Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SEP: Traffic has been blocked from this application: (svchost.exe)


  • This topic is locked This topic is locked
18 replies to this topic

#1 swindlersb

swindlersb

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 16 November 2012 - 08:15 PM

You guys did a great job helping me get rid of serious malware before, File Restore and RootKit ZeroAccess Infection. Things are running OK but I occasionally get Symantec "Traffic has been blocked from this application: (svchost.exe)" notification.

Just to check what might be running, I ran Rkill and got the following (note Malwarebytes and Hitmanpro didn't find anything)

Rkill 2.4.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/16/2012 06:49:56 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\Twain_32\CA561A\SnapDetect.exe (PID: 3948) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* gpsvc => %windir%\system32\svchost.exe -k GPSvcGroup [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 11/16/2012 06:50:07 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

Thanks!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 PM

Posted 16 November 2012 - 08:33 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 swindlersb

swindlersb
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 16 November 2012 - 08:54 PM

Gringo,
Here is checkup.txt

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 9
Adobe Flash Player 11.4.402.287
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````


Here is DDS.txt

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Kris and S at 20:47:45 on 2012-11-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.3728 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\SavUI.exe
C:\PROGRA~2\Symantec\SYMANT~1\121100~1.105\Bin\DWHWizrd.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?PC=BNHP
mStart Page = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
dURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\IPS\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ICATCH~1.LNK - C:\Windows\Twain_32\CA561A\SnapDetect.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3115F239-3100-452B-AAB4-270BBA7EDAA6} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-mStart Page = hxxp://acer.msn.com
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymDS64.sys [2011-10-30 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymEFA64.sys [2011-10-30 931448]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Users\Kris and S\Documents\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-7-23 23208]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20121031.011\BHDrvx64.sys [2012-10-24 1384608]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20121116.001\IDSviA64.sys [2012-11-16 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\Ironx64.sys [2011-10-30 171128]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\symnets.sys [2011-10-30 386168]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [2011-10-30 137224]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-9-8 243232]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2010-9-8 287960]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-2 138912]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-9-8 138752]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-10-31 108904]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-11-6 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-11-12 17152]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-2 19456]
S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys [2011-10-30 29664]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-2 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-2 1255736]
.
=============== Created Last 30 ================
.
2012-11-16 08:15:06 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-16 08:15:06 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-16 08:15:06 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-16 08:15:06 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-16 08:02:04 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-16 08:02:04 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-16 08:02:03 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-16 08:02:03 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-16 08:02:03 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-16 08:02:03 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-16 08:02:03 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-16 03:08:59 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-13 00:16:35 -------- d-----w- C:\Users\Kris and S\AppData\Local\eMusic
2012-11-13 00:16:19 -------- d-----w- C:\Program Files (x86)\eMusic Download Manager 6
2012-11-07 03:05:54 -------- d-----w- C:\Users\Kris and S\AppData\Local\CrashDumps
2012-11-07 03:03:26 -------- d-----w- C:\Windows\en
2012-11-07 03:01:36 57856 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-11-07 03:00:19 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2012-11-07 03:00:19 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2012-11-07 03:00:19 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2012-11-07 03:00:19 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2012-11-07 03:00:18 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2012-11-07 03:00:18 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2012-11-07 03:00:17 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2012-11-07 03:00:17 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2012-11-07 02:59:18 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2012-11-07 02:59:18 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2012-11-07 02:57:36 -------- d-----r- C:\Users\Kris and S\SkyDrive
2012-11-07 02:57:34 5659096 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\968338a71cdbc9305\skydrivesetup.exe
2012-11-07 02:57:34 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2012-11-07 02:57:19 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2012-11-07 02:57:13 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\93dd93d91cdbc9304\DXSETUP.exe
2012-11-07 02:57:13 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\93dd93d91cdbc9304\dsetup32.dll
2012-11-07 02:57:12 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\93dd93d91cdbc9304\DSETUP.dll
2012-11-07 02:57:08 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\918a7be21cdbc9303\DSETUP.dll
2012-11-07 02:57:08 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\918a7be21cdbc9303\DXSETUP.exe
2012-11-07 02:57:08 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\918a7be21cdbc9303\dsetup32.dll
2012-11-07 02:56:56 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8c1a93411cdbc9301\DSETUP.dll
2012-11-07 02:56:56 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8c1a93411cdbc9301\DXSETUP.exe
2012-11-07 02:56:56 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8c1a93411cdbc9301\dsetup32.dll
2012-11-07 02:56:41 -------- d-----w- C:\Firefox
2012-11-07 02:46:19 -------- d-----w- C:\ProgramData\Ask
2012-11-07 02:45:50 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-11-07 02:45:35 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-07 02:33:48 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-06 01:39:51 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2012-11-04 04:44:00 -------- d-----w- C:\Users\Kris and S\AppData\Local\NPE
2012-11-04 04:44:00 -------- d-----w- C:\ProgramData\Norton
2012-11-03 04:44:40 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2012-11-03 04:35:16 208216 ----a-w- C:\Windows\System32\drivers\18395049.sys
2012-11-03 04:33:12 -------- d-----w- C:\STOPzilla!
2012-11-03 04:25:45 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-11-03 04:25:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-11-03 04:25:44 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-11-03 04:25:44 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-11-03 04:25:44 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-03 04:25:44 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-03 04:25:44 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-11-03 04:25:44 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-11-03 04:25:44 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-11-03 04:25:42 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-11-03 04:25:42 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-11-03 01:54:48 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-11-03 01:39:45 -------- d-----w- C:\Users\Kris and S\AppData\Local\Symantec
2012-11-03 01:39:09 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-11-03 01:39:09 -------- d-----w- C:\Program Files\Symantec
2012-11-03 01:39:09 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-11-03 00:28:41 208216 ----a-w- C:\Windows\System32\drivers\57672846.sys
2012-11-02 10:34:58 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{34E291F7-15AD-4445-A318-A6DFB22C417E}\mpengine.dll
2012-11-02 04:32:19 -------- d-----w- C:\Program Files (x86)\ESET
2012-11-02 04:21:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 04:19:49 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-02 04:19:49 67072 ----a-w- C:\Windows\splwow64.exe
2012-11-02 04:19:49 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-11-02 04:19:49 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-02 03:53:43 208216 ----a-w- C:\Windows\System32\drivers\69687655.sys
2012-11-02 02:19:48 -------- d-----w- C:\Program Files\CCleaner
2012-10-30 12:34:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-30 11:48:14 -------- d-----w- C:\Program Files\HitmanPro
2012-10-30 11:47:43 -------- d-----w- C:\ProgramData\HitmanPro
2012-10-29 15:40:33 -------- d-----w- C:\ProgramData\STOPzilla!
2012-10-29 15:40:33 -------- d-----w- C:\Program Files (x86)\STOPzilla!
.
==================== Find3M ====================
.
2012-11-07 03:10:45 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-07 03:10:45 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-03 01:38:44 81840 ----a-w- C:\Windows\System32\FwsVpn.dll
2012-11-03 01:38:44 58288 ----a-w- C:\Windows\SysWow64\snacnp.dll
2012-11-03 01:38:44 58288 ----a-w- C:\Windows\System32\snacnp.dll
2012-11-03 01:38:44 512944 ----a-w- C:\Windows\System32\sysfer.dll
2012-11-03 01:38:44 42632 ----a-w- C:\Windows\System32\drivers\WGX64.SYS
2012-11-03 01:38:44 374704 ----a-w- C:\Windows\SysWow64\sysfer.dll
2012-11-03 01:38:44 288176 ----a-w- C:\Windows\System32\SymVPN.dll
2012-11-03 01:38:44 118768 ----a-w- C:\Windows\System32\drivers\SysPlant.sys
2012-11-03 01:38:44 11184 ----a-w- C:\Windows\System32\sysferThunk.dll
2012-11-03 01:38:44 10672 ----a-w- C:\Windows\SysWow64\sysferThunk.dll
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-12 21:07:44 58368 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-09-12 20:57:44 322048 ----a-w- C:\Windows\WLXPGSS.SCR
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-23 14:13:11 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2012-08-23 14:10:20 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2012-08-23 14:07:35 57856 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2012-08-23 13:47:20 46592 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2012-08-23 13:46:20 16896 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2012-08-23 13:41:52 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-08-23 13:40:56 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-08-23 13:24:57 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2012-08-23 13:20:40 54272 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2012-08-23 13:18:14 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2012-08-23 13:17:54 18432 ----a-w- C:\Windows\System32\wksprtPS.dll
2012-08-23 13:06:58 43520 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-08-23 12:52:53 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2012-08-23 11:20:06 62976 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2012-08-23 11:15:57 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
2012-08-23 11:14:09 384000 ----a-w- C:\Windows\System32\wksprt.exe
2012-08-23 11:12:17 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2012-08-23 10:54:24 322560 ----a-w- C:\Windows\System32\aaclient.dll
2012-08-23 10:51:14 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2012-08-23 10:39:24 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe
2012-08-23 10:22:22 1123840 ----a-w- C:\Windows\System32\mstsc.exe
2012-08-23 09:51:57 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-08-23 08:19:01 4916224 ----a-w- C:\Windows\SysWow64\mstscax.dll
2012-08-23 08:13:07 5773824 ----a-w- C:\Windows\System32\mstscax.dll
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-21 17:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 20:48:15.64 ===============


Here is attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/1/2011 8:08:58 PM
System Uptime: 11/16/2012 3:37:49 AM (17 hours ago)
.
Motherboard: Acer | | EG43M
Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz | CPU 1 | 3003/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 723.28 GiB free.
D: is CDROM ()
F: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&242CC0DB&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&242CC0DB&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP228: 11/13/2012 3:38:59 AM - Scheduled Checkpoint
RP229: 11/16/2012 3:00:28 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acer eRecovery Management
Acer System Information
Acer Updater
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI
Advertising Center
Amazon MP3 Downloader 1.0.15
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bing Desktop
Bonjour
CCleaner
Coupon Printer for Windows
D3DX10
eMusic Download Manager 6
ESET Online Scanner v3
eSobi v2
Garmin City Navigator North America NT 2012.30 Update
Garmin City Navigator North America NT 2012.40 Update
Garmin Lifetime Updater
Garmin USB Drivers
Garmin WebUpdater
Google Earth
Google Update Helper
HitmanPro 3.6
HP Product Detection
ICatch (VI) PC Camera
ImagXpress
Intel® Graphics Media Accelerator Driver
iTunes
Java 7 Update 9
Java Auto Updater
Junk Mail filter update
LeapFrog Connect
LeapFrog Leapster2 Plugin
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Photo Common
Photo Gallery
Presto! VideoWorks 4.5
PrimoPDF -- brought to you by Nitro PDF Software
Quicken 2009
QuickTime
Realtek High Definition Audio Driver
Safari
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Skype Click to Call
Symantec Endpoint Protection
TurboTax 2011 WinBizFedFormset
TurboTax 2011 WinBizReleaseEngine
TurboTax 2011 WinBizTaxSupport
TurboTax 2011 wpapbpm
TurboTax 2011 wrapper
TurboTax Business 2011
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
Verizon Wireless Software Upgrade Assistant - Samsung
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
VoiceOver Kit
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
11/9/2012 5:44:39 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/9/2012 5:44:39 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
11/9/2012 5:26:43 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR25.
11/16/2012 3:38:49 AM, Error: Service Control Manager [7000] - The sbapifs service failed to start due to the following error: The system cannot find the file specified.
11/16/2012 3:21:31 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/16/2012 3:21:31 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/15/2012 11:13:36 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{3115F239-3100-452B-AAB4-270BBA7EDAA6} because another computer on the network has the same name. The server could not start.
11/12/2012 8:39:09 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================

No real problems other than the SEP error noted in my first post. Hitmanpro sometimes finds cookies during its scans.
Thanks

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 PM

Posted 16 November 2012 - 09:07 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 swindlersb

swindlersb
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 16 November 2012 - 10:40 PM

Gringo,
Here are the results of AdwCleaner[S1].txt:

# User : Kris and S - KRISANDS-PC
# Boot Mode : Normal
# Running from : C:\Users\Kris and S\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Ask

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [565 octets] - [16/11/2012 22:31:15]

########## EOF - C:\AdwCleaner[S1].txt - [624 octets] ##########


RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kris and S [Admin rights]
Mode : Scan -- Date : 11/16/2012 22:35:12

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH][DLL] rundll32.exe -- c:\Windows\SysWOW64\rundll32.exe : c:\programdata\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\virusdefs\20121116.009\cceraser.dll -> KILLED [TermProc]
[SUSP PATH][DLL] rundll32.exe -- c:\Windows\SysWOW64\rundll32.exe : c:\programdata\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\virusdefs\20121116.009\cceraser.dll -> KILLED [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA332 +++++
--- User ---
[MBR] 12f06cf4d8cf8038b7c46f8c19fca14d
[BSP] 098502723ebb865929e3e4df8a214fa4 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 28674048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28878848 | Size: 939753 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11162012_02d2235.txt >>
RKreport[1]_S_11162012_02d2235.txt

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kris and S [Admin rights]
Mode : Remove -- Date : 11/16/2012 22:35:49

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH][DLL] rundll32.exe -- c:\Windows\SysWOW64\rundll32.exe : c:\programdata\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\virusdefs\20121116.009\cceraser.dll -> KILLED [TermProc]
[SUSP PATH][DLL] rundll32.exe -- c:\Windows\SysWOW64\rundll32.exe : c:\programdata\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\virusdefs\20121116.009\cceraser.dll -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA332 +++++
--- User ---
[MBR] 12f06cf4d8cf8038b7c46f8c19fca14d
[BSP] 098502723ebb865929e3e4df8a214fa4 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 28674048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28878848 | Size: 939753 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11162012_02d2235.txt >>
RKreport[1]_S_11162012_02d2235.txt ; RKreport[2]_D_11162012_02d2235.txt



Thanks

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 PM

Posted 16 November 2012 - 10:58 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 swindlersb

swindlersb
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 17 November 2012 - 07:19 AM

Before running combofix, the svchost.exe message was still there. PC seems to run fine, otherwise.

Here is the combofix log

ComboFix 12-11-16.02 - Kris and S 11/17/2012 7:05.6.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.4993 [GMT -5:00]
Running from: c:\users\Kris and S\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Temp\tmp3.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-10-17 to 2012-11-17 )))))))))))))))))))))))))))))))
.
.
2012-11-17 12:13 . 2012-11-17 12:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-16 08:15 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 08:15 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 08:15 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 08:15 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 08:02 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 08:02 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 08:02 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 08:02 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 08:02 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 08:02 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 08:02 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 03:08 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-13 00:16 . 2012-11-13 00:16 -------- d-----w- c:\users\Kris and S\AppData\Local\eMusic
2012-11-13 00:16 . 2012-11-13 00:16 -------- d-----w- c:\program files (x86)\eMusic Download Manager 6
2012-11-07 03:05 . 2012-11-16 10:05 -------- d-----w- c:\users\Kris and S\AppData\Local\CrashDumps
2012-11-07 03:03 . 2012-11-07 03:03 -------- d-----w- c:\windows\en
2012-11-07 03:01 . 2012-09-12 20:20 57856 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-11-07 03:01 . 2012-11-07 03:01 -------- d-----w- c:\program files\Windows Live
2012-11-07 03:00 . 2010-06-02 09:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-11-07 03:00 . 2010-06-02 09:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2012-11-07 03:00 . 2010-06-02 09:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2012-11-07 03:00 . 2010-06-02 09:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-11-07 03:00 . 2010-05-26 16:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-11-07 03:00 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-11-07 03:00 . 2010-05-26 16:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-11-07 03:00 . 2010-05-26 16:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-11-07 02:59 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2012-11-07 02:59 . 2009-09-04 22:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-11-07 02:57 . 2012-11-07 02:57 -------- d-----r- c:\users\Kris and S\SkyDrive
2012-11-07 02:57 . 2012-11-07 02:57 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2012-11-07 02:57 . 2012-11-07 02:57 5659096 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\968338a71cdbc9305\skydrivesetup.exe
2012-11-07 02:57 . 2012-11-07 02:57 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-11-07 02:57 . 2012-11-07 02:57 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\93dd93d91cdbc9304\DXSETUP.exe
2012-11-07 02:57 . 2012-11-07 02:57 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\93dd93d91cdbc9304\dsetup32.dll
2012-11-07 02:57 . 2012-11-07 02:57 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\93dd93d91cdbc9304\DSETUP.dll
2012-11-07 02:57 . 2012-11-07 02:57 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\918a7be21cdbc9303\DSETUP.dll
2012-11-07 02:57 . 2012-11-07 02:57 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\918a7be21cdbc9303\DXSETUP.exe
2012-11-07 02:57 . 2012-11-07 02:57 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\918a7be21cdbc9303\dsetup32.dll
2012-11-07 02:56 . 2012-11-07 02:56 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8c1a93411cdbc9301\DSETUP.dll
2012-11-07 02:56 . 2012-11-07 02:56 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8c1a93411cdbc9301\DXSETUP.exe
2012-11-07 02:56 . 2012-11-07 02:56 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8c1a93411cdbc9301\dsetup32.dll
2012-11-07 02:56 . 2012-11-07 03:07 -------- d-----w- C:\Firefox
2012-11-07 02:46 . 2012-11-07 02:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-07 02:45 . 2012-11-07 02:45 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-07 02:45 . 2012-11-07 02:45 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-07 02:44 . 2012-11-07 02:44 -------- d-----w- c:\programdata\McAfee
2012-11-06 01:39 . 2012-11-06 01:39 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-11-04 04:44 . 2012-11-04 12:45 -------- d-----w- c:\users\Kris and S\AppData\Local\NPE
2012-11-04 04:44 . 2012-11-04 04:44 -------- d-----w- c:\programdata\Norton
2012-11-03 04:44 . 2012-11-03 04:44 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-11-03 04:35 . 2012-11-03 04:35 208216 ----a-w- c:\windows\system32\drivers\18395049.sys
2012-11-03 04:33 . 2012-11-03 04:33 -------- d-----w- C:\STOPzilla!
2012-11-03 04:25 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-03 04:25 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-03 04:25 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-03 04:25 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-03 04:25 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-03 04:25 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-03 04:25 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-03 04:25 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-03 04:25 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-03 04:25 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-11-03 04:25 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-11-03 01:54 . 2012-11-03 01:54 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-11-03 01:39 . 2012-11-03 01:39 -------- d-----w- c:\users\Kris and S\AppData\Local\Symantec
2012-11-03 01:39 . 2012-11-03 01:39 -------- d-----w- c:\program files\Symantec
2012-11-03 01:39 . 2012-11-03 01:39 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-11-03 01:39 . 2012-11-03 01:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-11-03 00:28 . 2012-11-03 00:28 208216 ----a-w- c:\windows\system32\drivers\57672846.sys
2012-11-02 10:34 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34E291F7-15AD-4445-A318-A6DFB22C417E}\mpengine.dll
2012-11-02 04:32 . 2012-11-02 04:32 -------- d-----w- c:\program files (x86)\ESET
2012-11-02 04:21 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 04:19 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-11-02 04:19 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-11-02 04:19 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-11-02 04:19 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-11-02 03:53 . 2012-11-02 03:53 208216 ----a-w- c:\windows\system32\drivers\69687655.sys
2012-11-02 02:19 . 2012-11-07 03:09 -------- d-----w- c:\program files\CCleaner
2012-10-30 12:34 . 2012-10-30 17:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-30 11:48 . 2012-10-31 10:16 -------- d-----w- c:\program files\HitmanPro
2012-10-30 11:47 . 2012-11-02 01:57 -------- d-----w- c:\programdata\HitmanPro
2012-10-29 15:40 . 2012-11-04 00:13 -------- d-----w- c:\programdata\STOPzilla!
2012-10-29 15:40 . 2012-11-04 00:13 -------- d-----w- c:\program files (x86)\STOPzilla!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 08:02 . 2011-05-03 00:49 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-07 03:10 . 2012-04-09 01:28 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-07 03:10 . 2011-06-17 10:17 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-29 23:54 . 2011-11-12 12:07 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-12 21:07 . 2012-09-12 21:07 58368 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-09-12 20:57 . 2012-09-12 20:57 322048 ----a-w- c:\windows\WLXPGSS.SCR
2012-08-21 17:01 . 2012-09-22 04:27 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2011-05-02 02:10 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2011-05-02 02:10 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-11-02 04:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-07 02:57 220632 ----a-w- c:\users\Kris and S\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-07 02:57 220632 ----a-w- c:\users\Kris and S\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-07 02:57 220632 ----a-w- c:\users\Kris and S\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
Icatch(VI) SnapDetect.lnk - c:\windows\Twain_32\CA561A\SnapDetect.exe [2012-1-22 65536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-11-12 108904]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-11-13 17152]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SyDvCtrl;SyDvCtrl;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys [2011-10-30 29664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-03 1255736]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS [2011-10-30 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS [2011-10-30 931448]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Kris and S\Documents\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-07-23 23208]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20121031.011\BHDrvx64.sys [2012-10-24 1384608]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20121116.001\IDSvia64.sys [2012-10-02 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS [2011-10-30 171128]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS [2011-10-30 386168]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [2011-10-30 137224]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-03 138912]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 03:10]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16 18:19]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16 18:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-07 02:57 244696 ----a-w- c:\users\Kris and S\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-07 02:57 244696 ----a-w- c:\users\Kris and S\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-07 02:57 244696 ----a-w- c:\users\Kris and S\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?PC=BNHP
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll
AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-17 07:15:35
ComboFix-quarantined-files.txt 2012-11-17 12:15
.
Pre-Run: 776,938,266,624 bytes free
Post-Run: 776,994,172,928 bytes free
.
- - End Of File - - 506544EC23C737ED1BE0F3CB55C9B2AA

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 PM

Posted 17 November 2012 - 07:31 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 swindlersb

swindlersb
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 17 November 2012 - 08:40 AM

Here is the report from TDSS Killer
08:06:48.0968 2188 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:06:50.0398 2188 ============================================================
08:06:50.0398 2188 Current date / time: 2012/11/17 08:06:50.0398
08:06:50.0398 2188 SystemInfo:
08:06:50.0398 2188
08:06:50.0398 2188 OS Version: 6.1.7601 ServicePack: 1.0
08:06:50.0398 2188 Product type: Workstation
08:06:50.0398 2188 ComputerName: KRISANDS-PC
08:06:50.0400 2188 UserName: Kris and S
08:06:50.0400 2188 Windows directory: C:\Windows
08:06:50.0400 2188 System windows directory: C:\Windows
08:06:50.0400 2188 Running under WOW64
08:06:50.0400 2188 Processor architecture: Intel x64
08:06:50.0400 2188 Number of processors: 2
08:06:50.0400 2188 Page size: 0x1000
08:06:50.0400 2188 Boot type: Normal boot
08:06:50.0400 2188 ============================================================
08:06:51.0909 2188 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:06:52.0123 2188 Drive \Device\Harddisk6\DR6 - Size: 0x3B87C0000 (14.88 Gb), SectorSize: 0x1000, Cylinders: 0xF2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:06:52.0179 2188 ============================================================
08:06:52.0179 2188 \Device\Harddisk0\DR0:
08:06:52.0179 2188 MBR partitions:
08:06:52.0179 2188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000
08:06:52.0179 2188 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0x72B74DB0
08:06:52.0179 2188 \Device\Harddisk6\DR6:
08:06:52.0187 2188 MBR partitions:
08:06:52.0187 2188 \Device\Harddisk6\DR6\Partition1: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0x3B877F
08:06:52.0187 2188 ============================================================
08:06:52.0279 2188 C: <-> \Device\Harddisk0\DR0\Partition2
08:06:52.0279 2188 ============================================================
08:06:52.0279 2188 Initialize success
08:06:52.0279 2188 ============================================================
08:06:54.0401 3168 ============================================================
08:06:54.0401 3168 Scan started
08:06:54.0401 3168 Mode: Manual;
08:06:54.0401 3168 ============================================================
08:06:54.0937 3168 ================ Scan system memory ========================
08:06:54.0937 3168 System memory - ok
08:06:54.0938 3168 ================ Scan services =============================
08:06:55.0108 3168 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:06:55.0109 3168 1394ohci - ok
08:06:55.0444 3168 [ 3044D0F3FEB9FFE8BC953D8F34B5B504 ] A2DDA C:\Users\Kris and S\Documents\EmsisoftEmergencyKit\Run\a2ddax64.sys
08:06:55.0445 3168 A2DDA - ok
08:06:55.0497 3168 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:06:55.0499 3168 ACPI - ok
08:06:55.0543 3168 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:06:55.0543 3168 AcpiPmi - ok
08:06:55.0720 3168 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:06:55.0721 3168 AdobeARMservice - ok
08:06:55.0826 3168 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:06:55.0827 3168 AdobeFlashPlayerUpdateSvc - ok
08:06:55.0864 3168 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:06:55.0867 3168 adp94xx - ok
08:06:55.0885 3168 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:06:55.0887 3168 adpahci - ok
08:06:55.0912 3168 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:06:55.0913 3168 adpu320 - ok
08:06:55.0942 3168 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:06:55.0943 3168 AeLookupSvc - ok
08:06:55.0989 3168 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
08:06:55.0992 3168 AFD - ok
08:06:56.0036 3168 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:06:56.0037 3168 agp440 - ok
08:06:56.0060 3168 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:06:56.0062 3168 ALG - ok
08:06:56.0067 3168 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:06:56.0068 3168 aliide - ok
08:06:56.0074 3168 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:06:56.0074 3168 amdide - ok
08:06:56.0085 3168 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:06:56.0086 3168 AmdK8 - ok
08:06:56.0098 3168 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:06:56.0099 3168 AmdPPM - ok
08:06:56.0108 3168 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:06:56.0109 3168 amdsata - ok
08:06:56.0131 3168 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:06:56.0132 3168 amdsbs - ok
08:06:56.0150 3168 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:06:56.0150 3168 amdxata - ok
08:06:56.0192 3168 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:06:56.0193 3168 AppID - ok
08:06:56.0269 3168 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:06:56.0270 3168 AppIDSvc - ok
08:06:56.0351 3168 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
08:06:56.0353 3168 Appinfo - ok
08:06:56.0471 3168 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:06:56.0473 3168 Apple Mobile Device - ok
08:06:56.0514 3168 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
08:06:56.0514 3168 arc - ok
08:06:56.0525 3168 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:06:56.0525 3168 arcsas - ok
08:06:56.0543 3168 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:06:56.0543 3168 AsyncMac - ok
08:06:56.0579 3168 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:06:56.0580 3168 atapi - ok
08:06:56.0632 3168 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:06:56.0637 3168 AudioEndpointBuilder - ok
08:06:56.0651 3168 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:06:56.0655 3168 AudioSrv - ok
08:06:56.0700 3168 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:06:56.0702 3168 AxInstSV - ok
08:06:56.0728 3168 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
08:06:56.0731 3168 b06bdrv - ok
08:06:56.0764 3168 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:06:56.0766 3168 b57nd60a - ok
08:06:56.0869 3168 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
08:06:56.0871 3168 BBSvc - ok
08:06:56.0884 3168 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
08:06:56.0886 3168 BBUpdate - ok
08:06:56.0908 3168 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:06:56.0910 3168 BDESVC - ok
08:06:56.0935 3168 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:06:56.0936 3168 Beep - ok
08:06:57.0030 3168 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:06:57.0035 3168 BFE - ok
08:06:57.0198 3168 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20121031.011\BHDrvx64.sys
08:06:57.0206 3168 BHDrvx64 - ok
08:06:57.0321 3168 [ 1B63F2B7CA6B5290CC124CDD07520BC9 ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
08:06:57.0322 3168 BingDesktopUpdate - ok
08:06:57.0411 3168 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
08:06:57.0417 3168 BITS - ok
08:06:57.0450 3168 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:06:57.0451 3168 blbdrive - ok
08:06:57.0556 3168 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:06:57.0559 3168 Bonjour Service - ok
08:06:57.0600 3168 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:06:57.0601 3168 bowser - ok
08:06:57.0643 3168 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:06:57.0644 3168 BrFiltLo - ok
08:06:57.0654 3168 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:06:57.0654 3168 BrFiltUp - ok
08:06:57.0683 3168 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
08:06:57.0684 3168 BridgeMP - ok
08:06:57.0714 3168 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
08:06:57.0716 3168 Browser - ok
08:06:57.0731 3168 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:06:57.0733 3168 Brserid - ok
08:06:57.0761 3168 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:06:57.0761 3168 BrSerWdm - ok
08:06:57.0771 3168 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:06:57.0771 3168 BrUsbMdm - ok08:06:57.0782 3168 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:06:57.0783 3168 BrUsbSer - ok
08:06:57.0798 3168 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:06:57.0800 3168 BTHMODEM - ok
08:06:57.0833 3168 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:06:57.0834 3168 bthserv - ok
08:06:57.0855 3168 catchme - ok
08:06:57.0872 3168 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:06:57.0872 3168 cdfs - ok
08:06:57.0922 3168 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:06:57.0923 3168 cdrom - ok
08:06:57.0969 3168 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:06:57.0971 3168 CertPropSvc - ok
08:06:57.0984 3168 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:06:57.0984 3168 circlass - ok
08:06:58.0001 3168 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:06:58.0003 3168 CLFS - ok
08:06:58.0057 3168 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:06:58.0058 3168 clr_optimization_v2.0.50727_32 - ok
08:06:58.0072 3168 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:06:58.0080 3168 clr_optimization_v2.0.50727_64 - ok
08:06:58.0153 3168 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:06:58.0154 3168 clr_optimization_v4.0.30319_32 - ok
08:06:58.0204 3168 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:06:58.0206 3168 clr_optimization_v4.0.30319_64 - ok
08:06:58.0229 3168 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:06:58.0230 3168 CmBatt - ok
08:06:58.0272 3168 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:06:58.0272 3168 cmdide - ok
08:06:58.0301 3168 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
08:06:58.0303 3168 CNG - ok
08:06:58.0320 3168 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:06:58.0321 3168 Compbatt - ok
08:06:58.0340 3168 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:06:58.0341 3168 CompositeBus - ok
08:06:58.0355 3168 COMSysApp - ok
08:06:58.0371 3168 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:06:58.0371 3168 crcdisk - ok
08:06:58.0397 3168 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:06:58.0400 3168 CryptSvc - ok
08:06:58.0446 3168 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:06:58.0451 3168 DcomLaunch - ok
08:06:58.0519 3168 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:06:58.0522 3168 defragsvc - ok
08:06:58.0637 3168 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:06:58.0638 3168 DfsC - ok
08:06:58.0669 3168 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:06:58.0672 3168 Dhcp - ok
08:06:58.0703 3168 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:06:58.0703 3168 discache - ok
08:06:58.0719 3168 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:06:58.0720 3168 Disk - ok
08:06:58.0757 3168 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:06:58.0759 3168 Dnscache - ok
08:06:58.0797 3168 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:06:58.0799 3168 dot3svc - ok
08:06:58.0831 3168 [ B42ED0320C6E41102FDE0005154849BB ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
08:06:58.0833 3168 dot4 - ok
08:06:58.0878 3168 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
08:06:58.0878 3168 Dot4Print - ok
08:06:58.0895 3168 [ 488669CD1CD3BDCFDD9A5FDA72209069 ] Dot4Scan C:\Windows\system32\DRIVERS\Dot4Scan.sys
08:06:58.0896 3168 Dot4Scan - ok
08:06:58.0914 3168 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
08:06:58.0915 3168 dot4usb - ok
08:06:58.0949 3168 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:06:58.0951 3168 DPS - ok
08:06:58.0968 3168 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:06:58.0968 3168 drmkaud - ok
08:06:59.0016 3168 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:06:59.0021 3168 DXGKrnl - ok
08:06:59.0049 3168 [ 761B9EDD97A021AA1922501B7A056635 ] e1yexpress C:\Windows\system32\DRIVERS\e1y62x64.sys
08:06:59.0051 3168 e1yexpress - ok
08:06:59.0075 3168 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:06:59.0077 3168 EapHost - ok
08:06:59.0142 3168 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
08:06:59.0159 3168 ebdrv - ok
08:06:59.0208 3168 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
08:06:59.0211 3168 eeCtrl - ok
08:06:59.0246 3168 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
08:06:59.0247 3168 EFS - ok
08:06:59.0305 3168 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:06:59.0309 3168 ehRecvr - ok
08:06:59.0333 3168 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:06:59.0344 3168 ehSched - ok
08:06:59.0422 3168 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:06:59.0425 3168 elxstor - ok
08:06:59.0460 3168 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:06:59.0461 3168 EraserUtilRebootDrv - ok
08:06:59.0472 3168 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:06:59.0472 3168 ErrDev - ok
08:06:59.0499 3168 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:06:59.0502 3168 EventSystem - ok
08:06:59.0517 3168 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:06:59.0518 3168 exfat - ok
08:06:59.0533 3168 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:06:59.0534 3168 fastfat - ok
08:06:59.0581 3168 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:06:59.0586 3168 Fax - ok
08:06:59.0602 3168 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:06:59.0602 3168 fdc - ok
08:06:59.0617 3168 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:06:59.0618 3168 fdPHost - ok
08:06:59.0623 3168 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:06:59.0625 3168 FDResPub - ok
08:06:59.0641 3168 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:06:59.0642 3168 FileInfo - ok
08:06:59.0664 3168 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:06:59.0665 3168 Filetrace - ok
08:06:59.0678 3168 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:06:59.0678 3168 flpydisk - ok
08:06:59.0803 3168 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:06:59.0805 3168 FltMgr - ok
08:06:59.0852 3168 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
08:06:59.0859 3168 FontCache - ok
08:06:59.0904 3168 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:06:59.0906 3168 FontCache3.0.0.0 - ok
08:06:59.0922 3168 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:06:59.0923 3168 FsDepends - ok
08:06:59.0982 3168 [ B16B626996C74B564005BA855C5DEE90 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
08:06:59.0983 3168 fssfltr - ok
08:07:00.0154 3168 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
08:07:00.0162 3168 fsssvc - ok
08:07:00.0201 3168 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:07:00.0202 3168 Fs_Rec - ok
08:07:00.0245 3168 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:07:00.0247 3168 fvevol - ok
08:07:00.0268 3168 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:07:00.0269 3168 gagp30kx - ok
08:07:00.0333 3168 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
08:07:00.0335 3168 GameConsoleService - ok
08:07:00.0366 3168 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:07:00.0366 3168 GEARAspiWDM - ok
08:07:00.0415 3168 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:07:00.0419 3168 gpsvc - ok
08:07:00.0458 3168 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
08:07:00.0459 3168 GREGService - ok
08:07:00.0486 3168 [ B9893A68032A6D9ADDB5B98287C630F7 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
08:07:00.0487 3168 grmnusb - ok
08:07:00.0588 3168 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:07:00.0589 3168 gupdate - ok
08:07:00.0605 3168 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:07:00.0606 3168 gupdatem - ok
08:07:00.0623 3168 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:07:00.0623 3168 hcw85cir - ok
08:07:00.0662 3168 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:07:00.0664 3168 HdAudAddService - ok
08:07:00.0674 3168 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:07:00.0675 3168 HDAudBus - ok
08:07:00.0688 3168 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:07:00.0689 3168 HidBatt - ok
08:07:00.0703 3168 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:07:00.0704 3168 HidBth - ok
08:07:00.0718 3168 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:07:00.0718 3168 HidIr - ok
08:07:00.0735 3168 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
08:07:00.0737 3168 hidserv - ok
08:07:00.0762 3168 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
08:07:00.0763 3168 HidUsb - ok
08:07:00.0788 3168 [ 874073073B79FF7161AA66F809B05137 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
08:07:00.0795 3168 HitmanProScheduler - ok
08:07:00.0835 3168 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:07:00.0837 3168 hkmsvc - ok
08:07:00.0876 3168 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:07:00.0878 3168 HomeGroupListener - ok
08:07:00.0986 3168 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:07:00.0989 3168 HomeGroupProvider - ok
08:07:01.0026 3168 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:07:01.0027 3168 HpSAMD - ok
08:07:01.0084 3168 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:07:01.0088 3168 HTTP - ok
08:07:01.0121 3168 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:07:01.0122 3168 hwpolicy - ok
08:07:01.0194 3168 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:07:01.0196 3168 i8042prt - ok
08:07:01.0252 3168 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
08:07:01.0254 3168 iaStor - ok
08:07:01.0278 3168 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:07:01.0280 3168 iaStorV - ok
08:07:01.0336 3168 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:07:01.0341 3168 idsvc - ok
08:07:01.0454 3168 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20121116.001\IDSvia64.sys
08:07:01.0457 3168 IDSVia64 - ok
08:07:01.0634 3168 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
08:07:01.0686 3168 igfx - ok
08:07:01.0705 3168 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:07:01.0705 3168 iirsp - ok
08:07:01.0753 3168 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
08:07:01.0758 3168 IKEEXT - ok
08:07:01.0806 3168 [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:07:01.0815 3168 IntcAzAudAddService - ok
08:07:01.0859 3168 [ D485D3BD3E2179AA86853A182F70699F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
08:07:01.0860 3168 IntcHdmiAddService - ok
08:07:01.0871 3168 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:07:01.0872 3168 intelide - ok
08:07:01.0897 3168 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:07:01.0898 3168 intelppm - ok
08:07:01.0988 3168 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
08:07:01.0989 3168 IntuitUpdateServiceV4 - ok
08:07:02.0007 3168 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:07:02.0009 3168 IPBusEnum - ok
08:07:02.0095 3168 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:07:02.0096 3168 IpFilterDriver - ok
08:07:02.0153 3168 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:07:02.0157 3168 iphlpsvc - ok
08:07:02.0197 3168 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:07:02.0198 3168 IPMIDRV - ok
08:07:02.0230 3168 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:07:02.0232 3168 IPNAT - ok
08:07:02.0311 3168 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:07:02.0316 3168 iPod Service - ok
08:07:02.0330 3168 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:07:02.0331 3168 IRENUM - ok
08:07:02.0342 3168 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:07:02.0342 3168 isapnp - ok
08:07:02.0358 3168 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:07:02.0360 3168 iScsiPrt - ok
08:07:02.0381 3168 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
08:07:02.0382 3168 kbdclass - ok
08:07:02.0405 3168 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
08:07:02.0406 3168 kbdhid - ok
08:07:02.0412 3168 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
08:07:02.0413 3168 KeyIso - ok
08:07:02.0435 3168 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:07:02.0436 3168 KSecDD - ok
08:07:02.0460 3168 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:07:02.0461 3168 KSecPkg - ok
08:07:02.0484 3168 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:07:02.0484 3168 ksthunk - ok
08:07:02.0508 3168 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:07:02.0511 3168 KtmRm - ok
08:07:02.0549 3168 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
08:07:02.0552 3168 LanmanServer - ok
08:07:02.0584 3168 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:07:02.0586 3168 LanmanWorkstation - ok
08:07:02.0656 3168 [ 9A7FA6371F68335FD3C3D6488BC5A9F8 ] Lavasoft Kernexplorer C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
08:07:02.0656 3168 Lavasoft Kernexplorer - ok
08:07:02.0812 3168 [ 32F1B95C60042F3D95FC8AB43559B3B1 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
08:07:02.0867 3168 LeapFrog Connect Device Service - ok
08:07:02.0899 3168 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:07:02.0900 3168 lltdio - ok
08:07:03.0015 3168 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:07:03.0018 3168 lltdsvc - ok
08:07:03.0027 3168 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:07:03.0029 3168 lmhosts - ok
08:07:03.0064 3168 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:07:03.0065 3168 LSI_FC - ok
08:07:03.0093 3168 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:07:03.0094 3168 LSI_SAS - ok
08:07:03.0107 3168 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:07:03.0108 3168 LSI_SAS2 - ok
08:07:03.0128 3168 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:07:03.0129 3168 LSI_SCSI - ok
08:07:03.0148 3168 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:07:03.0149 3168 luafv - ok
08:07:03.0184 3168 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:07:03.0185 3168 Mcx2Svc - ok
08:07:03.0198 3168 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:07:03.0199 3168 megasas - ok
08:07:03.0215 3168 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:07:03.0217 3168 MegaSR - ok
08:07:03.0303 3168 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
08:07:03.0304 3168 Microsoft Office Groove Audit Service - ok
08:07:03.0335 3168 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:07:03.0336 3168 MMCSS - ok
08:07:03.0369 3168 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:07:03.0369 3168 Modem - ok
08:07:03.0432 3168 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:07:03.0433 3168 monitor - ok
08:07:03.0470 3168 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
08:07:03.0471 3168 mouclass - ok
08:07:03.0494 3168 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:07:03.0495 3168 mouhid - ok
08:07:03.0531 3168 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:07:03.0532 3168 mountmgr - ok
08:07:03.0549 3168 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:07:03.0550 3168 mpio - ok
08:07:03.0562 3168 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:07:03.0563 3168 mpsdrv - ok
08:07:03.0643 3168 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:07:03.0648 3168 MpsSvc - ok
08:07:03.0682 3168 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:07:03.0683 3168 MRxDAV - ok
08:07:03.0720 3168 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:07:03.0721 3168 mrxsmb - ok
08:07:03.0765 3168 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:07:03.0767 3168 mrxsmb10 - ok
08:07:03.0784 3168 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:07:03.0785 3168 mrxsmb20 - ok
08:07:03.0822 3168 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:07:03.0822 3168 msahci - ok
08:07:03.0838 3168 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:07:03.0839 3168 msdsm - ok
08:07:03.0859 3168 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:07:03.0861 3168 MSDTC - ok
08:07:03.0892 3168 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:07:03.0893 3168 Msfs - ok
08:07:03.0906 3168 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:07:03.0907 3168 mshidkmdf - ok
08:07:03.0927 3168 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:07:03.0928 3168 msisadrv - ok
08:07:04.0111 3168 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:07:04.0115 3168 MSiSCSI - ok
08:07:04.0120 3168 msiserver - ok
08:07:04.0149 3168 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:07:04.0149 3168 MSKSSRV - ok
08:07:04.0160 3168 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:07:04.0161 3168 MSPCLOCK - ok
08:07:04.0168 3168 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:07:04.0168 3168 MSPQM - ok
08:07:04.0207 3168 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:07:04.0209 3168 MsRPC - ok
08:07:04.0243 3168 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:07:04.0243 3168 mssmbios - ok
08:07:04.0260 3168 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:07:04.0260 3168 MSTEE - ok
08:07:04.0274 3168 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:07:04.0275 3168 MTConfig - ok
08:07:04.0288 3168 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:07:04.0289 3168 Mup - ok
08:07:04.0337 3168 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:07:04.0341 3168 napagent - ok
08:07:04.0375 3168 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:07:04.0377 3168 NativeWifiP - ok
08:07:04.0450 3168 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20121116.009\ENG64.SYS
08:07:04.0451 3168 NAVENG - ok
08:07:04.0503 3168 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20121116.009\EX64.SYS
08:07:04.0513 3168 NAVEX15 - ok
08:07:04.0568 3168 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:07:04.0573 3168 NDIS - ok
08:07:04.0590 3168 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:07:04.0591 3168 NdisCap - ok
08:07:04.0617 3168 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:07:04.0617 3168 NdisTapi - ok
08:07:04.0656 3168 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:07:04.0657 3168 Ndisuio - ok
08:07:04.0689 3168 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:07:04.0690 3168 NdisWan - ok
08:07:04.0725 3168 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:07:04.0726 3168 NDProxy - ok
08:07:04.0807 3168 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
08:07:04.0812 3168 Nero BackItUp Scheduler 4.0 - ok
08:07:04.0824 3168 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:07:04.0824 3168 NetBIOS - ok
08:07:04.0865 3168 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:07:04.0867 3168 NetBT - ok
08:07:04.0880 3168 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
08:07:04.0882 3168 Netlogon - ok
08:07:04.0906 3168 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:07:04.0909 3168 Netman - ok
08:07:04.0920 3168 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:07:04.0924 3168 netprofm - ok
08:07:04.0954 3168 [ B72BB9496A126FCFC7FC5945DED9B411 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
08:07:04.0957 3168 netr28x - ok
08:07:04.0975 3168 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:07:04.0976 3168 NetTcpPortSharing - ok
08:07:04.0995 3168 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:07:04.0996 3168 nfrd960 - ok
08:07:05.0020 3168 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:07:05.0023 3168 NlaSvc - ok
08:07:05.0032 3168 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:07:05.0033 3168 Npfs - ok
08:07:05.0055 3168 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:07:05.0057 3168 nsi - ok
08:07:05.0067 3168 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:07:05.0067 3168 nsiproxy - ok
08:07:05.0114 3168 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:07:05.0124 3168 Ntfs - ok
08:07:05.0129 3168 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:07:05.0131 3168 Null - ok
08:07:05.0149 3168 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:07:05.0150 3168 nvraid - ok
08:07:05.0185 3168 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:07:05.0186 3168 nvstor - ok
08:07:05.0192 3168 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:07:05.0193 3168 nv_agp - ok
08:07:05.0263 3168 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:07:05.0266 3168 odserv - ok
08:07:05.0276 3168 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:07:05.0277 3168 ohci1394 - ok
08:07:05.0327 3168 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:07:05.0329 3168 ose - ok
08:07:05.0363 3168 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:07:05.0366 3168 p2pimsvc - ok
08:07:05.0382 3168 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:07:05.0386 3168 p2psvc - ok
08:07:05.0407 3168 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:07:05.0408 3168 Parport - ok
08:07:05.0444 3168 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:07:05.0445 3168 partmgr - ok
08:07:05.0459 3168 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:07:05.0461 3168 PcaSvc - ok
08:07:05.0475 3168 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:07:05.0476 3168 pci - ok
08:07:05.0513 3168 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:07:05.0514 3168 pciide - ok
08:07:05.0526 3168 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:07:05.0528 3168 pcmcia - ok
08:07:05.0546 3168 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:07:05.0547 3168 pcw - ok
08:07:05.0567 3168 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:07:05.0571 3168 PEAUTH - ok
08:07:05.0626 3168 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:07:05.0628 3168 PerfHost - ok
08:07:05.0686 3168 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:07:05.0695 3168 pla - ok
08:07:05.0731 3168 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:07:05.0735 3168 PlugPlay - ok
08:07:05.0744 3168 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:07:05.0745 3168 PNRPAutoReg - ok
08:07:05.0763 3168 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:07:05.0766 3168 PNRPsvc - ok
08:07:05.0787 3168 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:07:05.0791 3168 PolicyAgent - ok
08:07:05.0817 3168 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:07:05.0820 3168 Power - ok
08:07:05.0860 3168 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:07:05.0861 3168 PptpMiniport - ok
08:07:05.0886 3168 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:07:05.0887 3168 Processor - ok
08:07:05.0923 3168 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:07:05.0925 3168 ProfSvc - ok
08:07:05.0938 3168 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:07:05.0939 3168 ProtectedStorage - ok
08:07:05.0977 3168 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:07:05.0978 3168 Psched - ok
08:07:06.0008 3168 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:07:06.0016 3168 ql2300 - ok
08:07:06.0029 3168 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:07:06.0030 3168 ql40xx - ok
08:07:06.0046 3168 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:07:06.0049 3168 QWAVE - ok
08:07:06.0065 3168 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:07:06.0066 3168 QWAVEdrv - ok
08:07:06.0090 3168 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:07:06.0091 3168 RasAcd - ok
08:07:06.0147 3168 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:07:06.0148 3168 RasAgileVpn - ok
08:07:06.0162 3168 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:07:06.0164 3168 RasAuto - ok
08:07:06.0201 3168 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:07:06.0202 3168 Rasl2tp - ok
08:07:06.0217 3168 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:07:06.0221 3168 RasMan - ok
08:07:06.0240 3168 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:07:06.0241 3168 RasPppoe - ok
08:07:06.0250 3168 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:07:06.0251 3168 RasSstp - ok
08:07:06.0268 3168 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:07:06.0270 3168 rdbss - ok
08:07:06.0285 3168 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:07:06.0286 3168 rdpbus - ok
08:07:06.0298 3168 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:07:06.0299 3168 RDPCDD - ok
08:07:06.0314 3168 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:07:06.0314 3168 RDPENCDD - ok
08:07:06.0326 3168 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:07:06.0327 3168 RDPREFMP - ok
08:07:06.0367 3168 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
08:07:06.0368 3168 RdpVideoMiniport - ok
08:07:06.0408 3168 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:07:06.0410 3168 RDPWD - ok
08:07:06.0464 3168 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:07:06.0465 3168 rdyboost - ok
08:07:06.0489 3168 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:07:06.0491 3168 RemoteAccess - ok
08:07:06.0519 3168 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:07:06.0522 3168 RemoteRegistry - ok
08:07:06.0532 3168 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:07:06.0534 3168 RpcEptMapper - ok
08:07:06.0543 3168 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:07:06.0544 3168 RpcLocator - ok
08:07:06.0587 3168 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
08:07:06.0591 3168 RpcSs - ok
08:07:06.0613 3168 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:07:06.0614 3168 rspndr - ok
08:07:06.0630 3168 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
08:07:06.0631 3168 SamSs - ok
08:07:06.0644 3168 sbapifs - ok
08:07:06.0677 3168 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:07:06.0678 3168 sbp2port - ok
08:07:06.0689 3168 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:07:06.0691 3168 SCardSvr - ok
08:07:06.0724 3168 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:07:06.0725 3168 scfilter - ok
08:07:06.0768 3168 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:07:06.0775 3168 Schedule - ok
08:07:06.0811 3168 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:07:06.0812 3168 SCPolicySvc - ok
08:07:06.0851 3168 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:07:06.0853 3168 SDRSVC - ok
08:07:06.0875 3168 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:07:06.0876 3168 secdrv - ok
08:07:06.0892 3168 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:07:06.0894 3168 seclogon - ok
08:07:06.0915 3168 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
08:07:06.0916 3168 SENS - ok
08:07:06.0930 3168 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:07:06.0932 3168 SensrSvc - ok
08:07:07.0010 3168 [ 74885BDFF62E537F268EBF8E8CEC24BB ] SepMasterService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
08:07:07.0012 3168 SepMasterService - ok
08:07:07.0023 3168 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:07:07.0024 3168 Serenum - ok
08:07:07.0055 3168 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:07:07.0056 3168 Serial - ok
08:07:07.0071 3168 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:07:07.0072 3168 sermouse - ok
08:07:07.0120 3168 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:07:07.0122 3168 SessionEnv - ok
08:07:07.0162 3168 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:07:07.0163 3168 sffdisk - ok
08:07:07.0168 3168 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:07:07.0169 3168 sffp_mmc - ok
08:07:07.0175 3168 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:07:07.0176 3168 sffp_sd - ok
08:07:07.0186 3168 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:07:07.0186 3168 sfloppy - ok
08:07:07.0237 3168 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:07:07.0240 3168 SharedAccess - ok
08:07:07.0257 3168 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:07:07.0260 3168 ShellHWDetection - ok
08:07:07.0273 3168 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:07:07.0273 3168 SiSRaid2 - ok
08:07:07.0288 3168 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:07:07.0289 3168 SiSRaid4 - ok
08:07:07.0320 3168 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:07:07.0321 3168 Smb - ok
08:07:07.0437 3168 [ B8EF6F1FAFBE89E24E152907605E7A25 ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
08:07:07.0451 3168 SmcService - ok
08:07:07.0470 3168 [ 89733DCC3817455FBC3AB4A3C19EE765 ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe
08:07:07.0472 3168 SNAC - ok
08:07:07.0500 3168 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:07:07.0502 3168 SNMPTRAP - ok
08:07:07.0514 3168 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:07:07.0514 3168 spldr - ok
08:07:07.0543 3168 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
08:07:07.0548 3168 Spooler - ok
08:07:07.0624 3168 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:07:07.0643 3168 sppsvc - ok
08:07:07.0655 3168 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:07:07.0657 3168 sppuinotify - ok
08:07:07.0724 3168 [ 48FD53FED3C81726001E438A2201E9FF ] SRTSP C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SRTSP64.SYS
08:07:07.0727 3168 SRTSP - ok
08:07:07.0737 3168 [ 63199A936D9BDEA578DFB8F5E9A40095 ] SRTSPX C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SRTSPX64.SYS
08:07:07.0738 3168 SRTSPX - ok
08:07:07.0780 3168 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:07:07.0782 3168 srv - ok
08:07:07.0799 3168 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:07:07.0801 3168 srv2 - ok
08:07:07.0813 3168 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:07:07.0814 3168 srvnet - ok
08:07:07.0853 3168 [ F4F1E1FF6986FE8914525AF751EA3EAC ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
08:07:07.0854 3168 sscdbus - ok
08:07:07.0886 3168 [ 5447690D2CFE1BDE1BE3A5A5A3E2F796 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
08:07:07.0887 3168 sscdmdfl - ok
08:07:07.0893 3168 [ BFDA292053AEB76A0C1D63B2279D5138 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
08:07:07.0894 3168 sscdmdm - ok
08:07:07.0901 3168 [ 208731A751357DD71C5A0345C77AFD0A ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
08:07:07.0902 3168 sscdserd - ok
08:07:07.0926 3168 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:07:07.0928 3168 SSDPSRV - ok
08:07:07.0947 3168 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:07:07.0949 3168 SstpSvc - ok
08:07:07.0966 3168 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:07:07.0966 3168 stexstor - ok
08:07:08.0024 3168 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:07:08.0028 3168 stisvc - ok
08:07:08.0072 3168 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
08:07:08.0073 3168 swenum - ok
08:07:08.0090 3168 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:07:08.0094 3168 swprv - ok
08:07:08.0139 3168 [ C6EE00B4CA36CC1E48A323A75E5881CE ] SyDvCtrl C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys
08:07:08.0140 3168 SyDvCtrl - ok
08:07:08.0157 3168 [ F017987B177F7BBC989318D59309D091 ] SymDS C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS
08:07:08.0160 3168 SymDS - ok
08:07:08.0183 3168 [ E7F25D768EE0CDF69D8B752398C262BB ] SymEFA C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS
08:07:08.0187 3168 SymEFA - ok
08:07:08.0220 3168 [ 36B77F5C9E21F88A8C8EC67AD5415819 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
08:07:08.0221 3168 SymEvent - ok
08:07:08.0246 3168 [ 1611FA7A95A48387DF22757FA81B46A9 ] SymIRON C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS
08:07:08.0248 3168 SymIRON - ok
08:07:08.0267 3168 [ D41557715C1C792D1391DB5AA81A00DF ] SYMNETS C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS
08:07:08.0269 3168 SYMNETS - ok
08:07:08.0330 3168 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:07:08.0340 3168 SysMain - ok
08:07:08.0354 3168 [ 3BEAB2DE5688F3635A8ECD7C75562F43 ] SysPlant C:\Windows\system32\Drivers\SysPlant.sys
08:07:08.0355 3168 SysPlant - ok
08:07:08.0386 3168 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:07:08.0388 3168 TabletInputService - ok
08:07:08.0403 3168 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:07:08.0407 3168 TapiSrv - ok
08:07:08.0436 3168 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:07:08.0438 3168 TBS - ok
08:07:08.0558 3168 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:07:08.0569 3168 Tcpip - ok
08:07:08.0598 3168 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:07:08.0607 3168 TCPIP6 - ok
08:07:08.0621 3168 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:07:08.0622 3168 tcpipreg - ok
08:07:08.0642 3168 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:07:08.0642 3168 TDPIPE - ok
08:07:08.0678 3168 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:07:08.0679 3168 TDTCP - ok
08:07:08.0716 3168 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:07:08.0717 3168 tdx - ok
08:07:08.0753 3168 [ 7DD4F26F73EFE8E0817E18D1D1B9B18A ] Teefer2 C:\Windows\system32\DRIVERS\Teefer.sys
08:07:08.0754 3168 Teefer2 - ok
08:07:08.0782 3168 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:07:08.0783 3168 TermDD - ok
08:07:08.0801 3168 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:07:08.0806 3168 TermService - ok
08:07:08.0823 3168 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:07:08.0825 3168 Themes - ok
08:07:08.0852 3168 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:07:08.0854 3168 THREADORDER - ok
08:07:08.0864 3168 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:07:08.0866 3168 TrkWks - ok
08:07:08.0918 3168 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:07:08.0920 3168 TrustedInstaller - ok
08:07:08.0956 3168 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:07:08.0956 3168 tssecsrv - ok
08:07:08.0982 3168 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:07:08.0983 3168 TsUsbFlt - ok
08:07:09.0032 3168 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:07:09.0033 3168 tunnel - ok
08:07:09.0046 3168 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:07:09.0047 3168 uagp35 - ok
08:07:09.0062 3168 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:07:09.0064 3168 udfs - ok
08:07:09.0082 3168 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:07:09.0084 3168 UI0Detect - ok
08:07:09.0097 3168 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:07:09.0097 3168 uliagpkx - ok
08:07:09.0134 3168 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
08:07:09.0135 3168 umbus - ok
08:07:09.0144 3168 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:07:09.0145 3168 UmPass - ok
08:07:09.0201 3168 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
08:07:09.0203 3168 Updater Service - ok
08:07:09.0231 3168 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:07:09.0235 3168 upnphost - ok
08:07:09.0252 3168 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:07:09.0253 3168 USBAAPL64 - ok
08:07:09.0261 3168 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:07:09.0263 3168 usbccgp - ok
08:07:09.0279 3168 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:07:09.0280 3168 usbcir - ok
08:07:09.0291 3168 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:07:09.0292 3168 usbehci - ok
08:07:09.0309 3168 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:07:09.0311 3168 usbhub - ok
08:07:09.0317 3168 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:07:09.0318 3168 usbohci - ok
08:07:09.0347 3168 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:07:09.0348 3168 usbprint - ok
08:07:09.0369 3168 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:07:09.0370 3168 USBSTOR - ok
08:07:09.0380 3168 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
08:07:09.0381 3168 usbuhci - ok
08:07:09.0386 3168 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:07:09.0388 3168 UxSms - ok
08:07:09.0396 3168 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
08:07:09.0397 3168 VaultSvc - ok
08:07:09.0404 3168 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:07:09.0405 3168 vdrvroot - ok
08:07:09.0443 3168 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:07:09.0448 3168 vds - ok
08:07:09.0473 3168 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:07:09.0474 3168 vga - ok
08:07:09.0510 3168 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:07:09.0511 3168 VgaSave - ok
08:07:09.0541 3168 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:07:09.0542 3168 vhdmp - ok
08:07:09.0555 3168 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:07:09.0556 3168 viaide - ok
08:07:09.0568 3168 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:07:09.0569 3168 volmgr - ok
08:07:09.0625 3168 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:07:09.0627 3168 volmgrx - ok
08:07:09.0671 3168 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:07:09.0673 3168 volsnap - ok
08:07:09.0688 3168 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:07:09.0690 3168 vsmraid - ok
08:07:09.0743 3168 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:07:09.0752 3168 VSS - ok
08:07:09.0769 3168 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:07:09.0769 3168 vwifibus - ok
08:07:09.0781 3168 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:07:09.0782 3168 vwififlt - ok
08:07:09.0816 3168 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:07:09.0820 3168 W32Time - ok
08:07:09.0844 3168 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:07:09.0844 3168 WacomPen - ok
08:07:09.0855 3168 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:07:09.0856 3168 WANARP - ok
08:07:09.0866 3168 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:07:09.0868 3168 Wanarpv6 - ok
08:07:09.0931 3168 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:07:09.0938 3168 WatAdminSvc - ok
08:07:09.0969 3168 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:07:09.0979 3168 wbengine - ok
08:07:09.0992 3168 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:07:09.0995 3168 WbioSrvc - ok
08:07:10.0038 3168 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:07:10.0041 3168 wcncsvc - ok
08:07:10.0062 3168 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:07:10.0065 3168 WcsPlugInService - ok
08:07:10.0082 3168 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:07:10.0083 3168 Wd - ok
08:07:10.0164 3168 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:07:10.0168 3168 Wdf01000 - ok
08:07:10.0184 3168 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:07:10.0186 3168 WdiServiceHost - ok
08:07:10.0190 3168 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:07:10.0192 3168 WdiSystemHost - ok
08:07:10.0206 3168 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:07:10.0209 3168 WebClient - ok
08:07:10.0223 3168 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:07:10.0226 3168 Wecsvc - ok
08:07:10.0242 3168 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:07:10.0244 3168 wercplsupport - ok
08:07:10.0265 3168 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:07:10.0267 3168 WerSvc - ok
08:07:10.0294 3168 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:07:10.0295 3168 WfpLwf - ok
08:07:10.0305 3168 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:07:10.0305 3168 WIMMount - ok
08:07:10.0336 3168 WinDefend - ok
08:07:10.0341 3168 WinHttpAutoProxySvc - ok
08:07:10.0378 3168 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:07:10.0380 3168 Winmgmt - ok
08:07:10.0437 3168 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:07:10.0450 3168 WinRM - ok
08:07:10.0504 3168 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:07:10.0504 3168 WinUsb - ok
08:07:10.0535 3168 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:07:10.0541 3168 Wlansvc - ok
08:07:10.0627 3168 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:07:10.0639 3168 wlidsvc - ok
08:07:10.0652 3168 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:07:10.0653 3168 WmiAcpi - ok
08:07:10.0678 3168 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:07:10.0680 3168 wmiApSrv - ok
08:07:10.0704 3168 WMPNetworkSvc - ok
08:07:10.0727 3168 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:07:10.0730 3168 WPCSvc - ok
08:07:10.0761 3168 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:07:10.0765 3168 WPDBusEnum - ok
08:07:10.0787 3168 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:07:10.0788 3168 ws2ifsl - ok
08:07:10.0830 3168 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
08:07:10.0833 3168 wscsvc - ok
08:07:10.0837 3168 WSearch - ok
08:07:10.0918 3168 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:07:10.0932 3168 wuauserv - ok
08:07:11.0031 3168 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:07:11.0032 3168 WudfPf - ok
08:07:11.0107 3168 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:07:11.0108 3168 WUDFRd - ok
08:07:11.0123 3168 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:07:11.0126 3168 wudfsvc - ok
08:07:11.0224 3168 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:07:11.0227 3168 WwanSvc - ok
08:07:11.0235 3168 ================ Scan global ===============================
08:07:11.0284 3168 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:07:11.0353 3168 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
08:07:11.0388 3168 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
08:07:11.0451 3168 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:07:11.0499 3168 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:07:11.0502 3168 [Global] - ok
08:07:11.0502 3168 ================ Scan MBR ==================================
08:07:11.0525 3168 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:07:11.0739 3168 \Device\Harddisk0\DR0 - ok
08:07:12.0199 3168 [ DFE9F1A228F41378EAC5271200663304 ] \Device\Harddisk6\DR6
08:08:23.0050 3168 \Device\Harddisk6\DR6 - ok
08:08:23.0053 3168 ================ Scan VBR ==================================
08:08:23.0066 3168 [ 1038A8ACBE58F9145C0D21FBE50388ED ] \Device\Harddisk0\DR0\Partition1
08:08:23.0068 3168 \Device\Harddisk0\DR0\Partition1 - ok
08:08:23.0076 3168 [ 12D1982C487F8D83CE43B5C905E282D8 ] \Device\Harddisk0\DR0\Partition2
08:08:23.0077 3168 \Device\Harddisk0\DR0\Partition2 - ok
08:08:23.0081 3168 [ FBD594FA0C16336EAB003C7914365F84 ] \Device\Harddisk6\DR6\Partition1
08:08:23.0082 3168 \Device\Harddisk6\DR6\Partition1 - ok
08:08:23.0083 3168 ============================================================
08:08:23.0083 3168 Scan finished
08:08:23.0083 3168 ============================================================
08:08:23.0097 3680 Detected object count: 0
08:08:23.0097 3680 Actual detected object count: 0
08:08:38.0801 5108 Deinitialize success

Here's the ASWMBR scan log
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-17 08:08:51
-----------------------------
08:08:51.489 OS Version: Windows x64 6.1.7601 Service Pack 1
08:08:51.489 Number of processors: 2 586 0x170A
08:08:51.504 ComputerName: KRISANDS-PC UserName: Kris and S
08:08:54.266 Initialize success
08:10:05.307 AVAST engine defs: 12111700
08:11:01.101 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:11:01.117 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 8
08:11:01.132 Disk 0 MBR read successfully
08:11:01.132 Disk 0 MBR scan
08:11:01.132 Disk 0 Windows 7 default MBR code
08:11:01.148 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14000 MB offset 2048
08:11:01.164 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 28674048
08:11:01.179 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 939753 MB offset 28878848
08:11:01.210 Disk 0 scanning C:\Windows\system32\drivers
08:11:10.960 Service scanning
08:11:34.418 Modules scanning
08:11:34.418 Disk 0 trace - called modules:
08:11:34.433 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
08:11:34.449 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005ffa490]
08:11:34.464 3 CLASSPNP.SYS[fffff8800149943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005ef2050]
08:11:36.742 AVAST engine scan C:\Windows
08:11:40.611 AVAST engine scan C:\Windows\system32
08:15:25.799 AVAST engine scan C:\Windows\system32\drivers
08:15:50.151 AVAST engine scan C:\Users\Kris and S
08:38:22.600 Disk 0 MBR has been saved successfully to "C:\Users\Kris and S\Desktop\MBR.dat"
08:38:22.600 The log file has been saved successfully to "C:\Users\Kris and S\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 PM

Posted 17 November 2012 - 09:09 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 swindlersb

swindlersb
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 17 November 2012 - 02:56 PM

Don't know if this is related or not but when I moved the mouse to wake up the PC earlier, it got a blue screen while starting up. The error message was "Driver_IRQL_NOT_LESS_OR_EQUAL.
No real problems after it woke up.

Did what you suggested, here's the Combofix report. Let me know what next.

ComboFix 12-11-16.02 - Kris and S 11/17/2012 14:44:44.7.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.4330 [GMT -5:00]
Running from: c:\users\Kris and S\Desktop\ComboFix.exe
Command switches used :: c:\users\Kris and S\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-17 to 2012-11-17 )))))))))))))))))))))))))))))))
.
.
2012-11-17 19:50 . 2012-11-17 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-16 08:15 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 08:15 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 08:15 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 08:15 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 08:02 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 08:02 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 08:02 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 08:02 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 08:02 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 08:02 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 08:02 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 03:08 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-13 00:16 . 2012-11-13 00:16 -------- d-----w- c:\users\Kris and S\AppData\Local\eMusic
2012-11-13 00:16 . 2012-11-13 00:16 -------- d-----w- c:\program files (x86)\eMusic Download Manager 6
2012-11-07 03:05 . 2012-11-16 10:05 -------- d-----w- c:\users\Kris and S\AppData\Local\CrashDumps
2012-11-07 03:03 . 2012-11-07 03:03 -------- d-----w- c:\windows\en
2012-11-07 03:01 . 2012-09-12 20:20 57856 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-11-07 03:01 . 2012-11-07 03:01 -------- d-----w- c:\program files\Windows Live
2012-11-07 03:00 . 2010-06-02 09:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-11-07 03:00 . 2010-06-02 09:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2012-11-07 03:00 . 2010-06-02 09:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2012-11-07 03:00 . 2010-06-02 09:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-11-07 03:00 . 2010-05-26 16:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-11-07 03:00 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-11-07 03:00 . 2010-05-26 16:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-11-07 03:00 . 2010-05-26 16:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-11-07 02:59 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2012-11-07 02:59 . 2009-09-04 22:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-11-07 02:57 . 2012-11-07 02:57 -------- d-----r- c:\users\Kris and S\SkyDrive
2012-11-07 02:57 . 2012-11-07 02:57 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2012-11-07 02:57 . 2012-11-07 02:57 5659096 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\968338a71cdbc9305\skydrivesetup.exe
2012-11-07 02:57 . 2012-11-07 02:57 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-11-07 02:57 . 2012-11-07 02:57 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\93dd93d91cdbc9304\DXSETUP.exe
2012-11-07 02:57 . 2012-11-07 02:57 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\93dd93d91cdbc9304\dsetup32.dll
2012-11-07 02:57 . 2012-11-07 02:57 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\93dd93d91cdbc9304\DSETUP.dll
2012-11-07 02:57 . 2012-11-07 02:57 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\918a7be21cdbc9303\DSETUP.dll
2012-11-07 02:57 . 2012-11-07 02:57 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\918a7be21cdbc9303\DXSETUP.exe
2012-11-07 02:57 . 2012-11-07 02:57 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\918a7be21cdbc9303\dsetup32.dll
2012-11-07 02:56 . 2012-11-07 02:56 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8c1a93411cdbc9301\DSETUP.dll
2012-11-07 02:56 . 2012-11-07 02:56 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8c1a93411cdbc9301\DXSETUP.exe
2012-11-07 02:56 . 2012-11-07 02:56 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8c1a93411cdbc9301\dsetup32.dll
2012-11-07 02:56 . 2012-11-07 03:07 -------- d-----w- C:\Firefox
2012-11-07 02:46 . 2012-11-07 02:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-07 02:45 . 2012-11-07 02:45 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-07 02:45 . 2012-11-07 02:45 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-07 02:44 . 2012-11-07 02:44 -------- d-----w- c:\programdata\McAfee
2012-11-06 01:39 . 2012-11-06 01:39 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-11-04 04:44 . 2012-11-04 12:45 -------- d-----w- c:\users\Kris and S\AppData\Local\NPE
2012-11-04 04:44 . 2012-11-04 04:44 -------- d-----w- c:\programdata\Norton
2012-11-03 04:44 . 2012-11-03 04:44 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-11-03 04:35 . 2012-11-03 04:35 208216 ----a-w- c:\windows\system32\drivers\18395049.sys
2012-11-03 04:33 . 2012-11-03 04:33 -------- d-----w- C:\STOPzilla!
2012-11-03 04:25 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-03 04:25 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-03 04:25 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-03 04:25 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-03 04:25 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-03 04:25 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-03 04:25 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-03 04:25 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-03 04:25 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-03 04:25 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-11-03 04:25 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-11-03 01:54 . 2012-11-03 01:54 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-11-03 01:39 . 2012-11-03 01:39 -------- d-----w- c:\users\Kris and S\AppData\Local\Symantec
2012-11-03 01:39 . 2012-11-03 01:39 -------- d-----w- c:\program files\Symantec
2012-11-03 01:39 . 2012-11-03 01:39 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-11-03 01:39 . 2012-11-03 01:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-11-03 00:28 . 2012-11-03 00:28 208216 ----a-w- c:\windows\system32\drivers\57672846.sys
2012-11-02 10:34 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34E291F7-15AD-4445-A318-A6DFB22C417E}\mpengine.dll
2012-11-02 04:32 . 2012-11-02 04:32 -------- d-----w- c:\program files (x86)\ESET
2012-11-02 04:21 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 04:19 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-11-02 04:19 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-11-02 04:19 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-11-02 04:19 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-11-02 03:53 . 2012-11-02 03:53 208216 ----a-w- c:\windows\system32\drivers\69687655.sys
2012-11-02 02:19 . 2012-11-07 03:09 -------- d-----w- c:\program files\CCleaner
2012-10-30 12:34 . 2012-10-30 17:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-30 11:48 . 2012-10-31 10:16 -------- d-----w- c:\program files\HitmanPro
2012-10-30 11:47 . 2012-11-02 01:57 -------- d-----w- c:\programdata\HitmanPro
2012-10-29 15:40 . 2012-11-04 00:13 -------- d-----w- c:\programdata\STOPzilla!
2012-10-29 15:40 . 2012-11-04 00:13 -------- d-----w- c:\program files (x86)\STOPzilla!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 08:02 . 2011-05-03 00:49 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-07 03:10 . 2012-04-09 01:28 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-07 03:10 . 2011-06-17 10:17 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-29 23:54 . 2011-11-12 12:07 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-12 21:07 . 2012-09-12 21:07 58368 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-09-12 20:57 . 2012-09-12 20:57 322048 ----a-w- c:\windows\WLXPGSS.SCR
2012-08-21 17:01 . 2012-09-22 04:27 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2011-05-02 02:10 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2011-05-02 02:10 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-11-02 04:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-07 02:57 220632 ----a-w- c:\users\Kris and S\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-07 02:57 220632 ----a-w- c:\users\Kris and S\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-07 02:57 220632 ----a-w- c:\users\Kris and S\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
Icatch(VI) SnapDetect.lnk - c:\windows\Twain_32\CA561A\SnapDetect.exe [2012-1-22 65536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-11-12 108904]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-11-13 17152]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SyDvCtrl;SyDvCtrl;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys [2011-10-30 29664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-03 1255736]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS [2011-10-30 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS [2011-10-30 931448]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Kris and S\Documents\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-07-23 23208]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20121031.011\BHDrvx64.sys [2012-10-24 1384608]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20121116.001\IDSvia64.sys [2012-10-02 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS [2011-10-30 171128]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS [2011-10-30 386168]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [2011-10-30 137224]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-03 138912]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 03:10]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16 18:19]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16 18:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-07 02:57 244696 ----a-w- c:\users\Kris and S\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-07 02:57 244696 ----a-w- c:\users\Kris and S\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-07 02:57 244696 ----a-w- c:\users\Kris and S\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?PC=BNHP
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll
AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-17 14:52:36
ComboFix-quarantined-files.txt 2012-11-17 19:52
ComboFix2.txt 2012-11-17 12:15
.
Pre-Run: 775,360,315,392 bytes free
Post-Run: 775,590,129,664 bytes free
.
- - End Of File - - C68141C1A6565BFD516E549DE5E50240

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 PM

Posted 17 November 2012 - 04:07 PM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 swindlersb

swindlersb
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 17 November 2012 - 07:00 PM

Here is the MBAM log file:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.16.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kris and S :: KRISANDS-PC [administrator]

11/17/2012 4:19:13 PM
mbam-log-2012-11-17 (16-19-13).txt

Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 396971
Time elapsed: 2 hour(s), 21 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Here is the hijackthis file
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:58:24 PM, on 11/17/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Kris and S\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=BNHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10749 bytes

No real problems other than the following:
Don't know if this is related or not but when I moved the mouse to wake up the PC earlier, it got a blue screen while starting up. The error message was "Driver_IRQL_NOT_LESS_OR_EQUAL.
No performance problems after it woke up.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 PM

Posted 17 November 2012 - 07:08 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
      O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 swindlersb

swindlersb
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 18 November 2012 - 07:36 AM

Done.
Kept ituneshelper.

Found one thing during ESET scan
C:\Program Files (x86)\GridinSoft Trojan Killer\trojankiller.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users