Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe*32 winrscmde


  • This topic is locked This topic is locked
15 replies to this topic

#1 thoeing

thoeing

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 30 November 2012 - 07:05 PM

I recently had a Norton popup that alerted me about winrscmde utilizing CPU resources. About the same time I noticed that webpages were taking longer than usual to load. I started task manager and found the svchost.exe*32 with description "winrscmde" using memory and CPU. A google search has led me here, humbly asking assistance in removing this trojan.



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by TIM3 at 17:40:10 on 2012-11-30
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8169.5490 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\SEFlex\Program\lmgrd.exe
C:\SEFlex\Program\lmgrd.exe
C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe
C:\SEFlex\Program\selmd.exe
C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbarsvc.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\SecCopy\SecCopy.exe
C:\Windows\System32\StikyNot.exe
C:\Users\TIM3\AppData\Local\Akamai\netsession_win.exe
C:\Users\TIM3\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Intel\Intel Desktop Utilities\iptray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = <local>
uURLSearchHooks: <No Name>: {3c35ad63-af1d-4e21-b484-b6651a8efcf9} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Toolbar BHO: {48909954-14fb-4971-a7b3-47e7af10b38a} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll
BHO: Search Assistant BHO: {5848763c-2668-44ca-adbe-2999a6ee2858} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
TB: RadioRage: {78ba36c9-6036-482b-b48d-ecca6f964b84} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll
uRun: [Second Copy 2000] "C:\Program Files (x86)\SecCopy\SecCopy.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Akamai NetSession Interface] "C:\Users\TIM3\AppData\Local\Akamai\netsession_win.exe"
uRun: [3Dconnexion_Inc] rundll32.exe "C:\Users\TIM3\AppData\Local\Adobe\3Dconnexion_Inc\hsvrfofvs.dll",svn_lock_createW
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ipTray.exe] "C:\Program Files (x86)\Intel\Intel Desktop Utilities\ipTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RadioRage Search Scope Monitor] "C:\PROGRA~2\RADIOR~2\bar\1.bin\4jsrchmn.exe" /m=2 /w /h
mRun: [RadioRage_4j Browser Plugin Loader] C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbrmon.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
StartupFolder: C:\Users\TIM3\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PRINTE~1.LNK - C:\Program Files (x86)\EPSON\EPSON LFP Remote Panel\Stylus Pro 3880\Printer Watcher\Printer Watcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\START3~1.LNK - C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - hxxp://dl-ak.solidworks.com/nonsecure/edrawings/e2012sp01/12.1.0.130/cab//eModelsStandard.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/webex/ieatgpc1.cab
TCP: NameServer = 74.40.74.40 74.40.74.41
TCP: Interfaces\{4FD0BDCC-898D-4D4C-8C81-CCC7BE05B1BB} : DHCPNameServer = 74.40.74.40 74.40.74.41
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
x64-DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.4.24.0.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys [2012-10-1 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys [2012-10-1 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys [2012-10-1 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20121129.001\IDSviA64.sys [2012-11-29 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys [2012-10-1 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys [2012-10-1 405624]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2011-11-3 65024]
R2 FLEXlm License Manager;FLEXlm License Manager;C:\SEFlex\Program\lmgrd.exe [2011-8-2 1379664]
R2 IduService;Intel® Desktop Utilities Service;C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe [2011-8-19 132808]
R2 Intel® Desktop Boards FSC Application Service;Intel® Desktop Boards FSC Application Service;C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe [2011-8-19 61440]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-10-15 171688]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-23 212944]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272]
R2 RadioRage_4jService;RadioRageService;C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbarsvc.exe [2012-3-9 42504]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2011-10-15 145448]
R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-9-17 369952]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-9-17 292128]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-15 2656280]
R2 Viewpoint Service;Viewpoint Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2011-11-17 30152]
R3 cpuio;CPUIO Service;C:\Windows\SysWOW64\drivers\cpuiox64.sys [2011-10-15 15384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-15 138912]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\System32\drivers\SNTUSB64.SYS [2009-9-17 58792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-15 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-30 13:33:21 -------- d-----w- C:\Users\TIM3\AppData\Local\{9757753D-D104-4050-9A10-781CE38497D5}
2012-11-30 01:14:25 -------- d-----w- C:\Users\TIM3\AppData\Local\{038CDBF5-4E0A-4E89-A2F2-95DAB3C8AECD}
2012-11-29 13:00:41 -------- d-----w- C:\Users\TIM3\AppData\Local\{330B01F5-09A0-40A3-A3A3-895FDBC4E09D}
2012-11-29 01:00:17 -------- d-----w- C:\Users\TIM3\AppData\Local\{E6F06E15-197F-435C-A813-5EE10F94FF51}
2012-11-28 20:59:27 -------- d-----w- C:\Users\TIM3\AppData\Local\Autodesk
2012-11-28 20:56:55 -------- d-----w- C:\Program Files (x86)\Autodesk
2012-11-28 20:54:06 -------- d-----w- C:\Users\TIM3\AppData\Local\Akamai
2012-11-28 20:53:14 -------- d-----w- C:\Program Files (x86)\Common Files\Akamai
2012-11-28 12:59:51 -------- d-----w- C:\Users\TIM3\AppData\Local\{BFC9FD3C-9893-4E82-B0BD-E6696A311FDE}
2012-11-28 01:06:48 20480 ----a-w- C:\Windows\svchost.exe
2012-11-27 13:13:45 -------- d-----w- C:\Users\TIM3\AppData\Local\{D4DA8945-B319-498C-9606-0EE7FD904F40}
2012-11-27 01:13:22 -------- d-----w- C:\Users\TIM3\AppData\Local\{342AF574-5EEC-4006-BC82-3ACB8D71CBC5}
2012-11-26 13:12:47 -------- d-----w- C:\Users\TIM3\AppData\Local\{A2291987-865F-4A4F-9B6F-6696FEE39E84}
2012-11-26 01:12:24 -------- d-----w- C:\Users\TIM3\AppData\Local\{32740BA8-F43F-467F-AE96-C0C28C78F496}
2012-11-25 13:11:49 -------- d-----w- C:\Users\TIM3\AppData\Local\{39466AE0-5D8C-4DAE-B3EC-7DC677D1AC36}
2012-11-25 01:11:26 -------- d-----w- C:\Users\TIM3\AppData\Local\{17249556-A442-44F1-B02B-DA660A2AD638}
2012-11-24 13:11:03 -------- d-----w- C:\Users\TIM3\AppData\Local\{67FD3211-1444-4DFC-A106-D258A00D0AAD}
2012-11-24 01:10:41 -------- d-----w- C:\Users\TIM3\AppData\Local\{AC7D19D3-FC8E-4EE9-9AAC-981357048CC3}
2012-11-23 13:10:18 -------- d-----w- C:\Users\TIM3\AppData\Local\{4A5E322A-6587-4808-A973-93B842A40478}
2012-11-23 01:09:55 -------- d-----w- C:\Users\TIM3\AppData\Local\{C6122FC1-708C-4B64-B330-AE73E7B09E82}
2012-11-22 13:09:32 -------- d-----w- C:\Users\TIM3\AppData\Local\{E2FEA086-A32B-4D87-9981-1479B30520E4}
2012-11-22 01:09:08 -------- d-----w- C:\Users\TIM3\AppData\Local\{A2F75143-C740-44B2-86AC-93013F587EA6}
2012-11-21 13:08:45 -------- d-----w- C:\Users\TIM3\AppData\Local\{80AA32B5-C220-4421-B98D-16B4889D1378}
2012-11-21 01:08:23 -------- d-----w- C:\Users\TIM3\AppData\Local\{15D74C9B-A6EE-429B-B93F-649F34C55E08}
2012-11-20 13:08:00 -------- d-----w- C:\Users\TIM3\AppData\Local\{6DB80BD8-84C6-41B4-AC9F-4E33721A3417}
2012-11-20 01:07:37 -------- d-----w- C:\Users\TIM3\AppData\Local\{E00A176B-8B97-4B95-9653-004BC4AD1D21}
2012-11-19 13:07:14 -------- d-----w- C:\Users\TIM3\AppData\Local\{3A095D78-0606-4209-BB9C-5DD66A5A60D1}
2012-11-19 01:06:39 -------- d-----w- C:\Users\TIM3\AppData\Local\{1E7DA3CB-CEE3-4AA5-A9A1-52768D761E4C}
2012-11-18 13:06:17 -------- d-----w- C:\Users\TIM3\AppData\Local\{7B2C0E31-82B5-446F-802F-277290F56BED}
2012-11-18 01:05:54 -------- d-----w- C:\Users\TIM3\AppData\Local\{763661B2-EC2A-428E-A476-DF4C539CC6B9}
2012-11-17 13:05:31 -------- d-----w- C:\Users\TIM3\AppData\Local\{6F5DD888-C346-4A27-A12C-E218CAFFF2B8}
2012-11-17 01:05:07 -------- d-----w- C:\Users\TIM3\AppData\Local\{D5BB37AF-CBEC-4441-9E5C-9A01BBDD7333}
2012-11-16 13:04:45 -------- d-----w- C:\Users\TIM3\AppData\Local\{FC2C84EE-75D5-4CC7-AC00-AD266F07D11B}
2012-11-16 01:04:22 -------- d-----w- C:\Users\TIM3\AppData\Local\{873DBE54-133D-4435-A757-EED038E3950D}
2012-11-15 13:03:59 -------- d-----w- C:\Users\TIM3\AppData\Local\{1D487CC5-57EE-40FE-A855-0F143AACC32B}
2012-11-15 01:03:35 -------- d-----w- C:\Users\TIM3\AppData\Local\{A3D70EC5-EED8-4DCF-9466-748166C16B0B}
2012-11-14 13:03:12 -------- d-----w- C:\Users\TIM3\AppData\Local\{FD0756EE-8C10-4560-9C76-1AB831BA0CAC}
2012-11-14 08:03:03 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-14 08:03:03 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-14 08:03:03 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-14 08:03:03 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-14 03:14:39 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-11-14 03:14:39 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-11-14 03:14:39 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-11-14 03:14:39 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-11-14 03:14:37 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 03:13:07 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-11-14 03:13:07 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2012-11-14 03:13:07 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-11-14 03:13:07 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-11-14 03:13:07 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-11-14 03:13:07 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-11-14 03:13:07 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-11-14 03:13:07 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-11-14 03:13:06 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-11-14 03:13:06 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-11-14 03:13:06 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-11-14 03:13:06 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-11-14 03:08:36 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-14 03:08:36 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-13 21:23:18 -------- d-----w- C:\Users\TIM3\AppData\Local\{0D5AC0FF-1F68-441D-A5F2-508A7C3336A6}
2012-11-13 09:22:56 -------- d-----w- C:\Users\TIM3\AppData\Local\{88F9C1C9-37E7-4083-B8F5-638E09A86887}
2012-11-12 22:26:40 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2012-11-12 22:26:40 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-11-12 22:26:28 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2012-11-12 22:26:25 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-11-12 21:22:33 -------- d-----w- C:\Users\TIM3\AppData\Local\{D279AC12-69FC-4B5F-A53F-07EE53E195A1}
2012-11-12 09:22:10 -------- d-----w- C:\Users\TIM3\AppData\Local\{42776D43-D979-459A-95EE-3888E1285A59}
2012-11-11 22:02:06 -------- d-----r- C:\Users\TIM3\Dropbox
2012-11-11 22:00:04 -------- d-----w- C:\Users\TIM3\AppData\Roaming\Dropbox
2012-11-11 21:21:48 -------- d-----w- C:\Users\TIM3\AppData\Local\{021BBBAD-9744-4896-8A1A-BA26F8989180}
2012-11-10 01:54:02 -------- d-----w- C:\Users\TIM3\AppData\Local\{D5D12866-F79D-4C85-BE65-59526BB8C63A}
2012-11-09 13:53:40 -------- d-----w- C:\Users\TIM3\AppData\Local\{7C12C151-F0D1-44BE-BE77-855903A940BE}
2012-11-09 01:53:17 -------- d-----w- C:\Users\TIM3\AppData\Local\{805B19C0-FAA3-43AB-8C0A-A6526368AE15}
2012-11-08 13:52:54 -------- d-----w- C:\Users\TIM3\AppData\Local\{98C8F918-DCC6-4C1A-A84F-F111518BDE57}
2012-11-08 01:52:31 -------- d-----w- C:\Users\TIM3\AppData\Local\{7965031C-DD94-472C-8CB7-49271F2A1944}
2012-11-07 13:52:09 -------- d-----w- C:\Users\TIM3\AppData\Local\{AED9221B-C470-4B64-8B1C-68901BE3FD89}
2012-11-07 01:51:46 -------- d-----w- C:\Users\TIM3\AppData\Local\{F7ECC6B6-9B3D-4B34-991D-7EEA016A41A3}
2012-11-06 13:51:23 -------- d-----w- C:\Users\TIM3\AppData\Local\{DCB107D9-7CAA-4611-8404-A9718F8BEA75}
2012-11-06 01:51:01 -------- d-----w- C:\Users\TIM3\AppData\Local\{85361D06-C94D-4519-A63B-6645402D40B9}
2012-11-05 13:50:38 -------- d-----w- C:\Users\TIM3\AppData\Local\{726DD87C-1D35-46F9-A2B2-D8597253B7ED}
2012-11-05 01:50:15 -------- d-----w- C:\Users\TIM3\AppData\Local\{3A8F0EB4-3373-4468-892E-A808806C3CDB}
2012-11-04 13:49:53 -------- d-----w- C:\Users\TIM3\AppData\Local\{70045A3A-206F-4CC6-B02A-5935ED20D6B7}
2012-11-04 01:49:30 -------- d-----w- C:\Users\TIM3\AppData\Local\{CED7DB04-23F4-49B9-A908-0B46E60929D9}
2012-11-03 13:49:07 -------- d-----w- C:\Users\TIM3\AppData\Local\{CB762AFF-FF32-4EC6-85B7-27A513BD8A6E}
2012-11-03 01:48:45 -------- d-----w- C:\Users\TIM3\AppData\Local\{072C6D99-6601-43CC-BEAE-DAEE857BCC03}
2012-11-02 13:48:22 -------- d-----w- C:\Users\TIM3\AppData\Local\{DAEEAFA2-4AE3-4CA0-AD86-0D8FDF16B5C5}
2012-11-02 01:47:59 -------- d-----w- C:\Users\TIM3\AppData\Local\{2FA83F79-C45B-41D2-A12E-496EFA3CB4F4}
2012-11-01 13:47:37 -------- d-----w- C:\Users\TIM3\AppData\Local\{6444AD7A-CBD9-478E-BD64-E7365F2AD281}
2012-11-01 01:47:14 -------- d-----w- C:\Users\TIM3\AppData\Local\{41B35A6F-7064-411A-AAB7-90770133F6DF}
.
==================== Find3M ====================
.
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-11 02:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-10-11 02:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-10-11 02:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-10-11 02:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-10-11 02:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-10-11 02:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-10-11 02:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-10-11 02:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 866664 ----a-w- C:\Windows\System32\nv3dappshext.dll
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 55144 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2012-10-02 19:50:57 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-02 18:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-10 23:27:12 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-10 23:27:12 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 17:40:20.64 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:16 AM

Posted 30 November 2012 - 07:55 PM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 thoeing

thoeing
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 30 November 2012 - 08:20 PM

Thank you for your help CatByte.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012 (ATTENTION: FRST version is 7 days old)
Ran by SYSTEM at 30-11-2012 20:16:08
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12681320 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [2041192 2012-10-10] ()
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2009-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ipTray.exe] "C:\Program Files (x86)\Intel\Intel Desktop Utilities\ipTray.exe" [1631944 2011-08-19] (Intel® Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [RadioRage Search Scope Monitor] "C:\PROGRA~2\RADIOR~2\bar\1.bin\4jsrchmn.exe" /m=2 /w /h [42536 2012-03-09] (MindSpark)
HKLM-x32\...\Run: [RadioRage_4j Browser Plugin Loader] C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbrmon.exe [30096 2012-03-09] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2012-06-28] (Nullsoft, Inc.)
HKU\TIM3\...\Run: [Second Copy 2000] "C:\Program Files (x86)\SecCopy\SecCopy.exe" [1099776 1999-11-02] (Centered Systems)
HKU\TIM3\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\TIM3\...\Run: [Akamai NetSession Interface] "C:\Users\TIM3\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\TIM3\...\Run: [3Dconnexion_Inc] rundll32.exe "C:\Users\TIM3\AppData\Local\Adobe\3Dconnexion_Inc\hsvrfofvs.dll",svn_lock_createW [x]
Tcpip\Parameters: [DhcpNameServer] 74.40.74.40 74.40.74.41
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Printer Watcher3.60.lnk
ShortcutTarget: Printer Watcher3.60.lnk -> C:\Program Files (x86)\EPSON\EPSON LFP Remote Panel\Stylus Pro 3880\Printer Watcher\Printer Watcher.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Start 3DxWare.lnk
ShortcutTarget: Start 3DxWare.lnk -> C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe (3Dconnexion, INC)
Startup: C:\Users\TIM3\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ===================

2 FLEXlm License Manager; C:\SEFlex\Program\lmgrd.exe [1379664 2011-08-02] (Flexera Software, Inc.)
2 IduService; "C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe" [132808 2011-08-19] (Intel® Corporation)
2 Intel® Desktop Boards FSC Application Service; C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe [61440 2011-08-19] (Intel Corporation)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 RadioRage_4jService; C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbarsvc.exe [42504 2012-03-09] (COMPANYVERS_NAME)
2 SentinelKeysServer; "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [369952 2009-09-16] (SafeNet, Inc.)
2 SentinelProtectionServer; "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" [1246496 2009-09-17] (SafeNet, Inc)
2 SentinelSecurityRuntime; "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe" [292128 2009-09-16] (SafeNet, Inc.)
2 Viewpoint Service; "C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe" [30152 2008-04-04] (Viewpoint Corporation)
2 Akamai; C:/Program Files (x86)/Common Files/Akamai/netsession_win_ce5ba24.dll [x]

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [1384608 2012-10-23] (Symantec Corporation)
1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
3 cpuio; \??\C:\Windows\SysWOW64\Drivers\cpuiox64.sys [15384 2011-10-15] (Intel Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-15] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20121129.001\IDSvia64.sys [513184 2012-09-06] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20121130.002\ENG64.SYS [126112 2012-11-30] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20121130.002\EX64.SYS [2084000 2012-11-30] (Symantec Corporation)
2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
3 SNTUSB64; C:\Windows\System32\Drivers\SNTUSB64.sys [58792 2009-09-17] (SafeNet, Inc.)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1309000.009\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1309000.009\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-22] (Symantec Corporation)
1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43640 2011-11-23] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-30 14:40 - 2012-11-30 14:42 - 00025894 ____A C:\Users\TIM3\Desktop\dds.txt
2012-11-30 14:40 - 2012-11-30 14:42 - 00008010 ____A C:\Users\TIM3\Desktop\attach.txt
2012-11-30 14:39 - 2012-11-30 14:39 - 00688992 ____R (Swearware) C:\Users\TIM3\Desktop\dds.com
2012-11-30 05:33 - 2012-11-30 05:33 - 00000000 ____D C:\Users\TIM3\AppData\Local\{9757753D-D104-4050-9A10-781CE38497D5}
2012-11-29 17:14 - 2012-11-29 17:14 - 00000000 ____D C:\Users\TIM3\AppData\Local\{038CDBF5-4E0A-4E89-A2F2-95DAB3C8AECD}
2012-11-29 05:00 - 2012-11-29 05:01 - 00000000 ____D C:\Users\TIM3\AppData\Local\{330B01F5-09A0-40A3-A3A3-895FDBC4E09D}
2012-11-28 17:00 - 2012-11-28 17:00 - 00000000 ____D C:\Users\TIM3\AppData\Local\{E6F06E15-197F-435C-A813-5EE10F94FF51}
2012-11-28 12:59 - 2012-11-28 12:59 - 00000000 ____D C:\Users\TIM3\AppData\Local\Autodesk
2012-11-28 12:56 - 2012-11-28 12:56 - 00002179 ____A C:\Users\Public\Desktop\Autodesk Design Review 2013.lnk
2012-11-28 12:56 - 2012-11-28 12:56 - 00000000 ____D C:\Program Files (x86)\Autodesk
2012-11-28 12:54 - 2012-11-28 12:54 - 00000000 ____D C:\Users\TIM3\AppData\Local\Akamai
2012-11-28 12:52 - 2012-11-28 12:52 - 01366960 ____A (Autodesk, Inc.) C:\Users\TIM3\Downloads\AutodeskDesignRevSetup.exe
2012-11-28 04:59 - 2012-11-28 05:00 - 00000000 ____D C:\Users\TIM3\AppData\Local\{BFC9FD3C-9893-4E82-B0BD-E6696A311FDE}
2012-11-27 17:06 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-11-27 05:13 - 2012-11-27 05:14 - 00000000 ____D C:\Users\TIM3\AppData\Local\{D4DA8945-B319-498C-9606-0EE7FD904F40}
2012-11-26 17:13 - 2012-11-26 17:13 - 00000000 ____D C:\Users\TIM3\AppData\Local\{342AF574-5EEC-4006-BC82-3ACB8D71CBC5}
2012-11-26 05:12 - 2012-11-26 05:13 - 00000000 ____D C:\Users\TIM3\AppData\Local\{A2291987-865F-4A4F-9B6F-6696FEE39E84}
2012-11-25 17:12 - 2012-11-25 17:12 - 00000000 ____D C:\Users\TIM3\AppData\Local\{32740BA8-F43F-467F-AE96-C0C28C78F496}
2012-11-25 05:11 - 2012-11-25 05:12 - 00000000 ____D C:\Users\TIM3\AppData\Local\{39466AE0-5D8C-4DAE-B3EC-7DC677D1AC36}
2012-11-24 17:11 - 2012-11-24 17:11 - 00000000 ____D C:\Users\TIM3\AppData\Local\{17249556-A442-44F1-B02B-DA660A2AD638}
2012-11-24 05:11 - 2012-11-24 05:11 - 00000000 ____D C:\Users\TIM3\AppData\Local\{67FD3211-1444-4DFC-A106-D258A00D0AAD}
2012-11-23 17:10 - 2012-11-23 17:11 - 00000000 ____D C:\Users\TIM3\AppData\Local\{AC7D19D3-FC8E-4EE9-9AAC-981357048CC3}
2012-11-23 05:10 - 2012-11-23 05:10 - 00000000 ____D C:\Users\TIM3\AppData\Local\{4A5E322A-6587-4808-A973-93B842A40478}
2012-11-22 17:09 - 2012-11-22 17:10 - 00000000 ____D C:\Users\TIM3\AppData\Local\{C6122FC1-708C-4B64-B330-AE73E7B09E82}
2012-11-22 05:09 - 2012-11-22 05:09 - 00000000 ____D C:\Users\TIM3\AppData\Local\{E2FEA086-A32B-4D87-9981-1479B30520E4}
2012-11-21 17:09 - 2012-11-21 17:09 - 00000000 ____D C:\Users\TIM3\AppData\Local\{A2F75143-C740-44B2-86AC-93013F587EA6}
2012-11-21 05:08 - 2012-11-21 05:09 - 00000000 ____D C:\Users\TIM3\AppData\Local\{80AA32B5-C220-4421-B98D-16B4889D1378}
2012-11-20 17:08 - 2012-11-20 17:08 - 00000000 ____D C:\Users\TIM3\AppData\Local\{15D74C9B-A6EE-429B-B93F-649F34C55E08}
2012-11-20 05:08 - 2012-11-20 05:08 - 00000000 ____D C:\Users\TIM3\AppData\Local\{6DB80BD8-84C6-41B4-AC9F-4E33721A3417}
2012-11-19 17:07 - 2012-11-19 17:07 - 00000000 ____D C:\Users\TIM3\AppData\Local\{E00A176B-8B97-4B95-9653-004BC4AD1D21}
2012-11-19 05:07 - 2012-11-19 05:07 - 00000000 ____D C:\Users\TIM3\AppData\Local\{3A095D78-0606-4209-BB9C-5DD66A5A60D1}
2012-11-18 17:06 - 2012-11-18 17:07 - 00000000 ____D C:\Users\TIM3\AppData\Local\{1E7DA3CB-CEE3-4AA5-A9A1-52768D761E4C}
2012-11-18 05:06 - 2012-11-18 05:06 - 00000000 ____D C:\Users\TIM3\AppData\Local\{7B2C0E31-82B5-446F-802F-277290F56BED}
2012-11-17 17:05 - 2012-11-17 17:06 - 00000000 ____D C:\Users\TIM3\AppData\Local\{763661B2-EC2A-428E-A476-DF4C539CC6B9}
2012-11-17 05:05 - 2012-11-17 05:05 - 00000000 ____D C:\Users\TIM3\AppData\Local\{6F5DD888-C346-4A27-A12C-E218CAFFF2B8}
2012-11-16 17:05 - 2012-11-16 17:05 - 00000000 ____D C:\Users\TIM3\AppData\Local\{D5BB37AF-CBEC-4441-9E5C-9A01BBDD7333}
2012-11-16 05:04 - 2012-11-16 05:05 - 00000000 ____D C:\Users\TIM3\AppData\Local\{FC2C84EE-75D5-4CC7-AC00-AD266F07D11B}
2012-11-15 17:04 - 2012-11-15 17:04 - 00000000 ____D C:\Users\TIM3\AppData\Local\{873DBE54-133D-4435-A757-EED038E3950D}
2012-11-15 05:36 - 2012-11-15 05:36 - 00042458 ____A C:\Users\TIM3\Documents\RON PAUL FAREWELL.odt
2012-11-15 05:03 - 2012-11-15 05:04 - 00000000 ____D C:\Users\TIM3\AppData\Local\{1D487CC5-57EE-40FE-A855-0F143AACC32B}
2012-11-14 17:03 - 2012-11-14 17:03 - 00000000 ____D C:\Users\TIM3\AppData\Local\{A3D70EC5-EED8-4DCF-9466-748166C16B0B}
2012-11-14 05:03 - 2012-11-14 05:03 - 00000000 ____D C:\Users\TIM3\AppData\Local\{FD0756EE-8C10-4560-9C76-1AB831BA0CAC}
2012-11-14 00:03 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-14 00:03 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-14 00:03 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-14 00:03 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-14 00:00 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-14 00:00 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-14 00:00 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-14 00:00 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-14 00:00 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-14 00:00 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-14 00:00 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-14 00:00 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-14 00:00 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-14 00:00 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-14 00:00 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-14 00:00 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-14 00:00 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-14 00:00 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-14 00:00 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-14 00:00 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-14 00:00 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-14 00:00 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-14 00:00 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-14 00:00 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-14 00:00 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-14 00:00 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-14 00:00 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-14 00:00 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-14 00:00 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-14 00:00 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-14 00:00 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-14 00:00 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-14 00:00 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-14 00:00 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-14 00:00 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-14 00:00 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-14 00:00 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-14 00:00 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-14 00:00 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-14 00:00 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-14 00:00 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 00:00 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-14 00:00 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-14 00:00 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-13 19:14 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-13 19:14 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-13 19:14 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-13 19:14 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-13 19:14 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-13 19:13 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-13 19:13 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-13 19:13 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-13 19:13 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-13 19:13 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-13 19:13 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-13 19:13 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-13 19:13 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-13 19:13 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-13 19:13 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-13 19:13 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-13 19:13 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-13 19:08 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-13 19:08 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-13 13:23 - 2012-11-13 13:23 - 00000000 ____D C:\Users\TIM3\AppData\Local\{0D5AC0FF-1F68-441D-A5F2-508A7C3336A6}
2012-11-13 01:22 - 2012-11-13 01:23 - 00000000 ____D C:\Users\TIM3\AppData\Local\{88F9C1C9-37E7-4083-B8F5-638E09A86887}
2012-11-12 14:26 - 2012-11-12 14:29 - 00000000 ____D C:\Users\TIM3\AppData\Roaming\Winamp
2012-11-12 14:26 - 2012-11-12 14:26 - 00000979 ____A C:\Users\Public\Desktop\Winamp.lnk
2012-11-12 14:26 - 2012-11-12 14:26 - 00000000 ____D C:\Program Files (x86)\Winamp Detect
2012-11-12 14:26 - 2012-11-12 14:26 - 00000000 ____D C:\Program Files (x86)\Winamp
2012-11-12 14:26 - 2009-09-04 14:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2012-11-12 14:26 - 2006-09-28 13:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2012-11-12 14:21 - 2012-11-12 14:22 - 12545384 ____A (Nullsoft, Inc.) C:\Users\TIM3\Downloads\winamp563_full_emusic-7plus_en-us.exe
2012-11-12 13:22 - 2012-11-12 13:22 - 00000000 ____D C:\Users\TIM3\AppData\Local\{D279AC12-69FC-4B5F-A53F-07EE53E195A1}
2012-11-12 01:22 - 2012-11-12 01:22 - 00000000 ____D C:\Users\TIM3\AppData\Local\{42776D43-D979-459A-95EE-3888E1285A59}
2012-11-11 14:02 - 2012-11-11 14:02 - 00000000 ___RD C:\Users\TIM3\Dropbox
2012-11-11 14:00 - 2012-11-14 00:20 - 00000000 ____D C:\Users\TIM3\AppData\Roaming\Dropbox
2012-11-11 13:21 - 2012-11-11 13:22 - 00000000 ____D C:\Users\TIM3\AppData\Local\{021BBBAD-9744-4896-8A1A-BA26F8989180}
2012-11-09 17:54 - 2012-11-09 17:54 - 00000000 ____D C:\Users\TIM3\AppData\Local\{D5D12866-F79D-4C85-BE65-59526BB8C63A}
2012-11-09 05:53 - 2012-11-09 05:54 - 00000000 ____D C:\Users\TIM3\AppData\Local\{7C12C151-F0D1-44BE-BE77-855903A940BE}
2012-11-08 17:53 - 2012-11-08 17:53 - 00000000 ____D C:\Users\TIM3\AppData\Local\{805B19C0-FAA3-43AB-8C0A-A6526368AE15}
2012-11-08 05:52 - 2012-11-08 05:53 - 00000000 ____D C:\Users\TIM3\AppData\Local\{98C8F918-DCC6-4C1A-A84F-F111518BDE57}
2012-11-07 17:52 - 2012-11-07 17:52 - 00000000 ____D C:\Users\TIM3\AppData\Local\{7965031C-DD94-472C-8CB7-49271F2A1944}
2012-11-07 05:52 - 2012-11-07 05:52 - 00000000 ____D C:\Users\TIM3\AppData\Local\{AED9221B-C470-4B64-8B1C-68901BE3FD89}
2012-11-06 17:51 - 2012-11-06 17:52 - 00000000 ____D C:\Users\TIM3\AppData\Local\{F7ECC6B6-9B3D-4B34-991D-7EEA016A41A3}
2012-11-06 05:51 - 2012-11-06 05:51 - 00000000 ____D C:\Users\TIM3\AppData\Local\{DCB107D9-7CAA-4611-8404-A9718F8BEA75}
2012-11-05 17:51 - 2012-11-05 17:51 - 00000000 ____D C:\Users\TIM3\AppData\Local\{85361D06-C94D-4519-A63B-6645402D40B9}
2012-11-05 05:50 - 2012-11-05 05:51 - 00000000 ____D C:\Users\TIM3\AppData\Local\{726DD87C-1D35-46F9-A2B2-D8597253B7ED}
2012-11-04 17:50 - 2012-11-04 17:50 - 00000000 ____D C:\Users\TIM3\AppData\Local\{3A8F0EB4-3373-4468-892E-A808806C3CDB}
2012-11-04 05:49 - 2012-11-04 05:50 - 00000000 ____D C:\Users\TIM3\AppData\Local\{70045A3A-206F-4CC6-B02A-5935ED20D6B7}
2012-11-03 17:49 - 2012-11-03 17:49 - 00000000 ____D C:\Users\TIM3\AppData\Local\{CED7DB04-23F4-49B9-A908-0B46E60929D9}
2012-11-03 05:49 - 2012-11-03 05:49 - 00000000 ____D C:\Users\TIM3\AppData\Local\{CB762AFF-FF32-4EC6-85B7-27A513BD8A6E}
2012-11-02 17:48 - 2012-11-02 17:49 - 00000000 ____D C:\Users\TIM3\AppData\Local\{072C6D99-6601-43CC-BEAE-DAEE857BCC03}
2012-11-02 07:23 - 2012-11-15 09:21 - 00000000 ____D C:\Users\TIM3\Desktop\temp greg
2012-11-02 05:48 - 2012-11-02 05:48 - 00000000 ____D C:\Users\TIM3\AppData\Local\{DAEEAFA2-4AE3-4CA0-AD86-0D8FDF16B5C5}
2012-11-01 17:47 - 2012-11-01 17:48 - 00000000 ____D C:\Users\TIM3\AppData\Local\{2FA83F79-C45B-41D2-A12E-496EFA3CB4F4}
2012-11-01 05:47 - 2012-11-01 05:47 - 00000000 ____D C:\Users\TIM3\AppData\Local\{6444AD7A-CBD9-478E-BD64-E7365F2AD281}
2012-10-31 17:47 - 2012-10-31 17:47 - 00000000 ____D C:\Users\TIM3\AppData\Local\{41B35A6F-7064-411A-AAB7-90770133F6DF}
2012-10-31 05:46 - 2012-10-31 05:47 - 00000000 ____D C:\Users\TIM3\AppData\Local\{1322A36F-23EE-401A-A274-5A210E74ACE7}


==================== One Month Modified Files and Folders =======

2012-11-30 20:15 - 2012-11-30 20:15 - 00000000 ____D C:\FRST
2012-11-30 17:10 - 2011-10-14 21:21 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-11-30 17:10 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-30 17:10 - 2009-07-13 20:51 - 00047857 ____A C:\Windows\setupact.log
2012-11-30 17:05 - 2011-10-15 11:55 - 01472692 ____A C:\Windows\WindowsUpdate.log
2012-11-30 17:02 - 2009-07-13 21:13 - 00872838 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-30 14:42 - 2012-11-30 14:40 - 00025894 ____A C:\Users\TIM3\Desktop\dds.txt
2012-11-30 14:42 - 2012-11-30 14:40 - 00008010 ____A C:\Users\TIM3\Desktop\attach.txt
2012-11-30 14:39 - 2012-11-30 14:39 - 00688992 ____R (Swearware) C:\Users\TIM3\Desktop\dds.com
2012-11-30 14:05 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-30 14:05 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-30 05:33 - 2012-11-30 05:33 - 00000000 ____D C:\Users\TIM3\AppData\Local\{9757753D-D104-4050-9A10-781CE38497D5}
2012-11-30 02:00 - 2011-10-19 04:19 - 00000000 ____D C:\Program Files (x86)\SecCopy
2012-11-29 17:14 - 2012-11-29 17:14 - 00000000 ____D C:\Users\TIM3\AppData\Local\{038CDBF5-4E0A-4E89-A2F2-95DAB3C8AECD}
2012-11-29 15:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-29 10:48 - 2011-10-14 21:46 - 00000000 ____D C:\Users\TIM3\AppData\Local\Adobe
2012-11-29 07:13 - 2011-10-17 10:18 - 00000000 ____D C:\PROJECTS
2012-11-29 05:01 - 2012-11-29 05:00 - 00000000 ____D C:\Users\TIM3\AppData\Local\{330B01F5-09A0-40A3-A3A3-895FDBC4E09D}
2012-11-28 17:00 - 2012-11-28 17:00 - 00000000 ____D C:\Users\TIM3\AppData\Local\{E6F06E15-197F-435C-A813-5EE10F94FF51}
2012-11-28 12:59 - 2012-11-28 12:59 - 00000000 ____D C:\Users\TIM3\AppData\Local\Autodesk
2012-11-28 12:59 - 2012-06-29 07:21 - 00000000 ____D C:\Users\TIM3\AppData\Roaming\Autodesk
2012-11-28 12:59 - 2012-06-29 07:21 - 00000000 ____D C:\Users\All Users\Autodesk
2012-11-28 12:56 - 2012-11-28 12:56 - 00002179 ____A C:\Users\Public\Desktop\Autodesk Design Review 2013.lnk
2012-11-28 12:56 - 2012-11-28 12:56 - 00000000 ____D C:\Program Files (x86)\Autodesk
2012-11-28 12:54 - 2012-11-28 12:54 - 00000000 ____D C:\Users\TIM3\AppData\Local\Akamai
2012-11-28 12:52 - 2012-11-28 12:52 - 01366960 ____A (Autodesk, Inc.) C:\Users\TIM3\Downloads\AutodeskDesignRevSetup.exe
2012-11-28 05:00 - 2012-11-28 04:59 - 00000000 ____D C:\Users\TIM3\AppData\Local\{BFC9FD3C-9893-4E82-B0BD-E6696A311FDE}
2012-11-27 18:34 - 2011-10-15 07:51 - 00007597 ____A C:\Users\TIM3\AppData\Local\Resmon.ResmonCfg
2012-11-27 17:05 - 2010-11-20 19:47 - 00010534 ____A C:\Windows\PFRO.log
2012-11-27 05:14 - 2012-11-27 05:13 - 00000000 ____D C:\Users\TIM3\AppData\Local\{D4DA8945-B319-498C-9606-0EE7FD904F40}
2012-11-26 17:13 - 2012-11-26 17:13 - 00000000 ____D C:\Users\TIM3\AppData\Local\{342AF574-5EEC-4006-BC82-3ACB8D71CBC5}
2012-11-26 05:13 - 2012-11-26 05:12 - 00000000 ____D C:\Users\TIM3\AppData\Local\{A2291987-865F-4A4F-9B6F-6696FEE39E84}
2012-11-25 17:12 - 2012-11-25 17:12 - 00000000 ____D C:\Users\TIM3\AppData\Local\{32740BA8-F43F-467F-AE96-C0C28C78F496}
2012-11-25 05:12 - 2012-11-25 05:11 - 00000000 ____D C:\Users\TIM3\AppData\Local\{39466AE0-5D8C-4DAE-B3EC-7DC677D1AC36}
2012-11-24 17:11 - 2012-11-24 17:11 - 00000000 ____D C:\Users\TIM3\AppData\Local\{17249556-A442-44F1-B02B-DA660A2AD638}
2012-11-24 05:11 - 2012-11-24 05:11 - 00000000 ____D C:\Users\TIM3\AppData\Local\{67FD3211-1444-4DFC-A106-D258A00D0AAD}
2012-11-23 17:11 - 2012-11-23 17:10 - 00000000 ____D C:\Users\TIM3\AppData\Local\{AC7D19D3-FC8E-4EE9-9AAC-981357048CC3}
2012-11-23 05:10 - 2012-11-23 05:10 - 00000000 ____D C:\Users\TIM3\AppData\Local\{4A5E322A-6587-4808-A973-93B842A40478}
2012-11-22 17:10 - 2012-11-22 17:09 - 00000000 ____D C:\Users\TIM3\AppData\Local\{C6122FC1-708C-4B64-B330-AE73E7B09E82}
2012-11-22 05:09 - 2012-11-22 05:09 - 00000000 ____D C:\Users\TIM3\AppData\Local\{E2FEA086-A32B-4D87-9981-1479B30520E4}
2012-11-21 17:09 - 2012-11-21 17:09 - 00000000 ____D C:\Users\TIM3\AppData\Local\{A2F75143-C740-44B2-86AC-93013F587EA6}
2012-11-21 05:09 - 2012-11-21 05:08 - 00000000 ____D C:\Users\TIM3\AppData\Local\{80AA32B5-C220-4421-B98D-16B4889D1378}
2012-11-20 17:08 - 2012-11-20 17:08 - 00000000 ____D C:\Users\TIM3\AppData\Local\{15D74C9B-A6EE-429B-B93F-649F34C55E08}
2012-11-20 05:08 - 2012-11-20 05:08 - 00000000 ____D C:\Users\TIM3\AppData\Local\{6DB80BD8-84C6-41B4-AC9F-4E33721A3417}
2012-11-19 17:07 - 2012-11-19 17:07 - 00000000 ____D C:\Users\TIM3\AppData\Local\{E00A176B-8B97-4B95-9653-004BC4AD1D21}
2012-11-19 05:07 - 2012-11-19 05:07 - 00000000 ____D C:\Users\TIM3\AppData\Local\{3A095D78-0606-4209-BB9C-5DD66A5A60D1}
2012-11-18 17:07 - 2012-11-18 17:06 - 00000000 ____D C:\Users\TIM3\AppData\Local\{1E7DA3CB-CEE3-4AA5-A9A1-52768D761E4C}
2012-11-18 05:06 - 2012-11-18 05:06 - 00000000 ____D C:\Users\TIM3\AppData\Local\{7B2C0E31-82B5-446F-802F-277290F56BED}
2012-11-18 00:00 - 2012-02-22 08:44 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-11-18 00:00 - 2011-10-14 21:19 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-11-17 17:06 - 2012-11-17 17:05 - 00000000 ____D C:\Users\TIM3\AppData\Local\{763661B2-EC2A-428E-A476-DF4C539CC6B9}
2012-11-17 05:05 - 2012-11-17 05:05 - 00000000 ____D C:\Users\TIM3\AppData\Local\{6F5DD888-C346-4A27-A12C-E218CAFFF2B8}
2012-11-16 17:05 - 2012-11-16 17:05 - 00000000 ____D C:\Users\TIM3\AppData\Local\{D5BB37AF-CBEC-4441-9E5C-9A01BBDD7333}
2012-11-16 05:05 - 2012-11-16 05:04 - 00000000 ____D C:\Users\TIM3\AppData\Local\{FC2C84EE-75D5-4CC7-AC00-AD266F07D11B}
2012-11-15 17:04 - 2012-11-15 17:04 - 00000000 ____D C:\Users\TIM3\AppData\Local\{873DBE54-133D-4435-A757-EED038E3950D}
2012-11-15 09:21 - 2012-11-02 07:23 - 00000000 ____D C:\Users\TIM3\Desktop\temp greg
2012-11-15 05:36 - 2012-11-15 05:36 - 00042458 ____A C:\Users\TIM3\Documents\RON PAUL FAREWELL.odt
2012-11-15 05:04 - 2012-11-15 05:03 - 00000000 ____D C:\Users\TIM3\AppData\Local\{1D487CC5-57EE-40FE-A855-0F143AACC32B}
2012-11-14 17:03 - 2012-11-14 17:03 - 00000000 ____D C:\Users\TIM3\AppData\Local\{A3D70EC5-EED8-4DCF-9466-748166C16B0B}
2012-11-14 05:03 - 2012-11-14 05:03 - 00000000 ____D C:\Users\TIM3\AppData\Local\{FD0756EE-8C10-4560-9C76-1AB831BA0CAC}
2012-11-14 05:03 - 2011-10-15 06:20 - 00094600 ____A C:\Users\TIM3\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-14 00:20 - 2012-11-11 14:00 - 00000000 ____D C:\Users\TIM3\AppData\Roaming\Dropbox
2012-11-14 00:20 - 2009-07-13 20:45 - 00356592 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-14 00:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-14 00:00 - 2011-10-16 06:48 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-13 13:23 - 2012-11-13 13:23 - 00000000 ____D C:\Users\TIM3\AppData\Local\{0D5AC0FF-1F68-441D-A5F2-508A7C3336A6}
2012-11-13 01:23 - 2012-11-13 01:22 - 00000000 ____D C:\Users\TIM3\AppData\Local\{88F9C1C9-37E7-4083-B8F5-638E09A86887}
2012-11-12 14:29 - 2012-11-12 14:26 - 00000000 ____D C:\Users\TIM3\AppData\Roaming\Winamp
2012-11-12 14:26 - 2012-11-12 14:26 - 00000979 ____A C:\Users\Public\Desktop\Winamp.lnk
2012-11-12 14:26 - 2012-11-12 14:26 - 00000000 ____D C:\Program Files (x86)\Winamp Detect
2012-11-12 14:26 - 2012-11-12 14:26 - 00000000 ____D C:\Program Files (x86)\Winamp
2012-11-12 14:22 - 2012-11-12 14:21 - 12545384 ____A (Nullsoft, Inc.) C:\Users\TIM3\Downloads\winamp563_full_emusic-7plus_en-us.exe
2012-11-12 13:22 - 2012-11-12 13:22 - 00000000 ____D C:\Users\TIM3\AppData\Local\{D279AC12-69FC-4B5F-A53F-07EE53E195A1}
2012-11-12 01:22 - 2012-11-12 01:22 - 00000000 ____D C:\Users\TIM3\AppData\Local\{42776D43-D979-459A-95EE-3888E1285A59}
2012-11-11 14:04 - 2012-10-02 06:00 - 00000000 ____D C:\Users\TIM3\AppData\Roaming\DVDVideoSoft
2012-11-11 14:03 - 2011-10-14 21:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-11-11 14:02 - 2012-11-11 14:02 - 00000000 ___RD C:\Users\TIM3\Dropbox
2012-11-11 14:02 - 2011-10-14 20:56 - 00000000 ____D C:\users\TIM3
2012-11-11 13:22 - 2012-11-11 13:21 - 00000000 ____D C:\Users\TIM3\AppData\Local\{021BBBAD-9744-4896-8A1A-BA26F8989180}
2012-11-09 17:54 - 2012-11-09 17:54 - 00000000 ____D C:\Users\TIM3\AppData\Local\{D5D12866-F79D-4C85-BE65-59526BB8C63A}
2012-11-09 05:54 - 2012-11-09 05:53 - 00000000 ____D C:\Users\TIM3\AppData\Local\{7C12C151-F0D1-44BE-BE77-855903A940BE}
2012-11-08 17:53 - 2012-11-08 17:53 - 00000000 ____D C:\Users\TIM3\AppData\Local\{805B19C0-FAA3-43AB-8C0A-A6526368AE15}
2012-11-08 05:53 - 2012-11-08 05:52 - 00000000 ____D C:\Users\TIM3\AppData\Local\{98C8F918-DCC6-4C1A-A84F-F111518BDE57}
2012-11-07 17:52 - 2012-11-07 17:52 - 00000000 ____D C:\Users\TIM3\AppData\Local\{7965031C-DD94-472C-8CB7-49271F2A1944}
2012-11-07 05:52 - 2012-11-07 05:52 - 00000000 ____D C:\Users\TIM3\AppData\Local\{AED9221B-C470-4B64-8B1C-68901BE3FD89}
2012-11-06 17:52 - 2012-11-06 17:51 - 00000000 ____D C:\Users\TIM3\AppData\Local\{F7ECC6B6-9B3D-4B34-991D-7EEA016A41A3}
2012-11-06 05:51 - 2012-11-06 05:51 - 00000000 ____D C:\Users\TIM3\AppData\Local\{DCB107D9-7CAA-4611-8404-A9718F8BEA75}
2012-11-05 17:51 - 2012-11-05 17:51 - 00000000 ____D C:\Users\TIM3\AppData\Local\{85361D06-C94D-4519-A63B-6645402D40B9}
2012-11-05 05:51 - 2012-11-05 05:50 - 00000000 ____D C:\Users\TIM3\AppData\Local\{726DD87C-1D35-46F9-A2B2-D8597253B7ED}
2012-11-04 17:50 - 2012-11-04 17:50 - 00000000 ____D C:\Users\TIM3\AppData\Local\{3A8F0EB4-3373-4468-892E-A808806C3CDB}
2012-11-04 05:50 - 2012-11-04 05:49 - 00000000 ____D C:\Users\TIM3\AppData\Local\{70045A3A-206F-4CC6-B02A-5935ED20D6B7}
2012-11-03 17:49 - 2012-11-03 17:49 - 00000000 ____D C:\Users\TIM3\AppData\Local\{CED7DB04-23F4-49B9-A908-0B46E60929D9}
2012-11-03 05:49 - 2012-11-03 05:49 - 00000000 ____D C:\Users\TIM3\AppData\Local\{CB762AFF-FF32-4EC6-85B7-27A513BD8A6E}
2012-11-02 17:49 - 2012-11-02 17:48 - 00000000 ____D C:\Users\TIM3\AppData\Local\{072C6D99-6601-43CC-BEAE-DAEE857BCC03}
2012-11-02 05:48 - 2012-11-02 05:48 - 00000000 ____D C:\Users\TIM3\AppData\Local\{DAEEAFA2-4AE3-4CA0-AD86-0D8FDF16B5C5}
2012-11-01 17:48 - 2012-11-01 17:47 - 00000000 ____D C:\Users\TIM3\AppData\Local\{2FA83F79-C45B-41D2-A12E-496EFA3CB4F4}
2012-11-01 05:47 - 2012-11-01 05:47 - 00000000 ____D C:\Users\TIM3\AppData\Local\{6444AD7A-CBD9-478E-BD64-E7365F2AD281}
2012-10-31 17:47 - 2012-10-31 17:47 - 00000000 ____D C:\Users\TIM3\AppData\Local\{41B35A6F-7064-411A-AAB7-90770133F6DF}
2012-10-31 05:47 - 2012-10-31 05:46 - 00000000 ____D C:\Users\TIM3\AppData\Local\{1322A36F-23EE-401A-A274-5A210E74ACE7}


ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8169.44 MB
Available physical RAM: 7362.16 MB
Total Pagefile: 8167.64 MB
Available Pagefile: 7351.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:6.76 GB) NTFS
3 Drive f: (USB20FD) (Removable) (Total:7.52 GB) (Free:7.52 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 111 GB 0 B
Disk 1 Online 7722 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 111 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 111 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7719 MB 3004 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F USB20FD FAT32 Removable 7719 MB Healthy

=========================================================

Last Boot: 2012-11-24 21:40

==================== End Of Log =============================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:16 AM

Posted 30 November 2012 - 09:14 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKU\TIM3\...\Run: [3Dconnexion_Inc] rundll32.exe "C:\Users\TIM3\AppData\Local\Adobe\3Dconnexion_Inc\hsvrfofvs.dll",svn_lock_createW [x]
C:\Users\TIM3\AppData\Local\Adobe\3Dconnexion_Inc\hsvrfofvs.dll
C:\Windows\svchost.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.
Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.


NEXT



Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 thoeing

thoeing
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 30 November 2012 - 09:48 PM

Hi CatByte,

I got to the point in your instructions to run mbar.exe. When I try the executable it opens a message box telling me that it must be run from an administrator account (which I am). Ideas?

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:16 AM

Posted 30 November 2012 - 09:53 PM

try right clicking and "run as administrator"
If it still won't run, move on to ComboFix, then run the following:


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



(we have lots of different ways to kill this infection, if one wont run we can move on to another)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 thoeing

thoeing
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 30 November 2012 - 10:40 PM

OK CatByte,

I ran combofix, then turned norton back on and ran TDSSKiller. I allowed the computer to reboot - TDSSKiller came up on reboot. While deciding if I should run it again Norton starting finding things and then came up with a window telling me that I must restart in order to continue removal of security risks.

Both windows are still open, I haven't rebooted or rescanned yet.

Here are the logs.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2012
Ran by SYSTEM at 2012-11-30 21:32:26 Run:1
Running from F:\

==============================================

HKEY_USERS\TIM3\Software\Microsoft\Windows\CurrentVersion\Run\\3Dconnexion_Inc Value deleted successfully.
C:\Users\TIM3\AppData\Local\Adobe\3Dconnexion_Inc\hsvrfofvs.dll not found.
C:\Windows\svchost.exe moved successfully.

==== End of Fixlog ====



ComboFix 12-12-01.01 - TIM3 11/30/2012 22:09:36.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8169.6537 [GMT -5:00]
Running from: c:\users\TIM3\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\RadioRage_4j
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jauxstb.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jbrstub.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jdatact.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jdlghk.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jdyn.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jfeedmg.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jhighin.exe
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jhkstub.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jhtml.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jhtmlmu.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jhttpct.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jidle.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jieovr.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jimpipe.exe
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jmedint.exe
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jmlbtn.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jmsg.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jPlugin.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jradio.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jregfft.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jreghk.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jregiet.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jscript.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jskin.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jsknlcr.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jskplay.exe
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jSrchMn.exe
c:\program files (x86)\RadioRage_4j\bar\1.bin\4jtpinst.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\4juabtn.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\RadioRage_4j\bar\1.bin\chrome\4jffxtbr.jar
c:\program files (x86)\RadioRage_4j\bar\1.bin\INSTALL.RDF
c:\program files (x86)\RadioRage_4j\bar\1.bin\installKeys.js
c:\program files (x86)\RadioRage_4j\bar\1.bin\LOGO.BMP
c:\program files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll
c:\program files (x86)\RadioRage_4j\bar\1.bin\T8RES.DLL
c:\program files (x86)\RadioRage_4j\bar\gen1\COMMON.T8S
c:\program files (x86)\RadioRage_4j\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\RadioRage_4j\bar\Message\COMMON.T8S
c:\program files (x86)\RadioRage_4j\bar\Settings\s_pid.dat
c:\users\TIM3\AppData\Roaming\JomCap.dll
c:\users\TIM3\g2mdlhlpx.exe
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))
.
.
2012-12-01 04:15 . 2012-12-01 04:15 -------- d-----w- C:\FRST
2012-12-01 03:12 . 2012-12-01 03:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-28 20:59 . 2012-11-28 20:59 -------- d-----w- c:\users\TIM3\AppData\Local\Autodesk
2012-11-28 20:56 . 2012-11-28 20:56 -------- d-----w- c:\program files (x86)\Autodesk
2012-11-28 20:54 . 2012-11-28 20:54 -------- d-----w- c:\users\TIM3\AppData\Local\Akamai
2012-11-28 20:53 . 2012-12-01 03:07 -------- d-----w- c:\program files (x86)\Common Files\Akamai
2012-11-14 08:03 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 08:03 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 08:03 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 08:03 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 03:14 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 03:14 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-14 03:14 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-14 03:14 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-14 03:14 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 03:13 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 03:13 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 03:13 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 03:13 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 03:13 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 03:13 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-11-14 03:13 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-11-14 03:13 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2012-11-14 03:13 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 03:13 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 03:13 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-11-14 03:13 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 03:08 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 03:08 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-12 22:26 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-11-12 22:26 . 2006-09-28 21:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2012-11-12 22:26 . 2012-11-12 22:26 -------- d-----w- c:\program files (x86)\Winamp Detect
2012-11-12 22:26 . 2012-11-12 22:26 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-11-12 22:26 . 2012-11-12 22:29 -------- d-----w- c:\users\TIM3\AppData\Roaming\Winamp
2012-11-12 22:26 . 2012-11-12 22:26 -------- d-----w- c:\program files (x86)\Winamp
2012-11-11 22:02 . 2012-11-11 22:02 -------- d-----r- c:\users\TIM3\Dropbox
2012-11-11 22:00 . 2012-11-14 08:20 -------- d-----w- c:\users\TIM3\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 08:00 . 2011-10-16 14:48 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-28 10:27 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 10:27 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 10:27 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 02:23 . 2012-10-11 02:23 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-11 02:23 . 2012-10-11 02:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 02:23 . 2012-10-11 02:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 02:23 . 2012-10-11 02:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-11 02:23 . 2012-10-11 02:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-11 02:23 . 2012-10-11 02:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-11 02:23 . 2012-10-11 02:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 02:23 . 2012-10-11 02:23 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-11 02:23 . 2012-10-11 02:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-11 02:23 . 2012-10-11 02:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 02:23 . 2011-10-15 05:20 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-11 02:23 . 2012-02-22 16:43 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-11 02:23 . 2011-10-15 14:30 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 02:23 . 2012-10-11 02:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 02:23 . 2012-10-11 02:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-11 02:23 . 2012-10-11 02:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 02:23 . 2011-10-15 14:30 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 02:22 . 2012-10-11 02:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 02:22 . 2012-10-11 02:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-11 02:22 . 2012-02-22 16:43 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 02:22 . 2011-10-15 14:30 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 02:22 . 2012-10-11 02:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 02:22 . 2012-10-11 02:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 02:22 . 2012-10-11 02:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 02:22 . 2012-10-11 02:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 19:51 . 2012-02-22 16:44 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2011-03-18 20:33 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-03-18 20:33 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-03-18 20:33 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:50 . 2011-03-18 20:33 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-03-18 20:33 866664 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-10-02 19:50 . 2011-03-18 20:33 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2011-03-18 20:33 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-10-02 19:50 . 2011-03-18 20:33 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-14 19:19 . 2012-10-10 20:25 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 20:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-10 23:27 . 2012-08-02 11:58 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-10 23:27 . 2011-10-15 20:40 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Second Copy 2000"="c:\program files (x86)\SecCopy\SecCopy.exe" [1999-11-02 1099776]
"Akamai NetSession Interface"="c:\users\TIM3\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ipTray.exe"="c:\program files (x86)\Intel\Intel Desktop Utilities\ipTray.exe" [2011-08-19 1631944]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
.
c:\users\TIM3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Printer Watcher3.60.lnk - c:\program files (x86)\EPSON\EPSON LFP Remote Panel\Stylus Pro 3880\Printer Watcher\Printer Watcher.exe [2012-7-27 612256]
Start 3DxWare.lnk - c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe [2011-7-23 128000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-15 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2011-07-26 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20121129.001\IDSvia64.sys [2012-09-06 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 405624]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [2006-12-13 65024]
S2 FLEXlm License Manager;FLEXlm License Manager;c:\seflex\Program\lmgrd.exe [2011-08-02 1379664]
S2 IduService;Intel® Desktop Utilities Service;c:\program files (x86)\Intel\Intel Desktop Utilities\iduServ.exe [2011-08-19 132808]
S2 Intel® Desktop Boards FSC Application Service;Intel® Desktop Boards FSC Application Service;c:\program files (x86)\Intel\FSC\FSCAppServ.exe [2011-08-19 61440]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 RadioRage_4jService;RadioRageService;c:\progra~2\RADIOR~2\bar\1.bin\4jbarsvc.exe [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-09-17 369952]
S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-09-17 292128]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S2 Viewpoint Service;Viewpoint Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2008-04-04 30152]
S3 cpuio;CPUIO Service;c:\windows\SysWOW64\Drivers\cpuiox64.sys [2011-10-15 15384]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-15 138912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS [2009-09-17 58792]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-10-11 2041192]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 74.40.74.40 74.40.74.41
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{3c35ad63-af1d-4e21-b484-b6651a8efcf9} - c:\program files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll
BHO-{48909954-14fb-4971-a7b3-47e7af10b38a} - c:\progra~2\RADIOR~2\bar\1.bin\4jbar.dll
BHO-{5848763c-2668-44ca-adbe-2999a6ee2858} - c:\program files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll
Toolbar-{78ba36c9-6036-482b-b48d-ecca6f964b84} - c:\program files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll
Wow6432Node-HKLM-Run-RadioRage Search Scope Monitor - c:\progra~2\RADIOR~2\bar\1.bin\4jsrchmn.exe
Wow6432Node-HKLM-Run-RadioRage_4j Browser Plugin Loader - c:\progra~2\RADIOR~2\bar\1.bin\4jbrmon.exe
AddRemove-HDtracks Download Manager - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_ce5ba24.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{78BA36C9-6036-482B-B48D-ECCA6F964B84}"=hex:51,66,7a,6c,4c,1d,38,12,a7,35,a9,
7c,04,2e,45,0d,cb,9b,af,8a,6a,c8,0f,90
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{48909954-14FB-4971-A7B3-47E7AF10B38A}"=hex:51,66,7a,6c,4c,1d,38,12,3a,9a,83,
4c,c9,5a,1f,0c,d8,a5,04,a7,aa,4e,f7,9e
"{5848763C-2668-44CA-ADBE-2999A6EE2858}"=hex:51,66,7a,6c,4c,1d,38,12,52,75,5b,
5c,5a,68,a4,01,d2,a8,6a,d9,a3,b0,6c,4c
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:45,f1,c9,bc,53,cf,cd,01
.
[HKEY_USERS\S-1-5-21-1903057469-3260110788-841479603-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1903057469-3260110788-841479603-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1903057469-3260110788-841479603-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-1903057469-3260110788-841479603-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-30 22:14:43
ComboFix-quarantined-files.txt 2012-12-01 03:14
.
Pre-Run: 10,556,534,784 bytes free
Post-Run: 19,370,229,760 bytes free
.
- - End Of File - - DCD4AC4801EDEC4E1205518CAD3203A9


22:21:25.0821 28580 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:21:26.0909 28580 ============================================================
22:21:26.0909 28580 Current date / time: 2012/11/30 22:21:26.0909
22:21:26.0909 28580 SystemInfo:
22:21:26.0909 28580
22:21:26.0909 28580 OS Version: 6.1.7601 ServicePack: 1.0
22:21:26.0909 28580 Product type: Workstation
22:21:26.0909 28580 ComputerName: TIM3-PC
22:21:26.0909 28580 UserName: TIM3
22:21:26.0909 28580 Windows directory: C:\Windows
22:21:26.0909 28580 System windows directory: C:\Windows
22:21:26.0909 28580 Running under WOW64
22:21:26.0909 28580 Processor architecture: Intel x64
22:21:26.0909 28580 Number of processors: 8
22:21:26.0909 28580 Page size: 0x1000
22:21:26.0909 28580 Boot type: Normal boot
22:21:26.0909 28580 ============================================================
22:21:27.0081 28580 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:21:27.0084 28580 Drive \Device\Harddisk1\DR1 - Size: 0x1E2A00000 (7.54 Gb), SectorSize: 0x200, Cylinders: 0x3D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:21:27.0085 28580 ============================================================
22:21:27.0085 28580 \Device\Harddisk0\DR0:
22:21:27.0086 28580 MBR partitions:
22:21:27.0086 28580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:21:27.0086 28580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
22:21:27.0086 28580 \Device\Harddisk1\DR1:
22:21:27.0086 28580 MBR partitions:
22:21:27.0086 28580 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x1778, BlocksNum 0xF13888
22:21:27.0086 28580 ============================================================
22:21:27.0087 28580 C: <-> \Device\Harddisk0\DR0\Partition2
22:21:27.0087 28580 ============================================================
22:21:27.0087 28580 Initialize success
22:21:27.0088 28580 ============================================================
22:21:48.0294 27960 ============================================================
22:21:48.0294 27960 Scan started
22:21:48.0294 27960 Mode: Manual; TDLFS;
22:21:48.0294 27960 ============================================================
22:21:48.0640 27960 ================ Scan system memory ========================
22:21:48.0640 27960 System memory - ok
22:21:48.0641 27960 ================ Scan services =============================
22:21:48.0680 27960 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:21:48.0681 27960 1394ohci - ok
22:21:48.0687 27960 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:21:48.0689 27960 ACPI - ok
22:21:48.0691 27960 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:21:48.0692 27960 AcpiPmi - ok
22:21:48.0698 27960 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:21:48.0701 27960 adp94xx - ok
22:21:48.0705 27960 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:21:48.0707 27960 adpahci - ok
22:21:48.0710 27960 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:21:48.0711 27960 adpu320 - ok
22:21:48.0716 27960 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:21:48.0716 27960 AeLookupSvc - ok
22:21:48.0723 27960 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:21:48.0725 27960 AFD - ok
22:21:48.0727 27960 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:21:48.0728 27960 agp440 - ok
22:21:48.0763 27960 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai C:/Program Files (x86)/Common Files/Akamai/netsession_win_ce5ba24.dll
22:21:48.0780 27960 Akamai - ok
22:21:48.0784 27960 [ BC569A6C209D94F6643EE35710AEC1F6 ] aksdf C:\Windows\system32\DRIVERS\aksdf.sys
22:21:48.0785 27960 aksdf - ok
22:21:48.0787 27960 [ 0B51C78FA897482730F226E833873F7A ] akshasp C:\Windows\system32\DRIVERS\akshasp.sys
22:21:48.0788 27960 akshasp - ok
22:21:48.0790 27960 [ 884503EAD99E5C16BF99C91EA7F2071D ] aksusb C:\Windows\system32\DRIVERS\aksusb.sys
22:21:48.0791 27960 aksusb - ok
22:21:48.0794 27960 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:21:48.0795 27960 ALG - ok
22:21:48.0797 27960 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:21:48.0798 27960 aliide - ok
22:21:48.0800 27960 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:21:48.0800 27960 amdide - ok
22:21:48.0803 27960 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:21:48.0804 27960 AmdK8 - ok
22:21:48.0806 27960 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
22:21:48.0807 27960 AmdPPM - ok
22:21:48.0809 27960 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:21:48.0810 27960 amdsata - ok
22:21:48.0813 27960 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:21:48.0815 27960 amdsbs - ok
22:21:48.0817 27960 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:21:48.0818 27960 amdxata - ok
22:21:48.0820 27960 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:21:48.0821 27960 AppID - ok
22:21:48.0823 27960 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:21:48.0824 27960 AppIDSvc - ok
22:21:48.0826 27960 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:21:48.0827 27960 Appinfo - ok
22:21:48.0830 27960 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:21:48.0832 27960 AppMgmt - ok
22:21:48.0834 27960 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
22:21:48.0835 27960 arc - ok
22:21:48.0838 27960 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:21:48.0839 27960 arcsas - ok
22:21:48.0848 27960 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:21:48.0849 27960 aspnet_state - ok
22:21:48.0851 27960 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:21:48.0852 27960 AsyncMac - ok
22:21:48.0854 27960 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:21:48.0854 27960 atapi - ok
22:21:48.0862 27960 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:21:48.0865 27960 AudioEndpointBuilder - ok
22:21:48.0873 27960 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:21:48.0875 27960 AudioSrv - ok
22:21:48.0878 27960 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:21:48.0878 27960 AxInstSV - ok
22:21:48.0884 27960 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:21:48.0886 27960 b06bdrv - ok
22:21:48.0892 27960 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:21:48.0894 27960 b57nd60a - ok
22:21:48.0897 27960 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:21:48.0898 27960 BDESVC - ok
22:21:48.0900 27960 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:21:48.0901 27960 Beep - ok
22:21:48.0908 27960 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:21:48.0911 27960 BFE - ok
22:21:48.0925 27960 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20121106.001\BHDrvx64.sys
22:21:48.0931 27960 BHDrvx64 - ok
22:21:48.0940 27960 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
22:21:48.0944 27960 BITS - ok
22:21:48.0946 27960 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:21:48.0947 27960 blbdrive - ok
22:21:48.0949 27960 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:21:48.0950 27960 bowser - ok
22:21:48.0952 27960 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:21:48.0953 27960 BrFiltLo - ok
22:21:48.0955 27960 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:21:48.0955 27960 BrFiltUp - ok
22:21:48.0958 27960 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:21:48.0959 27960 BridgeMP - ok
22:21:48.0962 27960 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:21:48.0963 27960 Browser - ok
22:21:48.0967 27960 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:21:48.0969 27960 Brserid - ok
22:21:48.0971 27960 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:21:48.0971 27960 BrSerWdm - ok
22:21:48.0973 27960 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:21:48.0974 27960 BrUsbMdm - ok
22:21:48.0976 27960 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:21:48.0977 27960 BrUsbSer - ok
22:21:48.0980 27960 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:21:48.0980 27960 BTHMODEM - ok
22:21:48.0984 27960 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:21:48.0985 27960 bthserv - ok
22:21:48.0986 27960 catchme - ok
22:21:48.0991 27960 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys
22:21:48.0992 27960 ccSet_NIS - ok
22:21:48.0995 27960 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:21:48.0995 27960 cdfs - ok
22:21:48.0999 27960 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:21:49.0000 27960 cdrom - ok
22:21:49.0003 27960 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:21:49.0004 27960 CertPropSvc - ok
22:21:49.0006 27960 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
22:21:49.0007 27960 circlass - ok
22:21:49.0012 27960 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:21:49.0014 27960 CLFS - ok
22:21:49.0018 27960 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:21:49.0020 27960 clr_optimization_v2.0.50727_32 - ok
22:21:49.0024 27960 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:21:49.0025 27960 clr_optimization_v2.0.50727_64 - ok
22:21:49.0033 27960 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:21:49.0034 27960 clr_optimization_v4.0.30319_32 - ok
22:21:49.0037 27960 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:21:49.0038 27960 clr_optimization_v4.0.30319_64 - ok
22:21:49.0041 27960 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
22:21:49.0041 27960 CmBatt - ok
22:21:49.0044 27960 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:21:49.0044 27960 cmdide - ok
22:21:49.0050 27960 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:21:49.0052 27960 CNG - ok
22:21:49.0055 27960 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:21:49.0055 27960 Compbatt - ok
22:21:49.0057 27960 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:21:49.0058 27960 CompositeBus - ok
22:21:49.0059 27960 COMSysApp - ok
22:21:49.0079 27960 [ 907966B70662669EA1892281F85689FF ] cpuio C:\Windows\SysWOW64\Drivers\cpuiox64.sys
22:21:49.0080 27960 cpuio - ok
22:21:49.0082 27960 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:21:49.0083 27960 crcdisk - ok
22:21:49.0087 27960 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:21:49.0088 27960 CryptSvc - ok
22:21:49.0095 27960 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
22:21:49.0097 27960 CSC - ok
22:21:49.0106 27960 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
22:21:49.0109 27960 CscService - ok
22:21:49.0116 27960 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:21:49.0119 27960 DcomLaunch - ok
22:21:49.0124 27960 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:21:49.0126 27960 defragsvc - ok
22:21:49.0129 27960 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:21:49.0130 27960 DfsC - ok
22:21:49.0135 27960 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:21:49.0137 27960 Dhcp - ok
22:21:49.0139 27960 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:21:49.0140 27960 discache - ok
22:21:49.0142 27960 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
22:21:49.0143 27960 Disk - ok
22:21:49.0146 27960 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
22:21:49.0147 27960 dmvsc - ok
22:21:49.0150 27960 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:21:49.0151 27960 Dnscache - ok
22:21:49.0155 27960 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:21:49.0156 27960 dot3svc - ok
22:21:49.0160 27960 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:21:49.0161 27960 DPS - ok
22:21:49.0163 27960 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:21:49.0164 27960 drmkaud - ok
22:21:49.0176 27960 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:21:49.0180 27960 DXGKrnl - ok
22:21:49.0185 27960 [ EAFCB4551836FF44EE775CEDDFA7A77E ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
22:21:49.0186 27960 e1cexpress - ok
22:21:49.0190 27960 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:21:49.0191 27960 EapHost - ok
22:21:49.0215 27960 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:21:49.0228 27960 ebdrv - ok
22:21:49.0234 27960 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:21:49.0236 27960 eeCtrl - ok
22:21:49.0239 27960 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:21:49.0239 27960 EFS - ok
22:21:49.0247 27960 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:21:49.0250 27960 ehRecvr - ok
22:21:49.0253 27960 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:21:49.0254 27960 ehSched - ok
22:21:49.0260 27960 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:21:49.0262 27960 elxstor - ok
22:21:49.0266 27960 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
22:21:49.0266 27960 EpsonBidirectionalService - ok
22:21:49.0269 27960 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:21:49.0273 27960 EraserUtilRebootDrv - ok
22:21:49.0275 27960 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:21:49.0275 27960 ErrDev - ok
22:21:49.0282 27960 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:21:49.0283 27960 EventSystem - ok
22:21:49.0287 27960 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:21:49.0289 27960 exfat - ok
22:21:49.0292 27960 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:21:49.0293 27960 fastfat - ok
22:21:49.0303 27960 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:21:49.0306 27960 Fax - ok
22:21:49.0310 27960 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
22:21:49.0311 27960 fdc - ok
22:21:49.0313 27960 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:21:49.0313 27960 fdPHost - ok
22:21:49.0315 27960 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:21:49.0316 27960 FDResPub - ok
22:21:49.0319 27960 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:21:49.0320 27960 FileInfo - ok
22:21:49.0322 27960 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:21:49.0322 27960 Filetrace - ok
22:21:49.0336 27960 [ 3B8B64EF1D7CE03727DEFFFEF473F5AE ] FLEXlm License Manager C:\SEFlex\Program\lmgrd.exe
22:21:49.0341 27960 FLEXlm License Manager - ok
22:21:49.0344 27960 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:21:49.0344 27960 flpydisk - ok
22:21:49.0348 27960 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:21:49.0350 27960 FltMgr - ok
22:21:49.0361 27960 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:21:49.0366 27960 FontCache - ok
22:21:49.0369 27960 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:21:49.0370 27960 FontCache3.0.0.0 - ok
22:21:49.0372 27960 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:21:49.0373 27960 FsDepends - ok
22:21:49.0375 27960 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:21:49.0375 27960 Fs_Rec - ok
22:21:49.0379 27960 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:21:49.0380 27960 fvevol - ok
22:21:49.0383 27960 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:21:49.0383 27960 gagp30kx - ok
22:21:49.0392 27960 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:21:49.0396 27960 gpsvc - ok
22:21:49.0402 27960 [ D8BF3C594BD17A37960362E6C6739B90 ] Hardlock C:\Windows\system32\drivers\hardlock.sys
22:21:49.0403 27960 Hardlock - ok
22:21:49.0405 27960 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:21:49.0406 27960 hcw85cir - ok
22:21:49.0410 27960 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:21:49.0412 27960 HdAudAddService - ok
22:21:49.0415 27960 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:21:49.0416 27960 HDAudBus - ok
22:21:49.0418 27960 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:21:49.0419 27960 HidBatt - ok
22:21:49.0421 27960 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:21:49.0422 27960 HidBth - ok
22:21:49.0424 27960 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:21:49.0425 27960 HidIr - ok
22:21:49.0427 27960 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:21:49.0428 27960 hidserv - ok
22:21:49.0430 27960 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:21:49.0430 27960 HidUsb - ok
22:21:49.0433 27960 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:21:49.0434 27960 hkmsvc - ok
22:21:49.0437 27960 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:21:49.0439 27960 HomeGroupListener - ok
22:21:49.0443 27960 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:21:49.0444 27960 HomeGroupProvider - ok
22:21:49.0447 27960 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:21:49.0448 27960 HpSAMD - ok
22:21:49.0456 27960 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:21:49.0459 27960 HTTP - ok
22:21:49.0461 27960 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:21:49.0462 27960 hwpolicy - ok
22:21:49.0464 27960 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:21:49.0465 27960 i8042prt - ok
22:21:49.0470 27960 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:21:49.0472 27960 iaStorV - ok
22:21:49.0479 27960 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:21:49.0483 27960 idsvc - ok
22:21:49.0491 27960 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20121129.001\IDSvia64.sys
22:21:49.0493 27960 IDSVia64 - ok
22:21:49.0497 27960 [ E01B756E3DE6C9BC82E960ADB3BD704B ] IduService C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe
22:21:49.0498 27960 IduService - ok
22:21:49.0500 27960 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:21:49.0501 27960 iirsp - ok
22:21:49.0510 27960 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:21:49.0514 27960 IKEEXT - ok
22:21:49.0537 27960 [ A5F7CEF8A939EBE270462EDEFD629F20 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:21:49.0548 27960 IntcAzAudAddService - ok
22:21:49.0551 27960 [ 429C3C3BF1518A6E13D2FD520E95921A ] Intel® Desktop Boards FSC Application Service C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe
22:21:49.0552 27960 Intel® Desktop Boards FSC Application Service - ok
22:21:49.0555 27960 [ D7B978F4504D3DA95A21002863D0E7EE ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
22:21:49.0556 27960 Intel® PROSet Monitoring Service - ok
22:21:49.0558 27960 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:21:49.0559 27960 intelide - ok
22:21:49.0561 27960 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:21:49.0562 27960 intelppm - ok
22:21:49.0564 27960 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:21:49.0566 27960 IPBusEnum - ok
22:21:49.0568 27960 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:21:49.0569 27960 IpFilterDriver - ok
22:21:49.0574 27960 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:21:49.0577 27960 iphlpsvc - ok
22:21:49.0579 27960 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:21:49.0580 27960 IPMIDRV - ok
22:21:49.0583 27960 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:21:49.0584 27960 IPNAT - ok
22:21:49.0586 27960 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:21:49.0587 27960 IRENUM - ok
22:21:49.0589 27960 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:21:49.0589 27960 isapnp - ok
22:21:49.0593 27960 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:21:49.0594 27960 iScsiPrt - ok
22:21:49.0599 27960 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
22:21:49.0600 27960 jhi_service - ok
22:21:49.0603 27960 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:21:49.0603 27960 kbdclass - ok
22:21:49.0605 27960 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:21:49.0606 27960 kbdhid - ok
22:21:49.0607 27960 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:21:49.0608 27960 KeyIso - ok
22:21:49.0611 27960 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:21:49.0611 27960 KSecDD - ok
22:21:49.0614 27960 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:21:49.0615 27960 KSecPkg - ok
22:21:49.0618 27960 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:21:49.0618 27960 ksthunk - ok
22:21:49.0622 27960 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:21:49.0624 27960 KtmRm - ok
22:21:49.0629 27960 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:21:49.0630 27960 LanmanServer - ok
22:21:49.0634 27960 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:21:49.0635 27960 LanmanWorkstation - ok
22:21:49.0638 27960 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:21:49.0639 27960 lltdio - ok
22:21:49.0643 27960 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:21:49.0644 27960 lltdsvc - ok
22:21:49.0646 27960 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:21:49.0647 27960 lmhosts - ok
22:21:49.0652 27960 [ E7859BA062DB5E23C6DD34AD66B09F50 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:21:49.0653 27960 LMS - ok
22:21:49.0657 27960 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:21:49.0658 27960 LSI_FC - ok
22:21:49.0660 27960 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:21:49.0661 27960 LSI_SAS - ok
22:21:49.0663 27960 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:21:49.0664 27960 LSI_SAS2 - ok
22:21:49.0667 27960 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:21:49.0668 27960 LSI_SCSI - ok
22:21:49.0671 27960 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:21:49.0671 27960 luafv - ok
22:21:49.0674 27960 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:21:49.0675 27960 Mcx2Svc - ok
22:21:49.0677 27960 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
22:21:49.0678 27960 megasas - ok
22:21:49.0682 27960 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:21:49.0683 27960 MegaSR - ok
22:21:49.0686 27960 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:21:49.0686 27960 MEIx64 - ok
22:21:49.0689 27960 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:21:49.0689 27960 MMCSS - ok
22:21:49.0691 27960 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:21:49.0692 27960 Modem - ok
22:21:49.0694 27960 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:21:49.0694 27960 monitor - ok
22:21:49.0697 27960 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:21:49.0698 27960 mouclass - ok
22:21:49.0700 27960 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:21:49.0700 27960 mouhid - ok
22:21:49.0703 27960 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:21:49.0703 27960 mountmgr - ok
22:21:49.0706 27960 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:21:49.0707 27960 mpio - ok
22:21:49.0710 27960 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:21:49.0710 27960 mpsdrv - ok
22:21:49.0720 27960 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:21:49.0724 27960 MpsSvc - ok
22:21:49.0727 27960 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:21:49.0728 27960 MRxDAV - ok
22:21:49.0732 27960 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:21:49.0733 27960 mrxsmb - ok
22:21:49.0738 27960 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:21:49.0739 27960 mrxsmb10 - ok
22:21:49.0742 27960 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:21:49.0743 27960 mrxsmb20 - ok
22:21:49.0745 27960 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:21:49.0746 27960 msahci - ok
22:21:49.0749 27960 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:21:49.0750 27960 msdsm - ok
22:21:49.0753 27960 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:21:49.0754 27960 MSDTC - ok
22:21:49.0758 27960 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:21:49.0759 27960 Msfs - ok
22:21:49.0760 27960 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:21:49.0761 27960 mshidkmdf - ok
22:21:49.0762 27960 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:21:49.0763 27960 msisadrv - ok
22:21:49.0766 27960 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:21:49.0767 27960 MSiSCSI - ok
22:21:49.0769 27960 msiserver - ok
22:21:49.0771 27960 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:21:49.0771 27960 MSKSSRV - ok
22:21:49.0773 27960 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:21:49.0774 27960 MSPCLOCK - ok
22:21:49.0775 27960 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:21:49.0776 27960 MSPQM - ok
22:21:49.0781 27960 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:21:49.0783 27960 MsRPC - ok
22:21:49.0786 27960 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:21:49.0787 27960 mssmbios - ok
22:21:49.0789 27960 MSSQL$SQLEXPRESS - ok
22:21:49.0792 27960 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
22:21:49.0792 27960 MSSQLServerADHelper100 - ok
22:21:49.0794 27960 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:21:49.0794 27960 MSTEE - ok
22:21:49.0796 27960 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:21:49.0797 27960 MTConfig - ok
22:21:49.0799 27960 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:21:49.0800 27960 Mup - ok
22:21:49.0806 27960 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:21:49.0808 27960 napagent - ok
22:21:49.0813 27960 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:21:49.0814 27960 NativeWifiP - ok
22:21:49.0817 27960 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20121130.002\ENG64.SYS
22:21:49.0818 27960 NAVENG - ok
22:21:49.0834 27960 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20121130.002\EX64.SYS
22:21:49.0842 27960 NAVEX15 - ok
22:21:49.0851 27960 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:21:49.0855 27960 NDIS - ok
22:21:49.0857 27960 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:21:49.0858 27960 NdisCap - ok
22:21:49.0860 27960 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:21:49.0860 27960 NdisTapi - ok
22:21:49.0862 27960 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:21:49.0863 27960 Ndisuio - ok
22:21:49.0866 27960 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:21:49.0867 27960 NdisWan - ok
22:21:49.0870 27960 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:21:49.0870 27960 NDProxy - ok
22:21:49.0872 27960 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:21:49.0873 27960 NetBIOS - ok
22:21:49.0876 27960 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:21:49.0878 27960 NetBT - ok
22:21:49.0880 27960 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:21:49.0881 27960 Netlogon - ok
22:21:49.0885 27960 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:21:49.0887 27960 Netman - ok
22:21:49.0894 27960 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:21:49.0895 27960 NetMsmqActivator - ok
22:21:49.0898 27960 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:21:49.0898 27960 NetPipeActivator - ok
22:21:49.0904 27960 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:21:49.0906 27960 netprofm - ok
22:21:49.0908 27960 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:21:49.0909 27960 NetTcpActivator - ok
22:21:49.0911 27960 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:21:49.0912 27960 NetTcpPortSharing - ok
22:21:49.0914 27960 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:21:49.0915 27960 nfrd960 - ok
22:21:49.0923 27960 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
22:21:49.0923 27960 NIS - ok
22:21:49.0928 27960 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:21:49.0929 27960 NlaSvc - ok
22:21:49.0932 27960 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:21:49.0932 27960 Npfs - ok
22:21:49.0935 27960 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:21:49.0935 27960 nsi - ok
22:21:49.0937 27960 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:21:49.0938 27960 nsiproxy - ok
22:21:49.0952 27960 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:21:49.0958 27960 Ntfs - ok
22:21:49.0960 27960 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:21:49.0960 27960 Null - ok
22:21:49.0963 27960 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
22:21:49.0963 27960 nusb3hub - ok
22:21:49.0967 27960 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:21:49.0968 27960 nusb3xhc - ok
22:21:49.0971 27960 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:21:49.0972 27960 NVHDA - ok
22:21:50.0075 27960 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:21:50.0124 27960 nvlddmkm - ok
22:21:50.0130 27960 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:21:50.0131 27960 nvraid - ok
22:21:50.0134 27960 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:21:50.0135 27960 nvstor - ok
22:21:50.0143 27960 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] NVSvc C:\Windows\system32\nvvsvc.exe
22:21:50.0149 27960 NVSvc - ok
22:21:50.0152 27960 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:21:50.0153 27960 nv_agp - ok
22:21:50.0155 27960 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:21:50.0156 27960 ohci1394 - ok
22:21:50.0160 27960 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:21:50.0162 27960 p2pimsvc - ok
22:21:50.0168 27960 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:21:50.0170 27960 p2psvc - ok
22:21:50.0173 27960 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
22:21:50.0174 27960 Parport - ok
22:21:50.0176 27960 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:21:50.0177 27960 partmgr - ok
22:21:50.0181 27960 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:21:50.0182 27960 PcaSvc - ok
22:21:50.0186 27960 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:21:50.0187 27960 pci - ok
22:21:50.0189 27960 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:21:50.0189 27960 pciide - ok
22:21:50.0193 27960 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:21:50.0195 27960 pcmcia - ok
22:21:50.0197 27960 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:21:50.0197 27960 pcw - ok
22:21:50.0204 27960 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:21:50.0206 27960 PEAUTH - ok
22:21:50.0219 27960 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:21:50.0225 27960 PeerDistSvc - ok
22:21:50.0244 27960 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:21:50.0245 27960 PerfHost - ok
22:21:50.0259 27960 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:21:50.0265 27960 pla - ok
22:21:50.0271 27960 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:21:50.0276 27960 PlugPlay - ok
22:21:50.0279 27960 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:21:50.0280 27960 PNRPAutoReg - ok
22:21:50.0283 27960 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:21:50.0286 27960 PNRPsvc - ok
22:21:50.0292 27960 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:21:50.0294 27960 PolicyAgent - ok
22:21:50.0298 27960 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:21:50.0300 27960 Power - ok
22:21:50.0303 27960 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:21:50.0304 27960 PptpMiniport - ok
22:21:50.0306 27960 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
22:21:50.0307 27960 Processor - ok
22:21:50.0310 27960 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:21:50.0312 27960 ProfSvc - ok
22:21:50.0314 27960 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:21:50.0315 27960 ProtectedStorage - ok
22:21:50.0318 27960 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:21:50.0319 27960 Psched - ok
22:21:50.0332 27960 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:21:50.0338 27960 ql2300 - ok
22:21:50.0341 27960 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:21:50.0342 27960 ql40xx - ok
22:21:50.0346 27960 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:21:50.0348 27960 QWAVE - ok
22:21:50.0351 27960 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:21:50.0352 27960 QWAVEdrv - ok
22:21:50.0353 27960 RadioRage_4jService - ok
22:21:50.0356 27960 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:21:50.0356 27960 RasAcd - ok
22:21:50.0359 27960 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:21:50.0359 27960 RasAgileVpn - ok
22:21:50.0362 27960 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:21:50.0364 27960 RasAuto - ok
22:21:50.0367 27960 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:21:50.0368 27960 Rasl2tp - ok
22:21:50.0372 27960 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:21:50.0374 27960 RasMan - ok
22:21:50.0377 27960 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:21:50.0377 27960 RasPppoe - ok
22:21:50.0380 27960 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:21:50.0380 27960 RasSstp - ok
22:21:50.0386 27960 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:21:50.0387 27960 rdbss - ok
22:21:50.0389 27960 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:21:50.0389 27960 rdpbus - ok
22:21:50.0392 27960 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:21:50.0392 27960 RDPCDD - ok
22:21:50.0396 27960 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:21:50.0397 27960 RDPDR - ok
22:21:50.0399 27960 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:21:50.0400 27960 RDPENCDD - ok
22:21:50.0402 27960 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:21:50.0403 27960 RDPREFMP - ok
22:21:50.0407 27960 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:21:50.0408 27960 RDPWD - ok
22:21:50.0412 27960 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:21:50.0413 27960 rdyboost - ok
22:21:50.0416 27960 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:21:50.0417 27960 RemoteAccess - ok
22:21:50.0420 27960 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:21:50.0422 27960 RemoteRegistry - ok
22:21:50.0424 27960 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:21:50.0425 27960 RpcEptMapper - ok
22:21:50.0427 27960 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:21:50.0428 27960 RpcLocator - ok
22:21:50.0435 27960 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:21:50.0437 27960 RpcSs - ok
22:21:50.0440 27960 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:21:50.0440 27960 rspndr - ok
22:21:50.0442 27960 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:21:50.0443 27960 s3cap - ok
22:21:50.0445 27960 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:21:50.0446 27960 SamSs - ok
22:21:50.0448 27960 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:21:50.0449 27960 sbp2port - ok
22:21:50.0453 27960 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:21:50.0454 27960 SCardSvr - ok
22:21:50.0456 27960 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:21:50.0457 27960 scfilter - ok
22:21:50.0469 27960 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:21:50.0474 27960 Schedule - ok
22:21:50.0477 27960 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:21:50.0478 27960 SCPolicySvc - ok
22:21:50.0481 27960 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:21:50.0483 27960 SDRSVC - ok
22:21:50.0485 27960 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:21:50.0485 27960 secdrv - ok
22:21:50.0487 27960 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:21:50.0488 27960 seclogon - ok
22:21:50.0491 27960 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:21:50.0492 27960 SENS - ok
22:21:50.0494 27960 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:21:50.0495 27960 SensrSvc - ok
22:21:50.0498 27960 [ 255476B54C82A89416EFDF09FD62F107 ] Sentinel64 C:\Windows\System32\Drivers\Sentinel64.sys
22:21:50.0499 27960 Sentinel64 - ok
22:21:50.0505 27960 [ 1BA2C677C6146A8B3ADEA7B69D2EED56 ] SentinelKeysServer C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
22:21:50.0507 27960 SentinelKeysServer - ok
22:21:50.0520 27960 [ D1A2BA8BF092DDF18F3D3DB1D5AC7803 ] SentinelProtectionServer C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
22:21:50.0525 27960 SentinelProtectionServer - ok
22:21:50.0530 27960 [ E80B91AEC007711B1EEC9C83487754E2 ] SentinelSecurityRuntime C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
22:21:50.0531 27960 SentinelSecurityRuntime - ok
22:21:50.0534 27960 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
22:21:50.0534 27960 Serenum - ok
22:21:50.0537 27960 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
22:21:50.0537 27960 Serial - ok
22:21:50.0540 27960 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:21:50.0540 27960 sermouse - ok
22:21:50.0546 27960 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:21:50.0547 27960 SessionEnv - ok
22:21:50.0550 27960 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:21:50.0550 27960 sffdisk - ok
22:21:50.0552 27960 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:21:50.0553 27960 sffp_mmc - ok
22:21:50.0554 27960 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:21:50.0555 27960 sffp_sd - ok
22:21:50.0557 27960 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:21:50.0557 27960 sfloppy - ok
22:21:50.0562 27960 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:21:50.0564 27960 SharedAccess - ok
22:21:50.0571 27960 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:21:50.0573 27960 ShellHWDetection - ok
22:21:50.0575 27960 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:21:50.0576 27960 SiSRaid2 - ok
22:21:50.0578 27960 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:21:50.0579 27960 SiSRaid4 - ok
22:21:50.0582 27960 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:21:50.0583 27960 Smb - ok
22:21:50.0585 27960 [ 3DA591BBAB178A3152B8685DC43B20CD ] smbusp C:\Windows\system32\DRIVERS\intelsmb.sys
22:21:50.0586 27960 smbusp - ok
22:21:50.0590 27960 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:21:50.0591 27960 SNMPTRAP - ok
22:21:50.0593 27960 [ 2D5576C01C8A34AA614870E745FE8F19 ] SNTUSB64 C:\Windows\system32\DRIVERS\SNTUSB64.SYS
22:21:50.0593 27960 SNTUSB64 - ok
22:21:50.0595 27960 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:21:50.0596 27960 spldr - ok
22:21:50.0601 27960 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:21:50.0604 27960 Spooler - ok
22:21:50.0639 27960 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:21:50.0654 27960 sppsvc - ok
22:21:50.0656 27960 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:21:50.0658 27960 sppuinotify - ok
22:21:50.0662 27960 [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$SQLEXPRESS C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
22:21:50.0664 27960 SQLAgent$SQLEXPRESS - ok
22:21:50.0668 27960 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:21:50.0670 27960 SQLBrowser - ok
22:21:50.0674 27960 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:21:50.0675 27960 SQLWriter - ok
22:21:50.0684 27960 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS
22:21:50.0687 27960 SRTSP - ok
22:21:50.0689 27960 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
22:21:50.0690 27960 SRTSPX - ok
22:21:50.0697 27960 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:21:50.0700 27960 srv - ok
22:21:50.0705 27960 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:21:50.0707 27960 srv2 - ok
22:21:50.0710 27960 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:21:50.0711 27960 srvnet - ok
22:21:50.0715 27960 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:21:50.0716 27960 SSDPSRV - ok
22:21:50.0719 27960 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:21:50.0720 27960 SstpSvc - ok
22:21:50.0725 27960 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:21:50.0726 27960 Stereo Service - ok
22:21:50.0729 27960 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:21:50.0729 27960 stexstor - ok
22:21:50.0737 27960 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:21:50.0740 27960 stisvc - ok
22:21:50.0742 27960 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:21:50.0743 27960 storflt - ok
22:21:50.0745 27960 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
22:21:50.0746 27960 StorSvc - ok
22:21:50.0748 27960 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:21:50.0749 27960 storvsc - ok
22:21:50.0751 27960 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:21:50.0751 27960 swenum - ok
22:21:50.0758 27960 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:21:50.0761 27960 swprv - ok
22:21:50.0766 27960 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS
22:21:50.0768 27960 SymDS - ok
22:21:50.0778 27960 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS
22:21:50.0782 27960 SymEFA - ok
22:21:50.0786 27960 [ 894579207E39C465737E850A252CE4F2 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:21:50.0787 27960 SymEvent - ok
22:21:50.0790 27960 [ B681D1B0F9596684225DCC9B94C6BACF ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
22:21:50.0790 27960 SymIM - ok
22:21:50.0794 27960 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS
22:21:50.0795 27960 SymIRON - ok
22:21:50.0800 27960 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS
22:21:50.0802 27960 SymNetS - ok
22:21:50.0818 27960 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:21:50.0826 27960 SysMain - ok
22:21:50.0829 27960 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:21:50.0830 27960 TabletInputService - ok
22:21:50.0835 27960 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:21:50.0837 27960 TapiSrv - ok
22:21:50.0839 27960 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:21:50.0840 27960 TBS - ok
22:21:50.0856 27960 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:21:50.0863 27960 Tcpip - ok
22:21:50.0879 27960 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:21:50.0886 27960 TCPIP6 - ok
22:21:50.0890 27960 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:21:50.0890 27960 tcpipreg - ok
22:21:50.0893 27960 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:21:50.0894 27960 TDPIPE - ok
22:21:50.0896 27960 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:21:50.0896 27960 TDTCP - ok
22:21:50.0899 27960 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:21:50.0900 27960 tdx - ok
22:21:50.0903 27960 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:21:50.0903 27960 TermDD - ok
22:21:50.0911 27960 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:21:50.0914 27960 TermService - ok
22:21:50.0917 27960 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:21:50.0918 27960 Themes - ok
22:21:50.0921 27960 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:21:50.0921 27960 THREADORDER - ok
22:21:50.0924 27960 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:21:50.0925 27960 TrkWks - ok
22:21:50.0928 27960 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:21:50.0930 27960 TrustedInstaller - ok
22:21:50.0933 27960 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:21:50.0933 27960 tssecsrv - ok
22:21:50.0936 27960 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:21:50.0936 27960 TsUsbFlt - ok
22:21:50.0938 27960 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:21:50.0939 27960 TsUsbGD - ok
22:21:50.0942 27960 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:21:50.0943 27960 tunnel - ok
22:21:50.0945 27960 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:21:50.0946 27960 uagp35 - ok
22:21:50.0950 27960 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:21:50.0952 27960 udfs - ok
22:21:50.0956 27960 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:21:50.0957 27960 UI0Detect - ok
22:21:50.0960 27960 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:21:50.0960 27960 uliagpkx - ok
22:21:50.0962 27960 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:21:50.0963 27960 umbus - ok
22:21:50.0966 27960 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
22:21:50.0966 27960 UmPass - ok
22:21:50.0970 27960 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
22:21:50.0971 27960 UmRdpService - ok
22:21:50.0994 27960 [ E91F8AFBD7FB96C94B266579D6BFA77A ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:21:51.0004 27960 UNS - ok
22:21:51.0010 27960 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:21:51.0012 27960 upnphost - ok
22:21:51.0015 27960 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:21:51.0016 27960 usbccgp - ok
22:21:51.0018 27960 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:21:51.0019 27960 usbcir - ok
22:21:51.0022 27960 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:21:51.0023 27960 usbehci - ok
22:21:51.0027 27960 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:21:51.0029 27960 usbhub - ok
22:21:51.0031 27960 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:21:51.0032 27960 usbohci - ok
22:21:51.0034 27960 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
22:21:51.0034 27960 usbprint - ok
22:21:51.0036 27960 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:21:51.0037 27960 usbscan - ok
22:21:51.0040 27960 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:21:51.0040 27960 USBSTOR - ok
22:21:51.0042 27960 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:21:51.0043 27960 usbuhci - ok
22:21:51.0045 27960 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:21:51.0046 27960 UxSms - ok
22:21:51.0048 27960 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:21:51.0049 27960 VaultSvc - ok
22:21:51.0051 27960 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:21:51.0052 27960 vdrvroot - ok
22:21:51.0058 27960 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:21:51.0061 27960 vds - ok
22:21:51.0063 27960 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:21:51.0063 27960 vga - ok
22:21:51.0066 27960 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:21:51.0066 27960 VgaSave - ok
22:21:51.0070 27960 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:21:51.0071 27960 vhdmp - ok
22:21:51.0073 27960 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:21:51.0074 27960 viaide - ok
22:21:51.0076 27960 [ 00A204BE7084B214605DB4D433C9A7E2 ] Viewpoint Service C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
22:21:51.0076 27960 Viewpoint Service - ok
22:21:51.0080 27960 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:21:51.0081 27960 vmbus - ok
22:21:51.0083 27960 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:21:51.0084 27960 VMBusHID - ok
22:21:51.0086 27960 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:21:51.0087 27960 volmgr - ok
22:21:51.0092 27960 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:21:51.0093 27960 volmgrx - ok
22:21:51.0098 27960 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:21:51.0100 27960 volsnap - ok
22:21:51.0103 27960 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:21:51.0104 27960 vsmraid - ok
22:21:51.0119 27960 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:21:51.0126 27960 VSS - ok
22:21:51.0128 27960 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:21:51.0129 27960 vwifibus - ok
22:21:51.0134 27960 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:21:51.0137 27960 W32Time - ok
22:21:51.0140 27960 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:21:51.0141 27960 WacomPen - ok
22:21:51.0144 27960 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:21:51.0145 27960 WANARP - ok
22:21:51.0147 27960 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:21:51.0147 27960 Wanarpv6 - ok
22:21:51.0160 27960 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:21:51.0165 27960 WatAdminSvc - ok
22:21:51.0180 27960 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:21:51.0187 27960 wbengine - ok
22:21:51.0191 27960 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:21:51.0192 27960 WbioSrvc - ok
22:21:51.0197 27960 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:21:51.0200 27960 wcncsvc - ok
22:21:51.0202 27960 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:21:51.0203 27960 WcsPlugInService - ok
22:21:51.0205 27960 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
22:21:51.0206 27960 Wd - ok
22:21:51.0214 27960 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:21:51.0217 27960 Wdf01000 - ok
22:21:51.0219 27960 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:21:51.0221 27960 WdiServiceHost - ok
22:21:51.0223 27960 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:21:51.0224 27960 WdiSystemHost - ok
22:21:51.0228 27960 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:21:51.0229 27960 WebClient - ok
22:21:51.0234 27960 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:21:51.0236 27960 Wecsvc - ok
22:21:51.0239 27960 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:21:51.0240 27960 wercplsupport - ok
22:21:51.0243 27960 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:21:51.0244 27960 WerSvc - ok
22:21:51.0246 27960 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:21:51.0247 27960 WfpLwf - ok
22:21:51.0249 27960 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:21:51.0250 27960 WIMMount - ok
22:21:51.0252 27960 WinDefend - ok
22:21:51.0255 27960 WinHttpAutoProxySvc - ok
22:21:51.0262 27960 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:21:51.0264 27960 Winmgmt - ok
22:21:51.0283 27960 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:21:51.0291 27960 WinRM - ok
22:21:51.0296 27960 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:21:51.0296 27960 WinUsb - ok
22:21:51.0305 27960 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:21:51.0309 27960 Wlansvc - ok
22:21:51.0312 27960 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:21:51.0312 27960 wlcrasvc - ok
22:21:51.0333 27960 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:21:51.0341 27960 wlidsvc - ok
22:21:51.0344 27960 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:21:51.0344 27960 WmiAcpi - ok
22:21:51.0349 27960 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:21:51.0350 27960 wmiApSrv - ok
22:21:51.0352 27960 WMPNetworkSvc - ok
22:21:51.0355 27960 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:21:51.0356 27960 WPCSvc - ok
22:21:51.0358 27960 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:21:51.0360 27960 WPDBusEnum - ok
22:21:51.0362 27960 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:21:51.0363 27960 ws2ifsl - ok
22:21:51.0366 27960 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:21:51.0367 27960 wscsvc - ok
22:21:51.0369 27960 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
22:21:51.0370 27960 WSDPrintDevice - ok
22:21:51.0371 27960 WSearch - ok
22:21:51.0396 27960 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:21:51.0406 27960 wuauserv - ok
22:21:51.0411 27960 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:21:51.0411 27960 WudfPf - ok
22:21:51.0415 27960 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:21:51.0416 27960 WUDFRd - ok
22:21:51.0419 27960 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:21:51.0420 27960 wudfsvc - ok
22:21:51.0424 27960 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:21:51.0426 27960 WwanSvc - ok
22:21:51.0428 27960 ================ Scan global ===============================
22:21:51.0429 27960 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:21:51.0433 27960 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:21:51.0438 27960 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:21:51.0441 27960 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:21:51.0447 27960 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:21:51.0449 27960 [Global] - ok
22:21:51.0449 27960 ================ Scan MBR ==================================
22:21:51.0450 27960 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:21:51.0450 27960 Suspicious mbr (Forged): \Device\Harddisk0\DR0
22:21:51.0451 27960 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
22:21:51.0451 27960 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
22:21:51.0468 27960 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:21:51.0468 27960 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:21:51.0472 27960 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
22:21:52.0879 27960 \Device\Harddisk1\DR1 - ok
22:21:52.0879 27960 ================ Scan VBR ==================================
22:21:52.0881 27960 [ A6D6530827155CD0512AF38AB95D03CE ] \Device\Harddisk0\DR0\Partition1
22:21:52.0882 27960 \Device\Harddisk0\DR0\Partition1 - ok
22:21:52.0884 27960 [ B99C5CA53E99CA798BD74162765D3167 ] \Device\Harddisk0\DR0\Partition2
22:21:52.0885 27960 \Device\Harddisk0\DR0\Partition2 - ok
22:21:52.0887 27960 [ 000B14531D0345D6EE74DE0A6CF2123E ] \Device\Harddisk1\DR1\Partition1
22:21:52.0888 27960 \Device\Harddisk1\DR1\Partition1 - ok
22:21:52.0888 27960 ============================================================
22:21:52.0888 27960 Scan finished
22:21:52.0888 27960 ============================================================
22:21:52.0894 27940 Detected object count: 2
22:21:52.0894 27940 Actual detected object count: 2
22:22:15.0950 27940 \Device\Harddisk0\DR0\# - copied to quarantine
22:22:15.0951 27940 \Device\Harddisk0\DR0 - copied to quarantine
22:22:15.0975 27940 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:22:15.0977 27940 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:22:15.0988 27940 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:22:15.0993 27940 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:22:15.0994 27940 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
22:22:15.0995 27940 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:22:15.0997 27940 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:22:15.0998 27940 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:22:16.0001 27940 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:22:16.0002 27940 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:22:16.0003 27940 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
22:22:16.0004 27940 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
22:22:16.0006 27940 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
22:22:16.0007 27940 \Device\Harddisk0\DR0 - ok
22:22:16.0012 27940 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
22:22:16.0012 27940 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:22:16.0012 27940 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:22:20.0747 28548 Deinitialize success



22:23:45.0955 4736 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:23:46.0413 4736 ============================================================
22:23:46.0413 4736 Current date / time: 2012/11/30 22:23:46.0413
22:23:46.0413 4736 SystemInfo:
22:23:46.0413 4736
22:23:46.0413 4736 OS Version: 6.1.7601 ServicePack: 1.0
22:23:46.0413 4736 Product type: Workstation
22:23:46.0413 4736 ComputerName: TIM3-PC
22:23:46.0413 4736 UserName: TIM3
22:23:46.0413 4736 Windows directory: C:\Windows
22:23:46.0413 4736 System windows directory: C:\Windows
22:23:46.0413 4736 Running under WOW64
22:23:46.0413 4736 Processor architecture: Intel x64
22:23:46.0413 4736 Number of processors: 8
22:23:46.0413 4736 Page size: 0x1000
22:23:46.0413 4736 Boot type: Normal boot
22:23:46.0413 4736 ============================================================
22:23:46.0811 4736 BG loaded
22:23:46.0942 4736 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:23:46.0944 4736 Drive \Device\Harddisk1\DR1 - Size: 0x1E2A00000 (7.54 Gb), SectorSize: 0x200, Cylinders: 0x3D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:23:46.0946 4736 ============================================================
22:23:46.0946 4736 \Device\Harddisk0\DR0:
22:23:46.0946 4736 MBR partitions:
22:23:46.0946 4736 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:23:46.0946 4736 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
22:23:46.0946 4736 \Device\Harddisk1\DR1:
22:23:46.0947 4736 MBR partitions:
22:23:46.0947 4736 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x1778, BlocksNum 0xF13888
22:23:46.0947 4736 ============================================================
22:23:46.0950 4736 C: <-> \Device\Harddisk0\DR0\Partition2
22:23:46.0950 4736 ============================================================
22:23:46.0950 4736 Initialize success
22:23:46.0950 4736 ============================================================

#8 thoeing

thoeing
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 30 November 2012 - 10:46 PM

Here is the Norton History if it helps.

Category: Scan Results
Date & Time,Risk,Activity,Status,Scan Time (d:h:m:s),Total items scanned,Files & Directories,Registry Entries,Processes & Start-Up Items,Network & Browser Items,Other,Trusted Files,Skipped Files,Total Security Risks Detected,Total Security Risks Resolved,Total Security Risks Requiring Attention
2012-11-30 12:59:56,Info,Quick Scan results,Completed,0:00:00:43,"15,829","3,962",550,"7,522","3,791",4,"1,275",0,0,0,0
2012-11-30 3:07:04,Info,Quick Scan results,Completed,0:00:00:42,"14,142","3,770",550,"6,029","3,789",4,"1,263",0,0,0,0
2012-11-29 19:01:04,Info,Quick Scan results,Completed,0:00:00:42,"14,348","3,714",550,"6,296","3,784",4,"1,220",0,0,0,0
2012-11-29 12:36:43,Info,Quick Scan results,Completed,0:00:00:41,"15,837","3,833",541,"7,683","3,776",4,"1,303",0,0,0,0
2012-11-29 2:28:24,Info,Quick Scan results,Completed,0:00:00:40,"13,515","3,503",541,"5,693","3,774",4,"1,252",0,0,0,0
2012-11-28 18:55:11,Info,Quick Scan results,Completed,0:00:00:40,"15,024","3,817",541,"6,896","3,766",4,"1,289",0,0,0,0
2012-11-28 13:17:25,Info,Quick Scan results,Completed,0:00:00:40,"14,535","3,783",537,"6,441","3,770",4,"1,262",0,0,0,0
2012-11-28 2:56:34,Info,Quick Scan results,Completed,0:00:00:40,"12,696","3,377",537,"5,018","3,760",4,"1,138",0,0,0,0
2012-11-27 21:53:58,Info,Quick Scan results,Completed,0:00:00:35,"12,626","3,364",537,"4,961","3,760",4,"1,125",0,0,0,0
2012-11-27 17:38:33,Info,Quick Scan results,Completed,0:00:00:39,"13,631","3,811",538,"5,526","3,752",4,"1,283",0,0,0,0
2012-11-27 6:44:36,Info,Quick Scan results,Completed,0:00:00:37,"13,353","3,714",538,"5,355","3,742",4,"1,207",0,0,0,0
2012-11-26 19:19:10,Info,Quick Scan results,Completed,0:00:00:35,"13,433","3,720",538,"5,429","3,742",4,"1,213",0,0,0,0
2012-11-26 12:21:01,Info,Quick Scan results,Completed,0:00:00:38,"14,242","3,665",538,"6,300","3,735",4,"1,179",0,0,0,0
2012-11-25 20:44:35,Info,Quick Scan results,Completed,0:00:00:38,"13,862","3,716",537,"5,882","3,723",4,"1,232",0,0,0,0
2012-11-24 19:10:37,Info,Quick Scan results,Completed,0:00:00:37,"12,749","3,445",538,"5,043","3,719",4,"1,193",0,0,0,0
2012-11-24 1:09:06,Info,Quick Scan results,Completed,0:00:00:37,"12,751","3,446",538,"5,044","3,719",4,"1,194",0,0,0,0


Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename
2012-11-30 22:25:48,High,tsk0008.dta (Trojan.Malcol) detected by Auto-Protect,Quarantined,Resolved - No Action Required,c:\tdsskiller_quarantine\30.11.2012_22.21.26\mbr0000\tdlfs0000\tsk0008.dta
2012-11-30 22:22:22,High,tsk0000.dta (Trojan.Gen.2) detected by Auto-Protect,Blocked,Resolved - No Action Required,
2012-11-29 13:48:50,High,hsvrfofvs.dll (hsvrfofvs.dll) detected by SONAR,Quarantined,Resolved - No Action Required,c:\users\tim3\appdata\local\adobe\3dconnexion_inc\hsvrfofvs.dll


Category: Unresolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename
2012-11-30 22:25:50,High,tsk0007.dta (Backdoor.Tidserv) detected by Auto-Protect,Restart Required,You must restart your computer.,c:\tdsskiller_quarantine\30.11.2012_22.21.26\mbr0000\tdlfs0000\tsk0007.dta


Category: Quarantine
Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename
2012-11-30 22:25:48,High,tsk0008.dta (Trojan.Malcol) detected by Auto-Protect,Quarantined,Resolved - No Action Required,c:\tdsskiller_quarantine\30.11.2012_22.21.26\mbr0000\tdlfs0000\tsk0008.dta
2012-11-29 13:48:50,High,hsvrfofvs.dll (hsvrfofvs.dll) detected by SONAR,Quarantined,Resolved - No Action Required,c:\users\tim3\appdata\local\adobe\3dconnexion_inc\hsvrfofvs.dll


Category: SONAR Activity
Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename
2012-11-29 13:48:50,High,hsvrfofvs.dll (hsvrfofvs.dll) detected by SONAR,Quarantined,Resolved - No Action Required,c:\users\tim3\appdata\local\adobe\3dconnexion_inc\hsvrfofvs.dll


Category: Firewall - Network and Connections
Date & Time,Risk,Activity,Status,Recommended Action,Gateway IP Address,Subnet Identifier,Gateway Physical Address,Category
2012-11-30 22:23:27,Info,Connected to a protected network. (::0),Protected,No Action Required,::0,,,
2012-11-30 22:23:27,Info,Connected to a protected network. (127.0.0.0/255.0.0.0),Protected,No Action Required,,127.0.0.0/255.0.0.0,,
2012-11-30 22:23:27,Info,Connected to a shared network. (00 0F B5 3B 66 61),Shared,No Action Required,,,00 0F B5 3B 66 61,
2012-11-30 22:23:09,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::43e:1a7f:3f57:fffd%14).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 22:23:09,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::9d38:953c:43e:1a7f:3f57:fffd).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 22:23:09,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::2095:2502:3f57:fffd%14).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 22:23:09,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::9d38:6ab8:2095:2502:3f57:fffd).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 22:22:54,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::2095:2502:3f57:fffd%14).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 22:22:54,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::9d38:6ab8:2095:2502:3f57:fffd).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 22:22:48,Info,"Protecting your connection to a newly detected network on adapter \"Intel® 82579V Gigabit Network Connection\" (IP address: fe80::d926:7e3c:d026:80f2%11).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 22:22:48,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: ::1).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 22:22:48,Info,"Protecting your connection to a newly detected network on adapter \"Intel® 82579V Gigabit Network Connection\" (IP address: 192.168.0.2).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 22:22:48,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: 127.0.0.1).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 22:13:54,Info,Connected to a shared network. (00 0F B5 3B 66 61),Shared,No Action Required,,,00 0F B5 3B 66 61,
2012-11-30 22:13:54,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::1c9a:4e5:3f57:fffd%14).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 22:13:54,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::9d38:953c:1c9a:4e5:3f57:fffd).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 22:09:30,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::1c5f:2b87:3f57:fffd%14).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 22:09:30,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::9d38:953c:1c5f:2b87:3f57:fffd).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 22:09:18,Info,Connected to a shared network. (192.168.0.0/255.255.255.0),Shared,No Action Required,,192.168.0.0/255.255.255.0,,
2012-11-30 22:09:15,Info,Connected to a protected network. (192.168.0.0/255.255.255.0),Protected,No Action Required,,192.168.0.0/255.255.255.0,,
2012-11-30 21:33:38,Info,Connected to a protected network. (::0),Protected,No Action Required,::0,,,
2012-11-30 21:33:38,Info,Connected to a protected network. (127.0.0.0/255.0.0.0),Protected,No Action Required,,127.0.0.0/255.0.0.0,,
2012-11-30 21:33:38,Info,Connected to a shared network. (00 0F B5 3B 66 61),Shared,No Action Required,,,00 0F B5 3B 66 61,
2012-11-30 21:33:12,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::1c5f:2b87:3f57:fffd%14).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 21:33:12,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::9d38:953c:1c5f:2b87:3f57:fffd).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 21:33:12,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::878:29ad:3f57:fffd%14).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 21:33:12,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::9d38:6ab8:878:29ad:3f57:fffd).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 21:33:07,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::878:29ad:3f57:fffd%14).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 21:33:07,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::9d38:6ab8:878:29ad:3f57:fffd).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 21:33:02,Info,"Protecting your connection to a newly detected network on adapter \"Intel® 82579V Gigabit Network Connection\" (IP address: fe80::d926:7e3c:d026:80f2%11).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 21:33:02,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: ::1).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 21:33:02,Info,"Protecting your connection to a newly detected network on adapter \"Intel® 82579V Gigabit Network Connection\" (IP address: 192.168.0.2).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 21:33:02,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: 127.0.0.1).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 20:18:07,Info,Connected to a protected network. (::0),Protected,No Action Required,::0,,,
2012-11-30 20:18:07,Info,Connected to a protected network. (127.0.0.0/255.0.0.0),Protected,No Action Required,,127.0.0.0/255.0.0.0,,
2012-11-30 20:18:07,Info,Connected to a shared network. (00 0F B5 3B 66 61),Shared,No Action Required,,,00 0F B5 3B 66 61,
2012-11-30 20:17:38,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::38d6:290:3f57:fffd%14).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 20:17:38,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::9d38:953c:38d6:290:3f57:fffd).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 20:17:38,Info,"IP address has disappeared from adapter Intel® 82579V Gigabit Network Connection and is no longer being protected (IP address: 169.254.128.242).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 20:17:32,Info,"Protecting your connection to a newly detected network on adapter \"Intel® 82579V Gigabit Network Connection\" (IP address: 169.254.128.242).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 20:17:32,Info,"Protecting your connection to a newly detected network on adapter \"Intel® 82579V Gigabit Network Connection\" (IP address: 192.168.0.2).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 20:17:26,Info,"Protecting your connection to a newly detected network on adapter \"Intel® 82579V Gigabit Network Connection\" (IP address: fe80::d926:7e3c:d026:80f2%11).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 20:17:26,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: ::1).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 20:17:26,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: 127.0.0.1).",Detected,No Action Required,,,,Firewall - Network and Connections
2012-11-30 20:11:18,Info,Connected to a protected network. (::0),Protected,No Action Required,::0,,,
2012-11-30 20:11:18,Info,Connected to a protected network. (127.0.0.0/255.0.0.0),Protected,No Action Required,,127.0.0.0/255.0.0.0,,
2012-11-30 20:11:18,Info,Connected to a shared network. (00 0F B5 3B 66 61),Shared,No Action Required,,,00 0F B5 3B 66 61,


Category: Firewall - Activities
Date & Time,Risk,Activity,Status,Recommended Action,Program Name,Program Path,Default Action,Action Taken,Local Computer,Traffic Description,Category
2012-11-30 22:23:46,Info,You allowed TDSS rootkit removing tool to access your network resources.,Allowed,No Action Required,TDSS rootkit removing tool,C:\Users\TIM3\AppData\Local\Temp\C2CB9712-B28B-4885-A9C5-7774FBAF1C7C.exe,No Action Required,Allow,"TIM3-PC (192.168.0.2), 49172","Outbound TCP, www-http",
2012-11-30 22:23:24,Info,Firewall configuration updated: 163 rules.,Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 22:23:24,Info,User logged in. ,Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 22:23:24,Info,"Firewall setting \"AlertThreadEnable\" changed.",Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 22:22:55,Info,Firewall rules were automatically created for Local Security Authority Process.,Protected,No Action Required,Local Security Authority Process,C:\Windows\System32\lsass.exe,No Action Required,Automatically create rules,"::0, 49164","Inbound TCP, Port 49164",
2012-11-30 22:22:42,Info,Firewall configuration updated: 163 rules.,Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 22:22:42,Info,Firewall has been enabled. ,Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 22:22:21,Info,No user is logged in. ,Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 22:21:26,Info,Firewall configuration updated: 163 rules.,Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 22:21:25,Info,Firewall rules were automatically created for TDSS rootkit removing tool.,Protected,No Action Required,TDSS rootkit removing tool,C:\Users\TIM3\Desktop\TDSSKiller.exe,No Action Required,Automatically create rules,"TIM3-PC (192.168.0.2), 50622","Outbound TCP, www-http",
2012-11-30 22:17:09,Info,"Firewall setting \"Firewall Enable\" changed.",Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 22:17:09,Info,Firewall has been enabled. ,Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 22:05:08,Info,"Firewall setting \"Firewall Enable\" changed.",Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 22:05:08,Info,Firewall has been disabled. ,Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 21:33:53,Info,User logged in. ,Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 21:33:35,Info,"Firewall setting \"AlertThreadEnable\" changed.",Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 21:32:56,Info,Firewall configuration updated: 161 rules.,Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 21:32:56,Info,Firewall has been enabled. ,Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 21:30:08,Info,No user is logged in. ,Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 20:18:05,Info,Firewall configuration updated: 161 rules.,Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 20:18:04,Info,User logged in. ,Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 20:18:04,Info,"Firewall setting \"AlertThreadEnable\" changed.",Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 20:17:33,Info,Firewall rules were automatically created for Local Security Authority Process.,Protected,No Action Required,Local Security Authority Process,C:\Windows\System32\lsass.exe,No Action Required,Automatically create rules,"0.0.0.0, 49171","Inbound TCP, Port 49171",
2012-11-30 20:17:20,Info,Firewall configuration updated: 161 rules.,Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 20:17:20,Info,Firewall has been enabled. ,Detected,No Action Required,,,,,,,Firewall - Activities
2012-11-30 20:11:15,Info,Firewall configuration updated: 161 rules.,Detected,No Action Required,,,,,,,Firewall - Activities


Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,Category,Default Action,Action Taken,IPS Alert Name,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2012-11-30 22:23:24,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 22:23:24,Info,Intrusion Prevention is monitoring 2457 signatures. Driver version: 11.1.1.5,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 22:23:24,Info,Intrusion Prevention Engine version: 5.1.1.7 Definitions Set version: 20121129.001,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 22:17:24,Info,Intrusion Prevention Engine version: 5.1.1.7 Definitions Set version: 20121129.001,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 22:17:24,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 22:17:24,Info,Intrusion Prevention is monitoring 2457 signatures. Driver version: 11.1.1.5,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 22:17:11,Info,Browser Protection for FireFox has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 22:17:11,Info,Browser Protection for Internet Explorer has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 22:17:09,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 22:08:46,Info,Intrusion Prevention Engine version: 5.1.1.7 Definitions Set version: 20121129.001,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 22:08:46,Info,Intrusion Prevention has been disabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 22:08:46,Info,Intrusion Prevention is monitoring 2457 signatures. Driver version: 11.1.1.5,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 22:08:42,Info,Browser Protection for FireFox has been disabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 22:08:42,Info,Browser Protection for Internet Explorer has been disabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 22:08:31,Info,Intrusion Prevention has been disabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 21:33:35,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 21:33:35,Info,Intrusion Prevention is monitoring 2457 signatures. Driver version: 11.1.1.5,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 21:33:35,Info,Intrusion Prevention Engine version: 5.1.1.7 Definitions Set version: 20121129.001,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 21:09:33,High,An intrusion attempt by TIM3-PC was blocked.,Blocked,No Action Required,,No Action Required,No Action Required,Fake App Attack: Fake Scan Webpage 3,"TIM3-PC (192.168.0.2, 62497)","stalkersganes4gbetas.net/?q=MTIzODA0MkChqpF6IGW/AEdpZmNWc3RkTFpIZ1RWUE5ycHVocUVFYlAAYzU0MjVjNjU0YmE5ZjQxMGIzN2I2MDQ4MGFiNzYxNmUyODMxZDNlNmIzMTM1NTQyODUyYjcwM2U3MjBlMmM0MDBhZjdkZGQzNTJjZjcyOTcAWkJNb2RyRGxWZXJDd05mZlQxMzU0MzI3NTU0ZWVtSXBYSWhXWDc=","78.140.135.209, 80",192.168.0.2 (192.168.0.2),"TCP, Port 62497"
2012-11-30 20:18:04,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 20:18:04,Info,Intrusion Prevention is monitoring 2457 signatures. Driver version: 11.1.1.5,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 20:18:04,Info,Intrusion Prevention Engine version: 5.1.1.7 Definitions Set version: 20121129.001,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 20:11:15,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 20:11:15,Info,Intrusion Prevention is monitoring 2457 signatures. Driver version: 11.1.1.5,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
2012-11-30 20:11:15,Info,Intrusion Prevention Engine version: 5.1.1.7 Definitions Set version: 20121129.001,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,


Category: AntiSpam
Date & Time,Risk,Activity,Status,Recommended Action
2012-11-30 22:17:10,Info,AntiSpam turned on.,Detected,No action required
2012-11-30 22:08:35,Info,AntiSpam turned off.,Detected,No action required


Category: Norton Product Tamper Protection
Date & Time,Risk,Activity,Status,Recommended Action,Date,Actor,Actor PID,Target,Target PID,Action,Reaction,Terminal Session
2012-11-30 22:28:24,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:28:24,C:\WINDOWS\SYSTEM32\CONHOST.EXE,2088,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\cltlmh.exe,5948,Access Process Data,Unauthorized access blocked,
2012-11-30 22:24:07,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:24:07,C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ARM\1.0\ADOBEARM.EXE,5092,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,3836,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:14:46,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:14:46,C:\COMBOFIX\PEV.3XE,27532,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:14:46,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:14:46,C:\COMBOFIX\PEV.3XE,27512,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:14:43,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:14:43,C:\COMBOFIX\PEV.3XE,26836,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:14:43,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:14:43,C:\COMBOFIX\PEV.3XE,26792,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:14:11,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:14:11,C:\COMBOFIX\PEV.EXE,25948,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:13:48,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:13:48,C:\COMBOFIX\PEV.3XE,23424,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:13:48,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:13:48,C:\COMBOFIX\PEV.3XE,23384,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:13:47,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:13:47,C:\COMBOFIX\PEV.3XE,23280,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:13:47,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:13:47,C:\COMBOFIX\PEV.3XE,23232,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:13:47,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:13:47,C:\COMBOFIX\PEV.3XE,23196,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:13:39,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:13:39,C:\COMBOFIX\PEV.3XE,22108,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:13:30,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:13:30,C:\COMBOFIX\PEV.3XE,8508,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:13:30,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:13:30,C:\COMBOFIX\PEV.3XE,21412,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:13:29,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:13:29,C:\COMBOFIX\PEV.3XE,21372,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:12:31,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:12:31,C:\COMBOFIX\PEV.3XE,19236,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:12:30,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:12:30,C:\COMBOFIX\PEV.3XE,19084,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:12:14,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:12:14,C:\COMBOFIX\PEV.EXE,18744,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:12:13,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:12:13,C:\COMBOFIX\PEV.EXE,18744,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:12:12,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:12:12,C:\COMBOFIX\PEV.EXE,18744,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:12:11,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:12:11,C:\COMBOFIX\PEV.EXE,18744,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:12:10,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:12:10,C:\COMBOFIX\PEV.EXE,18744,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:12:09,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:12:09,C:\COMBOFIX\PEV.EXE,18744,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:12:02,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:12:02,C:\COMBOFIX\PEV.EXE,19056,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:11:29,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:11:29,C:\COMBOFIX\PEV.3XE,13516,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:11:29,Medium,Unauthorized access blocked (Set Registry Security Key),Blocked,No Action Required,2012-11-30 22:11:29,C:\COMBOFIX\SWREG.3XE,13392,"HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\",0,Set Registry Security Key,Unauthorized access blocked,1
2012-11-30 22:11:27,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:11:27,C:\COMBOFIX\PEV.3XE,13492,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:11:24,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:11:24,C:\COMBOFIX\PEV.3XE,13380,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:11:24,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:11:24,C:\COMBOFIX\PEV.3XE,13336,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:11:24,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:11:24,C:\COMBOFIX\PEV.3XE,12984,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:11:22,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:11:22,C:\COMBOFIX\PEV.3XE,11772,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:11:22,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:11:22,C:\COMBOFIX\PEV.3XE,5100,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:11:21,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:11:21,C:\COMBOFIX\PEV.3XE,12776,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:11:20,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:11:20,C:\COMBOFIX\PEV.3XE,12776,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:11:19,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:11:19,C:\COMBOFIX\PEV.3XE,12776,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:11:18,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:11:18,C:\COMBOFIX\PEV.3XE,12776,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:11:18,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:11:18,C:\COMBOFIX\PEV.3XE,12392,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:11:18,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:11:18,C:\COMBOFIX\PEV.3XE,13076,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:11:11,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:11:11,C:\COMBOFIX\PEV.3XE,13068,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:11:11,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:11:11,C:\COMBOFIX\PEV.3XE,12920,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:11:11,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:11:11,C:\COMBOFIX\PEV.3XE,12768,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:11:11,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:11:11,C:\COMBOFIX\PEV.3XE,12716,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:11:11,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:11:11,C:\COMBOFIX\PEV.3XE,12676,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:11:09,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:11:09,C:\COMBOFIX\PEV.3XE,13148,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:11:07,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:11:07,C:\COMBOFIX\PEV.3XE,12720,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:56,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:56,C:\COMBOFIX\PEV.3XE,11712,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:56,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:56,C:\COMBOFIX\PEV.3XE,11452,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:55,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:55,C:\COMBOFIX\PEV.3XE,12124,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:54,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:54,C:\COMBOFIX\PEV.3XE,11988,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:54,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:54,C:\COMBOFIX\PEV.3XE,11704,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:53,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:53,C:\COMBOFIX\PEV.3XE,3464,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:53,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:53,C:\COMBOFIX\PEV.3XE,11852,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:52,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:52,C:\COMBOFIX\PEV.3XE,12148,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:51,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:51,C:\COMBOFIX\PEV.3XE,11732,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:51,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:51,C:\COMBOFIX\PEV.3XE,11584,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:50,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:50,C:\COMBOFIX\PEV.3XE,2268,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:50,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:50,C:\COMBOFIX\PEV.3XE,8992,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:50,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:50,C:\COMBOFIX\PEV.3XE,12004,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:50,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:50,C:\COMBOFIX\PEV.3XE,8984,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:49,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:49,C:\COMBOFIX\PEV.3XE,6296,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:49,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:49,C:\COMBOFIX\PEV.EXE,11920,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:48,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:48,C:\COMBOFIX\PEV.3XE,11880,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:44,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:44,C:\COMBOFIX\PEV.3XE,11420,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:43,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:43,C:\COMBOFIX\PEV.3XE,11320,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:41,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:41,C:\COMBOFIX\PEV.3XE,11980,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:38,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:38,C:\COMBOFIX\PEV.3XE,11460,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:37,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:37,C:\COMBOFIX\PEV.3XE,2256,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:34,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:34,C:\COMBOFIX\PEV.3XE,6652,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:10:25,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:10:25,C:\COMBOFIX\PEV.3XE,6676,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:09:57,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:09:57,C:\COMBOFIX\PEV.3XE,9776,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:09:56,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:09:56,C:\COMBOFIX\PEV.3XE,9776,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:09:55,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:09:55,C:\COMBOFIX\PEV.3XE,9776,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:09:45,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:09:45,C:\COMBOFIX\PEV.3XE,8484,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:09:37,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:09:37,C:\COMBOFIX\PEV.3XE,8684,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:09:37,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:09:37,C:\COMBOFIX\PEV.3XE,8520,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:09:37,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:09:37,C:\COMBOFIX\PEV.3XE,8488,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:09:36,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:09:36,C:\COMBOFIX\PEV.3XE,8324,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:09:35,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:09:35,C:\COMBOFIX\PEV.3XE,7180,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:09:34,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:09:34,C:\COMBOFIX\PEV.3XE,7180,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:09:33,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:09:33,C:\COMBOFIX\PEV.3XE,7180,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:09:29,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:09:29,C:\COMBOFIX\PEV.3XE,7380,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:09:12,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:09:12,C:\COMBOFIX\PEV.3XE,7480,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:09:12,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:09:12,C:\COMBOFIX\PEV.3XE,7388,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:09:12,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:09:12,C:\COMBOFIX\PEV.3XE,7324,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:09:12,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:09:12,C:\COMBOFIX\PEV.3XE,7276,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:08:58,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:08:58,C:\COMBOFIX\PEV.3XE,6776,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:08:57,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:08:57,C:\COMBOFIX\PEV.3XE,6644,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:08:51,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:08:51,C:\COMBOFIX\PEV.3XE,5612,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:08:51,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:08:51,C:\COMBOFIX\PEV.EXE,3700,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:08:51,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:08:51,C:\COMBOFIX\PEV.3XE,3932,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:08:50,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:08:50,C:\32788R22FWJFW\PEV.3XE,5936,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:08:49,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:08:49,C:\32788R22FWJFW\PEV.3XE,3576,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:08:49,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:08:49,C:\32788R22FWJFW\PEV.3XE,4932,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:07:34,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:07:34,C:\32788R22FWJFW\PEV.3XE,5688,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:07:15,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:07:15,C:\32788R22FWJFW\PEV.3XE,4460,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:07:11,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:07:11,C:\32788R22FWJFW\LICENSE\IEXPLORE.EXE,5248,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1
2012-11-30 22:07:10,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2012-11-30 22:07:10,C:\32788R22FWJFW\LICENSE\IEXPLORE.EXE,336,C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe,2180,Access Process Data,Unauthorized access blocked,1

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:16 AM

Posted 30 November 2012 - 10:51 PM

Norton is just objecting to the tools we use, that' why we ask you to disable security programs,

close out the windows and reboot the machine

see if you are able to run MBAR

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 thoeing

thoeing
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 30 November 2012 - 11:23 PM

I was not able to run MBAR - same message. Sorry about the Norton AV - I was only turning it off when you or the directions specificially told me to. Should I always completely disable it before running any "fixes"?

#11 thoeing

thoeing
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 30 November 2012 - 11:30 PM

CatByte,

I can't thank you enough for your help so far - so I won't try - I'll just donate. I'm going to have to call it an evening. I'll be back in the a.m.

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:16 AM

Posted 01 December 2012 - 08:11 AM

Please run the following:

  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    Posted Image
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    Posted Image
  • Next click on the ShortcutsFix
    Posted Image
  • another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 thoeing

thoeing
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 01 December 2012 - 10:13 AM

That got a little ugly. After I ran RK Windows wanted me to reboot to enable UAC. I obliged. After restart I was unable to connect to certain websites, this one included. I had a popup wanting me to udate java - I tried (hoping to regain access to this site) but the installer crashed. I am now on a different computer. Here are the log files.


RogueKiller V8.3.1 [Nov 29 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : TIM3 [Admin rights]
Mode : Scan -- Date : 12/01/2012 09:41:19

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: KINGSTON SH100S3120G ATA Device +++++
--- User ---
[MBR] 5485a9428392b9db52208be439336e72
[BSP] 8cb0d854cda15a18e92c0317854dd817 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: PNY USB 2.0 FD USB Device +++++
--- User ---
[MBR] 8501723c126743780449eb919226813d
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 6008 | Size: 7719 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_12012012_02d0941.txt >>
RKreport[1]_S_12012012_02d0941.txt



RogueKiller V8.3.1 [Nov 29 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : TIM3 [Admin rights]
Mode : Remove -- Date : 12/01/2012 09:41:53

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: KINGSTON SH100S3120G ATA Device +++++
--- User ---
[MBR] 5485a9428392b9db52208be439336e72
[BSP] 8cb0d854cda15a18e92c0317854dd817 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: PNY USB 2.0 FD USB Device +++++
--- User ---
[MBR] 8501723c126743780449eb919226813d
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 6008 | Size: 7719 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_12012012_02d0941.txt >>
RKreport[1]_S_12012012_02d0941.txt ; RKreport[2]_D_12012012_02d0941.txt



RogueKiller V8.3.1 [Nov 29 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : TIM3 [Admin rights]
Mode : Shortcuts HJfix -- Date : 12/01/2012 09:42:31

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 9 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 8 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 74 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 2 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 165 / Fail 186
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume3 -- 0x2 --> Restored

Finished : << RKreport[3]_SC_12012012_02d0942.txt >>
RKreport[1]_S_12012012_02d0941.txt ; RKreport[2]_D_12012012_02d0941.txt ; RKreport[3]_SC_12012012_02d0942.txt

#14 thoeing

thoeing
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 01 December 2012 - 10:39 AM

Shame on me for for allowing the uac to turn itself back on. I'm back on the original computer - web works as it should.

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:16 AM

Posted 01 December 2012 - 03:04 PM

were you able to update Java?

it does require updating, uninstall all the old Java via Programs and Features first

download Java version 7 update 9 from here

http://java.com/en/download/index.jsp

NEXT

Visit ADOBE and download the latest version of Acrobat Reader (version XI)
Having the latest updates ensures there are no security vulnerabilities in your system.


and does UAC not work properly on your machine? (maybe a reason why you could not run MBAR as an administrator on this machine?)

Are there any other outstanding issues?

Please run the following:

Please download Malwarebytes Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users