Windows\System32\ipsecsvc.dll
19:46:28.0034 5276 PolicyAgent - ok
19:46:28.0069 5276 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power E:\Windows\system32\umpo.dll
19:46:28.0074 5276 Power - ok
19:46:28.0110 5276 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport E:\Windows\system32\DRIVERS\raspptp.sys
19:46:28.0113 5276 PptpMiniport - ok
19:46:28.0129 5276 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor E:\Windows\system32\drivers\processr.sys
19:46:28.0131 5276 Processor - ok
19:46:28.0237 5276 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc E:\Windows\system32\profsvc.dll
19:46:28.0247 5276 ProfSvc - ok
19:46:28.0267 5276 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage E:\Windows\system32\lsass.exe
19:46:28.0269 5276 ProtectedStorage - ok
19:46:28.0304 5276 [ 0557CF5A2556BD58E26384169D72438D ] Psched E:\Windows\system32\DRIVERS\pacer.sys
19:46:28.0306 5276 Psched - ok
19:46:28.0382 5276 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 E:\Windows\system32\drivers\ql2300.sys
19:46:28.0418 5276 ql2300 - ok
19:46:28.0457 5276 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx E:\Windows\system32\drivers\ql40xx.sys
19:46:28.0461 5276 ql40xx - ok
19:46:28.0489 5276 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE E:\Windows\system32\qwave.dll
19:46:28.0495 5276 QWAVE - ok
19:46:28.0512 5276 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv E:\Windows\system32\drivers\qwavedrv.sys
19:46:28.0513 5276 QWAVEdrv - ok
19:46:28.0525 5276 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd E:\Windows\system32\DRIVERS\rasacd.sys
19:46:28.0527 5276 RasAcd - ok
19:46:28.0553 5276 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn E:\Windows\system32\DRIVERS\AgileVpn.sys
19:46:28.0555 5276 RasAgileVpn - ok
19:46:28.0577 5276 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto E:\Windows\System32\rasauto.dll
19:46:28.0581 5276 RasAuto - ok
19:46:28.0605 5276 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp E:\Windows\system32\DRIVERS\rasl2tp.sys
19:46:28.0608 5276 Rasl2tp - ok
19:46:28.0640 5276 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan E:\Windows\System32\rasmans.dll
19:46:28.0647 5276 RasMan - ok
19:46:28.0662 5276 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe E:\Windows\system32\DRIVERS\raspppoe.sys
19:46:28.0665 5276 RasPppoe - ok
19:46:28.0680 5276 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp E:\Windows\system32\DRIVERS\rassstp.sys
19:46:28.0683 5276 RasSstp - ok
19:46:28.0722 5276 [ 77F665941019A1594D887A74F301FA2F ] rdbss E:\Windows\system32\DRIVERS\rdbss.sys
19:46:28.0726 5276 rdbss - ok
19:46:28.0743 5276 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus E:\Windows\system32\DRIVERS\rdpbus.sys
19:46:28.0746 5276 rdpbus - ok
19:46:28.0764 5276 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD E:\Windows\system32\DRIVERS\RDPCDD.sys
19:46:28.0765 5276 RDPCDD - ok
19:46:28.0802 5276 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR E:\Windows\system32\drivers\rdpdr.sys
19:46:28.0806 5276 RDPDR - ok
19:46:28.0836 5276 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD E:\Windows\system32\drivers\rdpencdd.sys
19:46:28.0836 5276 RDPENCDD - ok
19:46:28.0854 5276 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP E:\Windows\system32\drivers\rdprefmp.sys
19:46:28.0854 5276 RDPREFMP - ok
19:46:28.0891 5276 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport E:\Windows\system32\drivers\rdpvideominiport.sys
19:46:28.0893 5276 RdpVideoMiniport - ok
19:46:28.0930 5276 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD E:\Windows\system32\drivers\RDPWD.sys
19:46:28.0934 5276 RDPWD - ok
19:46:28.0956 5276 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost E:\Windows\system32\drivers\rdyboost.sys
19:46:28.0960 5276 rdyboost - ok
19:46:28.0997 5276 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess E:\Windows\System32\mprdim.dll
19:46:29.0001 5276 RemoteAccess - ok
19:46:29.0035 5276 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry E:\Windows\system32\regsvc.dll
19:46:29.0040 5276 RemoteRegistry - ok
19:46:29.0071 5276 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM E:\Windows\system32\DRIVERS\rfcomm.sys
19:46:29.0074 5276 RFCOMM - ok
19:46:29.0097 5276 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper E:\Windows\System32\RpcEpMap.dll
19:46:29.0100 5276 RpcEptMapper - ok
19:46:29.0119 5276 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator E:\Windows\system32\locator.exe
19:46:29.0121 5276 RpcLocator - ok
19:46:29.0165 5276 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs E:\Windows\system32\rpcss.dll
19:46:29.0169 5276 RpcSs - ok
19:46:29.0207 5276 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr E:\Windows\system32\DRIVERS\rspndr.sys
19:46:29.0210 5276 rspndr - ok
19:46:29.0257 5276 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 E:\Windows\system32\DRIVERS\Rt64win7.sys
19:46:29.0261 5276 RTL8167 - ok
19:46:29.0293 5276 [ E60C0A09F997826C7627B244195AB581 ] s3cap E:\Windows\system32\drivers\vms3cap.sys
19:46:29.0295 5276 s3cap - ok
19:46:29.0311 5276 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs E:\Windows\system32\lsass.exe
19:46:29.0313 5276 SamSs - ok
19:46:29.0342 5276 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port E:\Windows\system32\drivers\sbp2port.sys
19:46:29.0345 5276 sbp2port - ok
19:46:29.0372 5276 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr E:\Windows\System32\SCardSvr.dll
19:46:29.0379 5276 SCardSvr - ok
19:46:29.0419 5276 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter E:\Windows\system32\DRIVERS\scfilter.sys
19:46:29.0422 5276 scfilter - ok
19:46:29.0477 5276 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule E:\Windows\system32\schedsvc.dll
19:46:29.0491 5276 Schedule - ok
19:46:29.0520 5276 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc E:\Windows\System32\certprop.dll
19:46:29.0521 5276 SCPolicySvc - ok
19:46:29.0558 5276 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus E:\Windows\system32\DRIVERS\sdbus.sys
19:46:29.0561 5276 sdbus - ok
19:46:29.0586 5276 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC E:\Windows\System32\SDRSVC.dll
19:46:29.0591 5276 SDRSVC - ok
19:46:29.0646 5276 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv E:\Windows\system32\drivers\secdrv.sys
19:46:29.0648 5276 secdrv - ok
19:46:29.0658 5276 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon E:\Windows\system32\seclogon.dll
19:46:29.0661 5276 seclogon - ok
19:46:29.0680 5276 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS E:\Windows\system32\sens.dll
19:46:29.0684 5276 SENS - ok
19:46:29.0711 5276 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc E:\Windows\system32\sensrsvc.dll
19:46:29.0715 5276 SensrSvc - ok
19:46:29.0731 5276 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum E:\Windows\system32\drivers\serenum.sys
19:46:29.0734 5276 Serenum - ok
19:46:29.0748 5276 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial E:\Windows\system32\drivers\serial.sys
19:46:29.0751 5276 Serial - ok
19:46:29.0764 5276 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse E:\Windows\system32\drivers\sermouse.sys
19:46:29.0766 5276 sermouse - ok
19:46:29.0871 5276 [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer E:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
19:46:29.0886 5276 ServiceLayer - ok
19:46:29.0940 5276 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv E:\Windows\system32\sessenv.dll
19:46:29.0944 5276 SessionEnv - ok
19:46:29.0980 5276 [ A554811BCD09279536440C964AE35BBF ] sffdisk E:\Windows\system32\drivers\sffdisk.sys
19:46:29.0982 5276 sffdisk - ok
19:46:29.0995 5276 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc E:\Windows\system32\drivers\sffp_mmc.sys
19:46:29.0999 5276 sffp_mmc - ok
19:46:30.0020 5276 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd E:\Windows\system32\drivers\sffp_sd.sys
19:46:30.0022 5276 sffp_sd - ok
19:46:30.0041 5276 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy E:\Windows\system32\drivers\sfloppy.sys
19:46:30.0043 5276 sfloppy - ok
19:46:30.0126 5276 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess E:\Windows\System32\ipnathlp.dll
19:46:30.0139 5276 SharedAccess - ok
19:46:30.0228 5276 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection E:\Windows\System32\shsvcs.dll
19:46:30.0236 5276 ShellHWDetection - ok
19:46:30.0257 5276 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 E:\Windows\system32\drivers\SiSRaid2.sys
19:46:30.0260 5276 SiSRaid2 - ok
19:46:30.0283 5276 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 E:\Windows\system32\drivers\sisraid4.sys
19:46:30.0286 5276 SiSRaid4 - ok
19:46:30.0519 5276 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service E:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:46:30.0656 5276 Skype C2C Service - ok
19:46:30.0733 5276 [ 579BA0A911FF5EA70CB604CD3B744B0A ] SkypeUpdate E:\Program Files (x86)\Skype\Updater\Updater.exe
19:46:30.0738 5276 SkypeUpdate - ok
19:46:30.0795 5276 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb E:\Windows\system32\DRIVERS\smb.sys
19:46:30.0798 5276 Smb - ok
19:46:30.0843 5276 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP E:\Windows\System32\snmptrap.exe
19:46:30.0847 5276 SNMPTRAP - ok
19:46:30.0872 5276 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr E:\Windows\system32\drivers\spldr.sys
19:46:30.0873 5276 spldr - ok
19:46:30.0911 5276 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler E:\Windows\System32\spoolsv.exe
19:46:30.0922 5276 Spooler - ok
19:46:31.0065 5276 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc E:\Windows\system32\sppsvc.exe
19:46:31.0203 5276 sppsvc - ok
19:46:31.0371 5276 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify E:\Windows\system32\sppuinotify.dll
19:46:31.0379 5276 sppuinotify - ok
19:46:31.0475 5276 [ 891793E00432FA055CF040605C260E49 ] SRTSP E:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS
19:46:31.0488 5276 SRTSP - ok
19:46:31.0513 5276 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX E:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
19:46:31.0515 5276 SRTSPX - ok
19:46:31.0563 5276 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv E:\Windows\system32\DRIVERS\srv.sys
19:46:31.0573 5276 srv - ok
19:46:31.0619 5276 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 E:\Windows\system32\DRIVERS\srv2.sys
19:46:31.0625 5276 srv2 - ok
19:46:31.0634 5276 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet E:\Windows\system32\DRIVERS\srvnet.sys
19:46:31.0636 5276 srvnet - ok
19:46:31.0681 5276 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV E:\Windows\System32\ssdpsrv.dll
19:46:31.0686 5276 SSDPSRV - ok
19:46:31.0702 5276 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc E:\Windows\system32\sstpsvc.dll
19:46:31.0706 5276 SstpSvc - ok
19:46:31.0828 5276 [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C ] STacSV E:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
19:46:31.0831 5276 STacSV - ok
19:46:31.0852 5276 [ F3817967ED533D08327DC73BC4D5542A ] stexstor E:\Windows\system32\drivers\stexstor.sys
19:46:31.0854 5276 stexstor - ok
19:46:31.0927 5276 [ DFFBC024DFC7BB05B2129E05CBC7A201 ] STHDA E:\Windows\system32\DRIVERS\stwrt64.sys
19:46:31.0942 5276 STHDA - ok
19:46:32.0018 5276 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc E:\Windows\System32\wiaservc.dll
19:46:32.0037 5276 stisvc - ok
19:46:32.0083 5276 [ 7785DC213270D2FC066538DAF94087E7 ] storflt E:\Windows\system32\drivers\vmstorfl.sys
19:46:32.0084 5276 storflt - ok
19:46:32.0115 5276 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc E:\Windows\system32\drivers\storvsc.sys
19:46:32.0117 5276 storvsc - ok
19:46:32.0140 5276 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum E:\Windows\system32\DRIVERS\swenum.sys
19:46:32.0142 5276 swenum - ok
19:46:32.0255 5276 [ E08E46FDD841B7184194011CA1955A0B ] swprv E:\Windows\System32\swprv.dll
19:46:32.0272 5276 swprv - ok
19:46:32.0338 5276 [ 8B2430762099598DA40686F754632EFD ] SymDS E:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS
19:46:32.0345 5276 SymDS - ok
19:46:32.0421 5276 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA E:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS
19:46:32.0440 5276 SymEFA - ok
19:46:32.0474 5276 [ 894579207E39C465737E850A252CE4F2 ] SymEvent E:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:46:32.0478 5276 SymEvent - ok
19:46:32.0524 5276 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON E:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS
19:46:32.0527 5276 SymIRON - ok
19:46:32.0573 5276 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS E:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS
19:46:32.0580 5276 SymNetS - ok
19:46:32.0645 5276 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc E:\Windows\system32\drivers\synth3dvsc.sys
19:46:32.0650 5276 Synth3dVsc - ok
19:46:32.0707 5276 [ 3A706A967295E16511E40842B1A2761D ] SynTP E:\Windows\system32\DRIVERS\SynTP.sys
19:46:32.0713 5276 SynTP - ok
19:46:32.0815 5276 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain E:\Windows\system32\sysmain.dll
19:46:32.0840 5276 SysMain - ok
19:46:32.0861 5276 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService E:\Windows\System32\TabSvc.dll
19:46:32.0865 5276 TabletInputService - ok
19:46:32.0892 5276 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv E:\Windows\System32\tapisrv.dll
19:46:32.0898 5276 TapiSrv - ok
19:46:32.0915 5276 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS E:\Windows\System32\tbssvc.dll
19:46:32.0919 5276 TBS - ok
19:46:33.0017 5276 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip E:\Windows\system32\drivers\tcpip.sys
19:46:33.0043 5276 Tcpip - ok
19:46:33.0081 5276 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 E:\Windows\system32\DRIVERS\tcpip.sys
19:46:33.0093 5276 TCPIP6 - ok
19:46:33.0121 5276 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg E:\Windows\system32\drivers\tcpipreg.sys
19:46:33.0123 5276 tcpipreg - ok
19:46:33.0147 5276 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE E:\Windows\system32\drivers\tdpipe.sys
19:46:33.0157 5276 TDPIPE - ok
19:46:33.0277 5276 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP E:\Windows\system32\drivers\tdtcp.sys
19:46:33.0282 5276 TDTCP - ok
19:46:33.0330 5276 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx E:\Windows\system32\DRIVERS\tdx.sys
19:46:33.0335 5276 tdx - ok
19:46:33.0358 5276 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD E:\Windows\system32\DRIVERS\termdd.sys
19:46:33.0361 5276 TermDD - ok
19:46:33.0403 5276 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt E:\Windows\system32\drivers\terminpt.sys
19:46:33.0406 5276 terminpt - ok
19:46:33.0449 5276 [ 2E648163254233755035B46DD7B89123 ] TermService E:\Windows\System32\termsrv.dll
19:46:33.0459 5276 TermService - ok
19:46:33.0477 5276 [ F0344071948D1A1FA732231785A0664C ] Themes E:\Windows\system32\themeservice.dll
19:46:33.0480 5276 Themes - ok
19:46:33.0499 5276 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER E:\Windows\system32\mmcss.dll
19:46:33.0501 5276 THREADORDER - ok
19:46:33.0520 5276 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks E:\Windows\System32\trkwks.dll
19:46:33.0524 5276 TrkWks - ok
19:46:33.0587 5276 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller E:\Windows\servicing\TrustedInstaller.exe
19:46:33.0591 5276 TrustedInstaller - ok
19:46:33.0612 5276 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv E:\Windows\system32\DRIVERS\tssecsrv.sys
19:46:33.0613 5276 tssecsrv - ok
19:46:33.0645 5276 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt E:\Windows\system32\drivers\tsusbflt.sys
19:46:33.0648 5276 TsUsbFlt - ok
19:46:33.0678 5276 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD E:\Windows\system32\drivers\TsUsbGD.sys
19:46:33.0681 5276 TsUsbGD - ok
19:46:33.0714 5276 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub E:\Windows\system32\drivers\tsusbhub.sys
19:46:33.0717 5276 tsusbhub - ok
19:46:33.0754 5276 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel E:\Windows\system32\DRIVERS\tunnel.sys
19:46:33.0757 5276 tunnel - ok
19:46:33.0779 5276 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 E:\Windows\system32\drivers\uagp35.sys
19:46:33.0782 5276 uagp35 - ok
19:46:33.0816 5276 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs E:\Windows\system32\DRIVERS\udfs.sys
19:46:33.0822 5276 udfs - ok
19:46:33.0857 5276 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect E:\Windows\system32\UI0Detect.exe
19:46:33.0861 5276 UI0Detect - ok
19:46:33.0876 5276 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx E:\Windows\system32\drivers\uliagpkx.sys
19:46:33.0879 5276 uliagpkx - ok
19:46:33.0912 5276 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus E:\Windows\system32\DRIVERS\umbus.sys
19:46:33.0915 5276 umbus - ok
19:46:33.0955 5276 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass E:\Windows\system32\DRIVERS\umpass.sys
19:46:33.0956 5276 UmPass - ok
19:46:33.0985 5276 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService E:\Windows\System32\umrdp.dll
19:46:33.0990 5276 UmRdpService - ok
19:46:34.0019 5276 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost E:\Windows\System32\upnphost.dll
19:46:34.0028 5276 upnphost - ok
19:46:34.0058 5276 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev E:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
19:46:34.0060 5276 upperdev - ok
19:46:34.0086 5276 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 E:\Windows\system32\Drivers\usbaapl64.sys
19:46:34.0089 5276 USBAAPL64 - ok
19:46:34.0115 5276 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp E:\Windows\system32\DRIVERS\usbccgp.sys
19:46:34.0118 5276 usbccgp - ok
19:46:34.0141 5276 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir E:\Windows\system32\drivers\usbcir.sys
19:46:34.0145 5276 usbcir - ok
19:46:34.0177 5276 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci E:\Windows\system32\DRIVERS\usbehci.sys
19:46:34.0179 5276 usbehci - ok
19:46:34.0223 5276 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub E:\Windows\system32\DRIVERS\usbhub.sys
19:46:34.0229 5276 usbhub - ok
19:46:34.0251 5276 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci E:\Windows\system32\drivers\usbohci.sys
19:46:34.0253 5276 usbohci - ok
19:46:34.0290 5276 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint E:\Windows\system32\DRIVERS\usbprint.sys
19:46:34.0292 5276 usbprint - ok
19:46:34.0344 5276 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser E:\Windows\system32\drivers\usbser.sys
19:46:34.0346 5276 usbser - ok
19:46:34.0378 5276 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt E:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
19:46:34.0379 5276 UsbserFilt - ok
19:46:34.0404 5276 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR E:\Windows\system32\DRIVERS\USBSTOR.SYS
19:46:34.0406 5276 USBSTOR - ok
19:46:34.0444 5276 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci E:\Windows\system32\DRIVERS\usbuhci.sys
19:46:34.0447 5276 usbuhci - ok
19:46:34.0494 5276 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo E:\Windows\system32\Drivers\usbvideo.sys
19:46:34.0498 5276 usbvideo - ok
19:46:34.0527 5276 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms E:\Windows\System32\uxsms.dll
19:46:34.0531 5276 UxSms - ok
19:46:34.0545 5276 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc E:\Windows\system32\lsass.exe
19:46:34.0547 5276 VaultSvc - ok
19:46:34.0584 5276 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot E:\Windows\system32\drivers\vdrvroot.sys
19:46:34.0585 5276 vdrvroot - ok
19:46:34.0626 5276 [ 8D6B481601D01A456E75C3210F1830BE ] vds E:\Windows\System32\vds.exe
19:46:34.0636 5276 vds - ok
19:46:34.0673 5276 [ 24899EFF90E725D9C3AC10BE870B4D1D ] vfs101a E:\Windows\system32\drivers\vfs101a.sys
19:46:34.0674 5276 vfs101a - ok
19:46:34.0712 5276 [ 6C8E81E1A555DC163D89E26CEB30FAD2 ] vfsFPService E:\Windows\system32\vfsFPService.exe
19:46:34.0720 5276 vfsFPService - ok
19:46:34.0754 5276 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga E:\Windows\system32\DRIVERS\vgapnp.sys
19:46:34.0756 5276 vga - ok
19:46:34.0770 5276 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave E:\Windows\System32\drivers\vga.sys
19:46:34.0772 5276 VgaSave - ok
19:46:34.0777 5276 VGPU - ok
19:46:34.0803 5276 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp E:\Windows\system32\drivers\vhdmp.sys
19:46:34.0807 5276 vhdmp - ok
19:46:34.0817 5276 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide E:\Windows\system32\drivers\viaide.sys
19:46:34.0819 5276 viaide - ok
19:46:34.0837 5276 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus E:\Windows\system32\drivers\vmbus.sys
19:46:34.0840 5276 vmbus - ok
19:46:34.0873 5276 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID E:\Windows\system32\drivers\VMBusHID.sys
19:46:34.0875 5276 VMBusHID - ok
19:46:34.0890 5276 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr E:\Windows\system32\drivers\volmgr.sys
19:46:34.0891 5276 volmgr - ok
19:46:34.0915 5276 [ A255814907C89BE58B79EF2F189B843B ] volmgrx E:\Windows\system32\drivers\volmgrx.sys
19:46:34.0920 5276 volmgrx - ok
19:46:34.0943 5276 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap E:\Windows\system32\drivers\volsnap.sys
19:46:34.0947 5276 volsnap - ok
19:46:34.0963 5276 vserial - ok
19:46:35.0012 5276 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid E:\Windows\system32\drivers\vsmraid.sys
19:46:35.0019 5276 vsmraid - ok
19:46:35.0127 5276 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS E:\Windows\system32\vssvc.exe
19:46:35.0152 5276 VSS - ok
19:46:35.0344 5276 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus E:\Windows\system32\DRIVERS\vwifibus.sys
19:46:35.0348 5276 vwifibus - ok
19:46:35.0390 5276 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt E:\Windows\system32\DRIVERS\vwififlt.sys
19:46:35.0395 5276 vwififlt - ok
19:46:35.0428 5276 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp E:\Windows\system32\DRIVERS\vwifimp.sys
19:46:35.0430 5276 vwifimp - ok
19:46:35.0488 5276 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time E:\Windows\system32\w32time.dll
19:46:35.0502 5276 W32Time - ok
19:46:35.0560 5276 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen E:\Windows\system32\drivers\wacompen.sys
19:46:35.0562 5276 WacomPen - ok
19:46:35.0605 5276 [ 356AFD78A6ED4457169241AC3965230C ] WANARP E:\Windows\system32\DRIVERS\wanarp.sys
19:46:35.0607 5276 WANARP - ok
19:46:35.0613 5276 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 E:\Windows\system32\DRIVERS\wanarp.sys
19:46:35.0614 5276 Wanarpv6 - ok
19:46:35.0697 5276 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc E:\Windows\system32\Wat\WatAdminSvc.exe
19:46:35.0717 5276 WatAdminSvc - ok
19:46:35.0806 5276 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine E:\Windows\system32\wbengine.exe
19:46:35.0835 5276 wbengine - ok
19:46:35.0861 5276 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc E:\Windows\System32\wbiosrvc.dll
19:46:35.0866 5276 WbioSrvc - ok
19:46:35.0897 5276 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc E:\Windows\System32\wcncsvc.dll
19:46:35.0904 5276 wcncsvc - ok
19:46:35.0928 5276 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService E:\Windows\System32\WcsPlugInService.dll
19:46:35.0931 5276 WcsPlugInService - ok
19:46:35.0955 5276 [ 72889E16FF12BA0F235467D6091B17DC ] Wd E:\Windows\system32\drivers\wd.sys
19:46:35.0957 5276 Wd - ok
19:46:36.0032 5276 [ C4EE8A204D792BC411D02A7EA62F02AF ] WDDMService E:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
19:46:36.0034 5276 WDDMService - ok
19:46:36.0080 5276 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 E:\Windows\system32\drivers\Wdf01000.sys
19:46:36.0089 5276 Wdf01000 - ok
19:46:36.0133 5276 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost E:\Windows\system32\wdi.dll
19:46:36.0136 5276 WdiServiceHost - ok
19:46:36.0143 5276 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost E:\Windows\system32\wdi.dll
19:46:36.0146 5276 WdiSystemHost - ok
19:46:36.0245 5276 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient E:\Windows\System32\webclnt.dll
19:46:36.0251 5276 WebClient - ok
19:46:36.0282 5276 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc E:\Windows\system32\wecsvc.dll
19:46:36.0288 5276 Wecsvc - ok
19:46:36.0314 5276 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport E:\Windows\System32\wercplsupport.dll
19:46:36.0317 5276 wercplsupport - ok
19:46:36.0345 5276 [ 6D137963730144698CBD10F202E9F251 ] WerSvc E:\Windows\System32\WerSvc.dll
19:46:36.0349 5276 WerSvc - ok
19:46:36.0372 5276 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf E:\Windows\system32\DRIVERS\wfplwf.sys
19:46:36.0375 5276 WfpLwf - ok
19:46:36.0396 5276 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount E:\Windows\system32\drivers\wimmount.sys
19:46:36.0398 5276 WIMMount - ok
19:46:36.0428 5276 WinDefend - ok
19:46:36.0451 5276 WinHttpAutoProxySvc - ok
19:46:36.0511 5276 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt E:\Windows\system32\wbem\WMIsvc.dll
19:46:36.0515 5276 Winmgmt - ok
19:46:36.0636 5276 [ BCB1310604AA415C4508708975B3931E ] WinRM E:\Windows\system32\WsmSvc.dll
19:46:36.0673 5276 WinRM - ok
19:46:36.0732 5276 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb E:\Windows\system32\DRIVERS\WinUsb.sys
19:46:36.0733 5276 WinUsb - ok
19:46:36.0787 5276 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc E:\Windows\System32\wlansvc.dll
19:46:36.0806 5276 Wlansvc - ok
19:46:36.0845 5276 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi E:\Windows\system32\DRIVERS\wmiacpi.sys
19:46:36.0846 5276 WmiAcpi - ok
19:46:36.0884 5276 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv E:\Windows\system32\wbem\WmiApSrv.exe
19:46:36.0888 5276 wmiApSrv - ok
19:46:36.0923 5276 WMPNetworkSvc - ok
19:46:36.0965 5276 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc E:\Windows\System32\wpcsvc.dll
19:46:36.0969 5276 WPCSvc - ok
19:46:36.0995 5276 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum E:\Windows\system32\wpdbusenum.dll
19:46:36.0999 5276 WPDBusEnum - ok
19:46:37.0010 5276 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl E:\Windows\system32\drivers\ws2ifsl.sys
19:46:37.0012 5276 ws2ifsl - ok
19:46:37.0049 5276 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc E:\Windows\system32\wscsvc.dll
19:46:37.0054 5276 wscsvc - ok
19:46:37.0059 5276 WSearch - ok
19:46:37.0177 5276 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv E:\Windows\system32\wuaueng.dll
19:46:37.0215 5276 wuauserv - ok
19:46:37.0239 5276 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf E:\Windows\system32\drivers\WudfPf.sys
19:46:37.0242 5276 WudfPf - ok
19:46:37.0259 5276 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd E:\Windows\system32\DRIVERS\WUDFRd.sys
19:46:37.0262 5276 WUDFRd - ok
19:46:37.0290 5276 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc E:\Windows\System32\WUDFSvc.dll
19:46:37.0294 5276 wudfsvc - ok
19:46:37.0329 5276 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc E:\Windows\System32\wwansvc.dll
19:46:37.0335 5276 WwanSvc - ok
19:46:37.0372 5276 ================ Scan global ===============================
19:46:37.0396 5276 [ BA0CD8C393E8C9F83354106093832C7B ] E:\Windows\system32\basesrv.dll
19:46:37.0429 5276 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] E:\Windows\system32\winsrv.dll
19:46:37.0440 5276 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] E:\Windows\system32\winsrv.dll
19:46:37.0485 5276 [ D6160F9D869BA3AF0B787F971DB56368 ] E:\Windows\system32\sxssrv.dll
19:46:37.0519 5276 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] E:\Windows\system32\services.exe
19:46:37.0525 5276 [Global] - ok
19:46:37.0526 5276 ================ Scan MBR ==================================
19:46:37.0554 5276 [ 5C86ADEC17B739C437E145E3B3FC2E6D ] \Device\Harddisk0\DR0
19:46:38.0107 5276 \Device\Harddisk0\DR0 - ok
19:46:38.0107 5276 ================ Scan VBR ==================================
19:46:38.0111 5276 [ 0E1BD556F0A2323A780D3276F9E19DD0 ] \Device\Harddisk0\DR0\Partition1
19:46:38.0112 5276 \Device\Harddisk0\DR0\Partition1 - ok
19:46:38.0127 5276 [ 68F7CD6824E9AE6492E5D25D63A2C8B5 ] \Device\Harddisk0\DR0\Partition2
19:46:38.0130 5276 \Device\Harddisk0\DR0\Partition2 - ok
19:46:38.0133 5276 [ 203358685B26CF43186EBF2C1188C3A8 ] \Device\Harddisk0\DR0\Partition3
19:46:38.0136 5276 \Device\Harddisk0\DR0\Partition3 - ok
19:46:38.0144 5276 [ B1BF3F2B5E9AB5E0F0F899F9686AA299 ] \Device\Harddisk0\DR0\Partition4
19:46:38.0153 5276 \Device\Harddisk0\DR0\Partition4 - ok
19:46:38.0153 5276 ============================================================
19:46:38.0153 5276 Scan finished
19:46:38.0153 5276 ============================================================
19:46:38.0166 5540 Detected object count: 0
19:46:38.0166 5540 Actual detected object count: 0





aswMBR log


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-12 19:48:02
-----------------------------
19:48:02.501 OS Version: Windows x64 6.1.7601 Service Pack 1
19:48:02.501 Number of processors: 2 586 0x1706
19:48:02.502 ComputerName: WIN7-PC UserName: win7
19:48:09.441 Initialize success
19:52:21.979 AVAST engine defs: 12101202
19:52:53.947 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:52:53.953 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
19:52:53.985 Disk 0 MBR read successfully
19:52:53.992 Disk 0 MBR scan
19:52:54.005 Disk 0 unknown MBR code
19:52:54.015 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 167861 MB offset 63
19:52:54.027 Disk 0 Partition - 00 0F Extended LBA 92168 MB offset 343781376
19:52:54.054 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 34717 MB offset 532541440
19:52:54.076 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10496 MB offset 603643904
19:52:54.113 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 92167 MB offset 343783424
19:52:54.159 Disk 0 scanning E:\Windows\system32\drivers
19:53:11.201 Service scanning
19:53:54.471 Modules scanning
19:53:54.486 Disk 0 trace - called modules:
19:53:54.529 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
19:53:54.535 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057b0060]
19:53:54.541 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa80057af720]
19:53:54.547 5 hpdskflt.sys[fffff880016020ee] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004772050]
19:53:55.591 AVAST engine scan E:\Windows
19:53:58.405 AVAST engine scan E:\Windows\system32
19:59:29.042 AVAST engine scan E:\Windows\system32\drivers
19:59:59.967 AVAST engine scan E:\Users\win7
20:13:06.307 AVAST engine scan E:\ProgramData
20:15:22.845 Scan finished successfully
20:34:45.471 Disk 0 MBR has been saved successfully to "E:\Users\win7\Desktop\bleeping Computer\MBR.dat"
20:34:45.477 The log file has been saved successfully to "E:\Users\win7\Desktop\bleeping Computer\aswMBR.txt"



thanks
Gringo

#11 Sachin1101

Sachin1101
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 12 October 2012 - 07:39 PM

Sorry

Many Thanks to Gringo

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 PM

Posted 13 October 2012 - 04:47 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 PM

Posted 16 October 2012 - 12:12 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 PM

Posted 18 October 2012 - 11:19 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Sachin1101

Sachin1101
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 21 October 2012 - 06:33 PM

Hi ,

I ran this ComboFix, where I should find the logs from the run.

thanks
Sachin




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users