Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

catchme malware


  • This topic is locked This topic is locked
50 replies to this topic

#1 phil_50

phil_50

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 09 April 2013 - 09:15 AM

Hello, Can only operate in safe mode.  If I try normal mode it takes over an hour to boot using restore disk after multiple tries.  Computer was going to sleep randomly after less than 5 or 10 minutes and could not wake up without a reboot with the above procedure.  Thanks.
 
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 10.15.2
Run by Phil at 10:02:00 on 2013-04-09
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3071.2137 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.mc1630.mail.yahoo.com/mc/welcome?.gx=1&.tm=1364818337&.rand=cvu4koeopesui
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.3.0.36\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.3.0.36\ips\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.3.0.36\coieplg.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.3.0.36\coieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
StartupFolder: c:\users\phil\appdata\roaming\micros~1\windows\startm~1\programs\startup\americ~1.lnk - c:\ahdw\AHD3.EXE
StartupFolder: c:\users\phil\appdata\roaming\micros~1\windows\startm~1\programs\startup\E-MAIL~1.LNK -
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Dictionary - http://files.db3nf.com/scripts/ie.htm
IE: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - hxxp://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://liberty-ssl-vpn.lmig.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ssl.libertymutual.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{62CE607A-1353-4A2D-B5D5-4E4AE3B77005} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.43\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 SMR322;Symantec SMR Utility Service 3.2.2;c:\windows\system32\drivers\SMR322.SYS [2013-4-8 98392]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1403000.024\symds.sys [2013-2-27 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1403000.024\symefa.sys [2013-2-27 934488]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-5-24 501248]
R3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2008-3-26 136832]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\bashdefs\20130322.001\BHDrvx86.sys [2013-3-21 997464]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1403000.024\ccsetx86.sys [2013-2-27 134304]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2012-4-25 67960]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\ipsdefs\20130405.001\IDSvix86.sys [2013-4-6 386720]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1403000.024\ironx86.sys [2013-2-27 175264]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1403000.024\symtdiv.sys [2013-2-27 350368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2009-7-9 98984]
S2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files\fitbit connect\FitbitConnectService.exe [2013-2-25 1239584]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-12 21504]
S2 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2007-8-23 198240]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S2 N360;Norton 360;c:\program files\norton 360\engine\20.3.0.36\ccsvchst.exe [2013-2-27 144520]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]
S3 Ctxusbr;Citrix USB Redirection Driver;c:\windows\system32\drivers\ctxusbr.sys [2012-4-25 49712]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-1-18 106656]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-7-14 1443584]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
S3 Ser2rs;Radioshack USB to Serial Driver;c:\windows\system32\drivers\ser2rs.sys [2007-6-25 76288]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-04-08 16:38:53 -------- d-sh--w- C:\$RECYCLE.BIN
2013-04-08 16:32:44 98816 ----a-w- c:\windows\sed.exe
2013-04-08 16:32:44 256000 ----a-w- c:\windows\PEV.exe
2013-04-08 16:32:44 208896 ----a-w- c:\windows\MBR.exe
2013-04-08 16:15:10 98392 ----a-w- c:\windows\system32\drivers\SMR322.SYS
2013-04-08 16:15:10 20 ----a-w- c:\windows\system32\drivers\SMR322.dat
2013-04-07 17:04:54 -------- d-----w- c:\users\phil\appdata\local\temp(23)
2013-04-05 13:08:26 -------- d-----w- c:\programdata\FitbitConnect
2013-04-05 13:08:24 -------- d-----w- c:\program files\Fitbit Connect
2013-03-30 17:27:10 -------- d-----w- c:\users\phil\appdata\local\{137674B2-12FD-40B0-BA37-0A146BFD9C91}
2013-03-30 16:35:19 -------- d-----w- c:\users\phil\appdata\local\LogMeIn Rescue Applet
2013-03-21 19:21:56 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-21 18:25:54 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-03-21 18:24:44 -------- d-----w- c:\program files\iPod
2013-03-21 18:24:42 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-03-21 18:24:42 -------- d-----w- c:\program files\iTunes
.
==================== Find3M  ====================
.
2013-03-15 07:00:24 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-15 07:00:24 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-20 23:46:24 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-20 23:46:23 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-20 23:46:23 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-02 03:38:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-31 03:18:18 350368 ----a-w- c:\windows\system32\drivers\n360\1403000.024\symtdiv.sys
2013-01-31 03:18:18 338592 ----a-w- c:\windows\system32\drivers\n360\1403000.024\symnets.sys
2013-01-31 03:18:06 934488 ----a-w- c:\windows\system32\drivers\n360\1403000.024\symefa.sys
2013-01-29 01:45:18 602712 ----a-w- c:\windows\system32\drivers\n360\1403000.024\srtsp.sys
2013-01-29 01:45:18 32344 ----a-w- c:\windows\system32\drivers\n360\1403000.024\srtspx.sys
2013-01-22 02:15:32 367704 ----a-w- c:\windows\system32\drivers\n360\1403000.024\symds.sys
2013-01-16 23:07:40 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
.
============= FINISH: 10:02:14.13 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/5/2007 12:02:57 AM
System Uptime: 4/8/2013 9:26:09 AM (25 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Berkeley
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | CPU 1 | 2394/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 144.338 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.233 GiB free.
E: is FIXED (NTFS) - 298 GiB total, 297.925 GiB free.
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0024
Manufacturer: Microsoft
Name: isatap.westell.com
PNP Device ID: ROOT\*ISATAP\0024
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0067
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0067
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0070
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #4
PNP Device ID: ROOT\*ISATAP\0070
Service: tunnel
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: eHome Infrared Receiver (USBCIR)
Device ID: USB\VID_147A&PID_E018&MI_00\7&1D6DE509&0&0000
Manufacturer: Microsoft
Name: eHome Infrared Receiver (USBCIR)
PNP Device ID: USB\VID_147A&PID_E018&MI_00\7&1D6DE509&0&0000
Service: usbcir
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
==== System Restore Points ===================
.
RP1920: 2/23/2013 6:34:18 AM - Scheduled Checkpoint
RP1921: 2/24/2013 8:45:40 AM - Scheduled Checkpoint
RP1922: 2/25/2013 2:59:28 AM - Scheduled Checkpoint
RP1923: 2/26/2013 6:44:21 AM - Scheduled Checkpoint
RP1924: 2/27/2013 12:51:11 PM - Scheduled Checkpoint
RP1925: 2/28/2013 11:52:54 PM - Scheduled Checkpoint
RP1926: 3/2/2013 9:56:26 AM - Scheduled Checkpoint
RP1927: 3/3/2013 8:08:23 AM - Scheduled Checkpoint
RP1928: 3/6/2013 10:15:23 AM - Scheduled Checkpoint
RP1929: 3/7/2013 7:59:59 PM - Scheduled Checkpoint
RP1930: 3/8/2013 5:39:45 PM - Scheduled Checkpoint
RP1931: 3/10/2013 4:05:29 AM - Scheduled Checkpoint
RP1932: 3/10/2013 4:49:08 PM - Scheduled Checkpoint
RP1933: 3/12/2013 7:54:47 PM - Scheduled Checkpoint
RP1934: 3/15/2013 2:51:39 PM - Scheduled Checkpoint
RP1935: 3/16/2013 11:43:32 PM - Scheduled Checkpoint
RP1936: 3/18/2013 12:00:07 AM - Scheduled Checkpoint
RP1937: 3/18/2013 2:28:09 PM - Scheduled Checkpoint
RP1938: 3/19/2013 8:52:20 AM - Scheduled Checkpoint
RP1939: 3/21/2013 2:01:57 PM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP1940: 3/27/2013 5:39:50 PM - Scheduled Checkpoint
RP1941: 3/28/2013 4:26:18 PM - Scheduled Checkpoint
RP1942: 3/29/2013 2:27:01 PM - Windows Update
RP1943: 3/30/2013 6:39:53 PM - Scheduled Checkpoint
RP1944: 3/31/2013 11:06:31 AM - Scheduled Checkpoint
RP1945: 4/1/2013 9:11:27 AM - Scheduled Checkpoint
RP1946: 4/6/2013 2:17:36 PM - Scheduled Checkpoint
RP1947: 4/7/2013 6:50:40 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
100% Free Hearts 7.30
100% Free Spades 7.30
ABBYY FineReader 6.0 Sprint
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Flash Player 11 ActiveX
Adobe Reader 8.3.1
AltoMP3 Gold 5.20
Amazon Send to Kindle
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
ArcSoft Scan-n-Stitch Deluxe
Battlefield 2™
Battlefield 2: Special Forces
Bonjour
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Citrix XenApp Web Plugin
D3DX10
DeductionPro 2008
Dell V305
Download Manager 2.3.6
Driver Detective
EasyGPS 3.06
Enhanced Multimedia Keyboard Solution
ExpertGPS 3.53
Express Burn
Express Rip
File Uploader
Fitbit Connect
FoxTab Audio Converter
FrenchNow!
GameSpy Arcade
GearDrvs
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
H&R Block Deluxe + Efile + State 2009
H&R Block Deluxe + Efile + State 2010
H&R Block Deluxe + Efile + State 2011
H&R Block Deluxe + Efile + State 2012
H&R Block Massachusetts 2009
H&R Block Massachusetts 2010
H&R Block Massachusetts 2011
H&R Block Massachusetts 2012
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Picasso Media Center Add-In
HP Total Care Advisor
HP Update
HPAsset component for HP Active Support Library
iCloud
Intel® Network Connections Drivers
Intel® Viiv™ Software
iSEEK AnswerWorks English Runtime
iTunes
Java 7 Update 15
Java Auto Updater
Java™ 6 Update 29
Juniper Networks Host Checker
Juniper Networks Setup Client
Junk Mail filter update
Lexmark 730 Series
Liberty Mutual's Millennia Web Schedule
LightScribe 1.6.45.1
Logitech Harmony Remote Software 7
magicJack
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X Service Pack 2
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mobipocket Reader 6.2
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.0
My HP Games
Nikon Message Center
Nikon Transfer
Norton 360
Notepad++
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
OGA Notifier 2.0.0048.0
Online Plug-in
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
Project Reality 0856 Core
Project Reality 0856 Levels
PSSWCORE
PVSonyDll
Python 2.5
Quicken 2013
QuickTime
RadioShack USB to Serial Driver
Realtek High Definition Audio Driver
Recordpad
Remote Control USB Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
ScrewDrivers Client v4 with Citrix Web Client 11.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Segoe UI
Self-service Plug-in
Snapfish Picture Mover
Soft Data Fax Modem with SmartCP
Spelling Dictionaries Support For Adobe Reader 8
SugarSync Manager
Switch
TaxCut Massachusetts 2007
TaxCut Massachusetts 2008
TaxCut Premium + State + Efile 2008
TaxCut Premium + State 2007
TeamSpeak 2 RC2
TeamSpeak 3 Client
Texas Hold'em Poker (Trial version) 7.21
Texas Hold 'Em
TOPO!
Tune Tools for iPod Multimedia Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
WavePad Uninstall
WeatherBug Gadget
WILLPower v6
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Search Protection
Yahoo! Toolbar
Yontoo Layers Runtime (Drop Down Deals) 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
4/9/2013 9:57:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/9/2013 9:56:49 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.15.100 for the Network Card with network address 001D6053C2B1 has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
4/9/2013 9:27:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/9/2013 12:16:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
4/9/2013 10:01:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/8/2013 9:27:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_N360 ctxusbm eeCtrl IDSVix86 spldr SRTSPX SymIRON SYMTDIv Wanarpv6
4/8/2013 9:27:40 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2013 9:27:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/8/2013 9:27:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/8/2013 9:21:06 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2013 9:20:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccSet_N360 ctxusbm DfsC eeCtrl IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymIRON SYMTDIv tdx Wanarpv6 ws2ifsl
4/8/2013 9:20:53 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2013 9:20:53 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2013 9:20:53 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2013 9:20:53 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2013 9:20:53 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2013 9:20:53 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2013 9:20:53 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2013 9:20:53 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2013 9:20:53 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2013 9:20:53 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2013 9:20:53 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2013 9:20:53 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2013 9:20:53 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2013 9:20:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/8/2013 9:20:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/8/2013 12:38:19 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/7/2013 9:58:33 AM, Error: EventLog [6008] - The previous system shutdown at 3:23:39 AM on 4/7/2013 was unexpected.
4/7/2013 7:34:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
4/7/2013 7:33:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
4/7/2013 7:32:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
4/7/2013 7:31:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
4/7/2013 7:31:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TabletInputService service.
4/7/2013 7:30:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
4/7/2013 7:28:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hidserv service.
4/7/2013 7:28:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
4/7/2013 7:27:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EMDMgmt service.
4/7/2013 7:26:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dldtCATSCustConnectService service to connect.
4/7/2013 7:26:12 PM, Error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
4/7/2013 7:26:12 PM, Error: Service Control Manager [7000] - The dldtCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/7/2013 3:22:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
4/7/2013 3:22:44 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/7/2013 3:18:49 AM, Error: EventLog [6008] - The previous system shutdown at 10:41:10 PM on 4/6/2013 was unexpected.
4/7/2013 12:03:58 PM, Error: EventLog [6008] - The previous system shutdown at 10:46:18 AM on 4/7/2013 was unexpected.
4/7/2013 10:13:03 AM, Error: EventLog [6008] - The previous system shutdown at 10:00:27 AM on 4/7/2013 was unexpected.
4/7/2013 1:56:25 PM, Error: PlugPlayManager [11] - The device Root\LEGACY_SMR322\0000 disappeared from the system without first being prepared for removal.
4/7/2013 1:52:56 PM, Error: EventLog [6008] - The previous system shutdown at 1:51:05 PM on 4/7/2013 was unexpected.
4/7/2013 1:26:07 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
4/6/2013 9:13:15 PM, Error: EventLog [6008] - The previous system shutdown at 8:39:51 PM on 4/6/2013 was unexpected.
4/6/2013 7:30:00 PM, Error: EventLog [6008] - The previous system shutdown at 7:08:13 PM on 4/6/2013 was unexpected.
4/6/2013 7:08:13 PM, Error: EventLog [6008] - The previous system shutdown at 6:55:22 PM on 4/6/2013 was unexpected.
4/6/2013 6:50:03 PM, Error: EventLog [6008] - The previous system shutdown at 6:19:41 PM on 4/6/2013 was unexpected.
4/6/2013 11:04:21 AM, Error: EventLog [6008] - The previous system shutdown at 11:00:47 AM on 4/6/2013 was unexpected.
4/5/2013 8:52:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
4/5/2013 8:52:47 AM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/5/2013 8:50:21 AM, Error: EventLog [6008] - The previous system shutdown at 6:59:19 AM on 4/5/2013 was unexpected.
4/4/2013 9:04:20 AM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
.
==== End Of File ===========================

 
.

Edited by Oh My, 14 April 2013 - 01:41 PM.
Attach log posted


BC AdBot (Login to Remove)

 


#2 phil_50

phil_50
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 09 April 2013 - 07:38 PM

forgot to link http://www.bleepingcomputer.com/forums/t/491103/safe-mode-only/

 

also I have a combofix.txt if needed.



#3 phil_50

phil_50
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 12 April 2013 - 10:19 AM

ComboFix 13-04-08.02 - Phil 04/08/2013  12:33:47.1.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3071.2198 [GMT -4:00]
Running from: c:\users\Phil\Desktop\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-08 to 2013-04-08  )))))))))))))))))))))))))))))))
.
.
2013-04-08 16:15 . 2013-04-08 16:15 20 ----a-w- c:\windows\system32\drivers\SMR322.dat
2013-04-08 16:15 . 2013-04-08 16:15 98392 ----a-w- c:\windows\system32\drivers\SMR322.SYS
2013-04-07 16:30 . 2013-04-08 17:01 -------- d-----w- c:\users\Mike
2013-04-05 13:08 . 2013-04-05 13:08 -------- d-----w- c:\program files\Fitbit Connect
2013-03-21 19:21 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-21 18:25 . 2012-08-21 17:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-03-21 18:24 . 2013-03-21 18:24 -------- d-----w- c:\program files\iPod
2013-03-21 18:24 . 2013-03-21 18:25 -------- d-----w- c:\program files\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 07:00 . 2012-04-03 14:45 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-15 07:00 . 2011-05-31 16:15 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-20 23:46 . 2013-02-20 23:46 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-20 23:46 . 2013-01-19 20:47 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-20 23:46 . 2010-05-10 09:28 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-31 03:18 . 2013-02-27 16:11 350368 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symtdiv.sys
2013-01-31 03:18 . 2013-02-27 16:11 338592 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symnets.sys
2013-01-31 03:18 . 2013-02-27 16:11 934488 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symefa.sys
2013-01-29 01:45 . 2013-02-27 16:11 602712 ----a-w- c:\windows\system32\drivers\N360\1403000.024\srtsp.sys
2013-01-29 01:45 . 2013-02-27 16:11 32344 ----a-w- c:\windows\system32\drivers\N360\1403000.024\srtspx.sys
2013-01-22 02:15 . 2013-02-27 16:11 367704 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symds.sys
2013-01-16 23:07 . 2013-01-16 23:07 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-01-24 08:02 383328 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-01-24 08:02 383328 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2013-01-24 08:02 383328 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-01-24 08:02 383328 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2013-01-24 11184480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2013-02-25 3093024]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2012-07-27 380088]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2013-02-25 3093024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SMR322
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-29 10:29 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 07:02]
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-12 09:24]
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-12 09:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc1630.mail.yahoo.com/mc/welcome?.gx=1&.tm=1364818337&.rand=cvu4koeopesui
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &Dictionary - http://files.db3nf.com/scripts/ie.htm
IE: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-08 12:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
Ñ,LØXßÓGLØYß [35114048] 0x0050005C
Ñ,LØXßÓGLØYß [35114048] 0x0043003D
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-04-08  12:39:18
ComboFix-quarantined-files.txt  2013-04-08 16:39
ComboFix2.txt  2013-04-07 17:04
ComboFix3.txt  2013-04-07 16:49
ComboFix4.txt  2013-04-07 16:25
ComboFix5.txt  2013-04-08 16:32
.
Pre-Run: 154,340,126,720 bytes free
Post-Run: 154,924,748,800 bytes free
.
- - End Of File - - 5BAA0D826A2AA7A34E58738DE34E28E1
 



#4 phil_50

phil_50
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 12 April 2013 - 01:01 PM

I had also run unhide.exe to fix another issue.



#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 14 April 2013 - 09:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/491188 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 phil_50

phil_50
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 14 April 2013 - 11:22 AM

Window vista home premium 32 bit sp2, I only have an hp restore disc I made when I first bought the computer. I'm still running in safe mode because it took so long to boot up (multi tries with boot disk) I don't dare shut it down.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 10.15.2
Run by Phil at 12:02:58 on 2013-04-14
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3071.2076 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.mc1630.mail.yahoo.com/mc/welcome?.gx=1&.tm=1364818337&.rand=cvu4koeopesui
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.3.0.36\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.3.0.36\ips\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.3.0.36\coieplg.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.3.0.36\coieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
StartupFolder: c:\users\phil\appdata\roaming\micros~1\windows\startm~1\programs\startup\americ~1.lnk - c:\ahdw\AHD3.EXE
StartupFolder: c:\users\phil\appdata\roaming\micros~1\windows\startm~1\programs\startup\E-MAIL~1.LNK -
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Dictionary - http://files.db3nf.com/scripts/ie.htm
IE: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - hxxp://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://liberty-ssl-vpn.lmig.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ssl.libertymutual.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{62CE607A-1353-4A2D-B5D5-4E4AE3B77005} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.43\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 SMR322;Symantec SMR Utility Service 3.2.2;c:\windows\system32\drivers\SMR322.SYS [2013-4-8 98392]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1403000.024\symds.sys [2013-2-27 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1403000.024\symefa.sys [2013-2-27 934488]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-5-24 501248]
R3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2008-3-26 136832]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\bashdefs\20130322.001\BHDrvx86.sys [2013-3-21 997464]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1403000.024\ccsetx86.sys [2013-2-27 134304]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2012-4-25 67960]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\ipsdefs\20130405.001\IDSvix86.sys [2013-4-6 386720]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1403000.024\ironx86.sys [2013-2-27 175264]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1403000.024\symtdiv.sys [2013-2-27 350368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2009-7-9 98984]
S2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files\fitbit connect\FitbitConnectService.exe [2013-2-25 1239584]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-12 21504]
S2 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2007-8-23 198240]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S2 N360;Norton 360;c:\program files\norton 360\engine\20.3.0.36\ccsvchst.exe [2013-2-27 144520]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]
S3 Ctxusbr;Citrix USB Redirection Driver;c:\windows\system32\drivers\ctxusbr.sys [2012-4-25 49712]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-1-18 106656]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-7-14 1443584]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
S3 Ser2rs;Radioshack USB to Serial Driver;c:\windows\system32\drivers\ser2rs.sys [2007-6-25 76288]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-04-08 16:38:53 -------- d-sh--w- C:\$RECYCLE.BIN
2013-04-08 16:32:44 98816 ----a-w- c:\windows\sed.exe
2013-04-08 16:32:44 256000 ----a-w- c:\windows\PEV.exe
2013-04-08 16:32:44 208896 ----a-w- c:\windows\MBR.exe
2013-04-08 16:15:10 98392 ----a-w- c:\windows\system32\drivers\SMR322.SYS
2013-04-08 16:15:10 20 ----a-w- c:\windows\system32\drivers\SMR322.dat
2013-04-07 17:04:54 -------- d-----w- c:\users\phil\appdata\local\temp(23)
2013-04-05 13:08:26 -------- d-----w- c:\programdata\FitbitConnect
2013-04-05 13:08:24 -------- d-----w- c:\program files\Fitbit Connect
2013-03-30 17:27:10 -------- d-----w- c:\users\phil\appdata\local\{137674B2-12FD-40B0-BA37-0A146BFD9C91}
2013-03-30 16:35:19 -------- d-----w- c:\users\phil\appdata\local\LogMeIn Rescue Applet
2013-03-21 19:21:56 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-21 18:25:54 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-03-21 18:24:44 -------- d-----w- c:\program files\iPod
2013-03-21 18:24:42 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-03-21 18:24:42 -------- d-----w- c:\program files\iTunes
.
==================== Find3M  ====================
.
2013-03-15 07:00:24 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-15 07:00:24 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-20 23:46:24 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-20 23:46:23 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-20 23:46:23 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-02 03:38:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-31 03:18:18 350368 ----a-w- c:\windows\system32\drivers\n360\1403000.024\symtdiv.sys
2013-01-31 03:18:18 338592 ----a-w- c:\windows\system32\drivers\n360\1403000.024\symnets.sys
2013-01-31 03:18:06 934488 ----a-w- c:\windows\system32\drivers\n360\1403000.024\symefa.sys
2013-01-29 01:45:18 602712 ----a-w- c:\windows\system32\drivers\n360\1403000.024\srtsp.sys
2013-01-29 01:45:18 32344 ----a-w- c:\windows\system32\drivers\n360\1403000.024\srtspx.sys
2013-01-22 02:15:32 367704 ----a-w- c:\windows\system32\drivers\n360\1403000.024\symds.sys
2013-01-16 23:07:40 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
.
============= FINISH: 12:03:05.30 ===============
ComboFix 13-04-08.02 - Phil 04/08/2013  12:33:47.1.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3071.2198 [GMT -4:00]
Running from: c:\users\Phil\Desktop\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-08 to 2013-04-08  )))))))))))))))))))))))))))))))
.
.
2013-04-08 16:15 . 2013-04-08 16:15 20 ----a-w- c:\windows\system32\drivers\SMR322.dat
2013-04-08 16:15 . 2013-04-08 16:15 98392 ----a-w- c:\windows\system32\drivers\SMR322.SYS
2013-04-07 16:30 . 2013-04-08 17:01 -------- d-----w- c:\users\Mike
2013-04-05 13:08 . 2013-04-05 13:08 -------- d-----w- c:\program files\Fitbit Connect
2013-03-21 19:21 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-21 18:25 . 2012-08-21 17:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-03-21 18:24 . 2013-03-21 18:24 -------- d-----w- c:\program files\iPod
2013-03-21 18:24 . 2013-03-21 18:25 -------- d-----w- c:\program files\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 07:00 . 2012-04-03 14:45 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-15 07:00 . 2011-05-31 16:15 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-20 23:46 . 2013-02-20 23:46 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-20 23:46 . 2013-01-19 20:47 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-20 23:46 . 2010-05-10 09:28 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-31 03:18 . 2013-02-27 16:11 350368 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symtdiv.sys
2013-01-31 03:18 . 2013-02-27 16:11 338592 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symnets.sys
2013-01-31 03:18 . 2013-02-27 16:11 934488 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symefa.sys
2013-01-29 01:45 . 2013-02-27 16:11 602712 ----a-w- c:\windows\system32\drivers\N360\1403000.024\srtsp.sys
2013-01-29 01:45 . 2013-02-27 16:11 32344 ----a-w- c:\windows\system32\drivers\N360\1403000.024\srtspx.sys
2013-01-22 02:15 . 2013-02-27 16:11 367704 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symds.sys
2013-01-16 23:07 . 2013-01-16 23:07 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-01-24 08:02 383328 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-01-24 08:02 383328 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2013-01-24 08:02 383328 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-01-24 08:02 383328 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2013-01-24 11184480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2013-02-25 3093024]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2012-07-27 380088]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2013-02-25 3093024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SMR322
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-29 10:29 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 07:02]
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-12 09:24]
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-12 09:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc1630.mail.yahoo.com/mc/welcome?.gx=1&.tm=1364818337&.rand=cvu4koeopesui
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &Dictionary - http://files.db3nf.com/scripts/ie.htm
IE: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-08 12:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
Ñ,LØXßÓGLØYß [35114048] 0x0050005C
Ñ,LØXßÓGLØYß [35114048] 0x0043003D
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-04-08  12:39:18
ComboFix-quarantined-files.txt  2013-04-08 16:39
ComboFix2.txt  2013-04-07 17:04
ComboFix3.txt  2013-04-07 16:49
ComboFix4.txt  2013-04-07 16:25
ComboFix5.txt  2013-04-08 16:32
.
Pre-Run: 154,340,126,720 bytes free
Post-Run: 154,924,748,800 bytes free
.
- - End Of File - - 5BAA0D826A2AA7A34E58738DE34E28E1
 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:03 PM

Posted 14 April 2013 - 01:31 PM

Greetings Phil and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:03 PM

Posted 14 April 2013 - 02:00 PM

Greetings Phil,

I would like to see what files Combofix quarantined before you posted here. Please do this.

===================================================

Obtaining List of ComboFix-quarantined-files

-------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Copy and paste, or type C:\Qoobox\ComboFix-quarantined-files.txt and press Enter
  • A Notepad document should open on your desktop
  • Copy and paste the contents of that document in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix quarantine log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 phil_50

phil_50
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 14 April 2013 - 02:53 PM

2013-01-17 21:59:54 . 2013-01-17 21:59:54              534 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfRd.reg.dat
2013-01-17 21:59:54 . 2013-01-17 21:59:54              534 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfPf.reg.dat
2013-01-17 21:57:12 . 2013-04-08 16:36:35            6,066 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-01-17 21:48:27 . 2013-04-08 16:33:47              709 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2011-10-21 20:45:14 . 2011-10-21 20:45:14              234 ----a-w-  C:\Qoobox\Quarantine\C\Users\Phil\AppData\Roaming\Microsoft\Windows\Recent\100 Must Read Books The Man’s Essential Library  The Art of Manliness.url.vir
2011-02-03 17:39:51 . 2011-02-03 17:39:51          836,261 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\SPLE17.tmp.vir
2010-08-08 16:50:37 . 2010-08-08 16:50:37        4,232,558 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\SPLBAD0.tmp.vir
 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:03 PM

Posted 14 April 2013 - 04:33 PM

Hi Phil,

Thank you for posting that information. Please run this in Safe Mode.

===================================================

Run TDSSKiller by Kaspersky on Vista/7

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".


===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 phil_50

phil_50
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 14 April 2013 - 04:50 PM

17:45:30.0282 1900  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:45:30.0594 1900  ============================================================
17:45:30.0594 1900  Current date / time: 2013/04/14 17:45:30.0594
17:45:30.0594 1900  SystemInfo:
17:45:30.0594 1900 
17:45:30.0594 1900  OS Version: 6.0.6002 ServicePack: 2.0
17:45:30.0594 1900  Product type: Workstation
17:45:30.0594 1900  ComputerName: PHIL-PC
17:45:30.0594 1900  UserName: Phil
17:45:30.0594 1900  Windows directory: C:\Windows
17:45:30.0594 1900  System windows directory: C:\Windows
17:45:30.0594 1900  Processor architecture: Intel x86
17:45:30.0594 1900  Number of processors: 4
17:45:30.0594 1900  Page size: 0x1000
17:45:30.0594 1900  Boot type: Safe boot with network
17:45:30.0594 1900  ============================================================
17:45:31.0328 1900  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:45:36.0772 1900  Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:45:36.0819 1900  ============================================================
17:45:36.0819 1900  \Device\Harddisk0\DR0:
17:45:36.0819 1900  MBR partitions:
17:45:36.0819 1900  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x24215625
17:45:36.0819 1900  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x24215664, BlocksNum 0x121805D
17:45:36.0819 1900  \Device\Harddisk1\DR1:
17:45:36.0975 1900  MBR partitions:
17:45:36.0975 1900  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
17:45:36.0975 1900  ============================================================
17:45:37.0022 1900  C: <-> \Device\Harddisk0\DR0\Partition1
17:45:37.0053 1900  D: <-> \Device\Harddisk0\DR0\Partition2
17:45:37.0084 1900  E: <-> \Device\Harddisk1\DR1\Partition1
17:45:37.0084 1900  ============================================================
17:45:37.0084 1900  Initialize success
17:45:37.0084 1900  ============================================================
17:45:47.0208 3684  ============================================================
17:45:47.0208 3684  Scan started
17:45:47.0208 3684  Mode: Manual;
17:45:47.0208 3684  ============================================================
17:45:48.0238 3684  ================ Scan system memory ========================
17:45:48.0238 3684  System memory - ok
17:45:48.0238 3684  ================ Scan services =============================
17:45:48.0441 3684  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
17:45:48.0441 3684  ACPI - ok
17:45:48.0519 3684  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:45:48.0519 3684  AdobeFlashPlayerUpdateSvc - ok
17:45:48.0566 3684  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:45:48.0566 3684  adp94xx - ok
17:45:48.0581 3684  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:45:48.0581 3684  adpahci - ok
17:45:48.0612 3684  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
17:45:48.0612 3684  adpu160m - ok
17:45:48.0628 3684  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:45:48.0628 3684  adpu320 - ok
17:45:48.0659 3684  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:45:48.0659 3684  AeLookupSvc - ok
17:45:48.0706 3684  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
17:45:48.0706 3684  AFD - ok
17:45:48.0737 3684  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:45:48.0737 3684  agp440 - ok
17:45:48.0753 3684  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
17:45:48.0753 3684  aic78xx - ok
17:45:48.0846 3684  [ C86D177967D27C80E466D4ED95C26DB9 ] AlertService    C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
17:45:48.0846 3684  AlertService - ok
17:45:48.0893 3684  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
17:45:48.0893 3684  ALG - ok
17:45:48.0940 3684  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:45:48.0940 3684  aliide - ok
17:45:48.0956 3684  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:45:48.0956 3684  amdagp - ok
17:45:49.0018 3684  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
17:45:49.0018 3684  amdide - ok
17:45:49.0049 3684  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
17:45:49.0049 3684  AmdK7 - ok
17:45:49.0049 3684  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:45:49.0049 3684  AmdK8 - ok
17:45:49.0080 3684  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
17:45:49.0080 3684  Appinfo - ok
17:45:49.0143 3684  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:45:49.0143 3684  Apple Mobile Device - ok
17:45:49.0174 3684  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
17:45:49.0174 3684  arc - ok
17:45:49.0252 3684  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:45:49.0252 3684  arcsas - ok
17:45:49.0283 3684  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:45:49.0283 3684  AsyncMac - ok
17:45:49.0314 3684  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:45:49.0314 3684  atapi - ok
17:45:49.0346 3684  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:45:49.0346 3684  AudioEndpointBuilder - ok
17:45:49.0346 3684  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:45:49.0346 3684  Audiosrv - ok
17:45:49.0392 3684  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:45:49.0392 3684  Beep - ok
17:45:49.0408 3684  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
17:45:49.0424 3684  BFE - ok
17:45:49.0626 3684  [ 75A51EA67D28E41543B8B354A47DF430 ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130322.001\BHDrvx86.sys
17:45:49.0642 3684  BHDrvx86 - ok
17:45:49.0704 3684  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
17:45:49.0704 3684  BITS - ok
17:45:49.0720 3684  blbdrive - ok
17:45:49.0798 3684  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:45:49.0798 3684  Bonjour Service - ok
17:45:49.0876 3684  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:45:49.0876 3684  bowser - ok
17:45:49.0907 3684  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
17:45:49.0907 3684  BrFiltLo - ok
17:45:49.0923 3684  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
17:45:49.0923 3684  BrFiltUp - ok
17:45:49.0938 3684  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
17:45:49.0938 3684  Browser - ok
17:45:49.0970 3684  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
17:45:49.0970 3684  Brserid - ok
17:45:50.0063 3684  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
17:45:50.0063 3684  BrSerWdm - ok
17:45:50.0079 3684  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
17:45:50.0079 3684  BrUsbMdm - ok
17:45:50.0079 3684  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
17:45:50.0079 3684  BrUsbSer - ok
17:45:50.0110 3684  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:45:50.0110 3684  BTHMODEM - ok
17:45:50.0219 3684  catchme - ok
17:45:50.0297 3684  [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_N360      C:\Windows\system32\drivers\N360\1403000.024\ccSetx86.sys
17:45:50.0297 3684  ccSet_N360 - ok
17:45:50.0344 3684  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:45:50.0344 3684  cdfs - ok
17:45:50.0360 3684  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:45:50.0375 3684  cdrom - ok
17:45:50.0422 3684  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:45:50.0422 3684  CertPropSvc - ok
17:45:50.0453 3684  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:45:50.0453 3684  circlass - ok
17:45:50.0469 3684  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
17:45:50.0469 3684  CLFS - ok
17:45:50.0531 3684  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:45:50.0531 3684  clr_optimization_v2.0.50727_32 - ok
17:45:50.0578 3684  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:45:50.0578 3684  clr_optimization_v4.0.30319_32 - ok
17:45:50.0594 3684  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:45:50.0594 3684  cmdide - ok
17:45:50.0609 3684  [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:45:50.0609 3684  Compbatt - ok
17:45:50.0625 3684  COMSysApp - ok
17:45:50.0640 3684  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:45:50.0640 3684  crcdisk - ok
17:45:50.0656 3684  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
17:45:50.0656 3684  Crusoe - ok
17:45:50.0703 3684  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:45:50.0703 3684  CryptSvc - ok
17:45:50.0734 3684  [ FFC5377AA2C1A3F5B18F359F661E76C8 ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
17:45:50.0734 3684  ctxusbm - ok
17:45:50.0765 3684  [ ECBACB6CEC57847E899C58454D8DB9DC ] Ctxusbr         C:\Windows\system32\DRIVERS\ctxusbr.sys
17:45:50.0765 3684  Ctxusbr - ok
17:45:50.0796 3684  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:45:50.0812 3684  DcomLaunch - ok
17:45:50.0843 3684  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:45:50.0843 3684  DfsC - ok
17:45:50.0906 3684  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
17:45:50.0921 3684  DFSR - ok
17:45:50.0952 3684  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
17:45:50.0952 3684  Dhcp - ok
17:45:50.0968 3684  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
17:45:50.0968 3684  disk - ok
17:45:51.0046 3684  [ 31B7596EDD9505FCBB07670FB69CBB48 ] dldtCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe
17:45:51.0046 3684  dldtCATSCustConnectService - ok
17:45:51.0046 3684  dldt_device - ok
17:45:51.0077 3684  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:45:51.0077 3684  Dnscache - ok
17:45:51.0108 3684  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:45:51.0108 3684  dot3svc - ok
17:45:51.0140 3684  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
17:45:51.0140 3684  DPS - ok
17:45:51.0186 3684  [ A0B584C33F55545D56F9E71FB4E203AC ] DQLWinService   C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
17:45:51.0186 3684  DQLWinService - ok
17:45:51.0218 3684  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:45:51.0218 3684  drmkaud - ok
17:45:51.0249 3684  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:45:51.0264 3684  DXGKrnl - ok
17:45:51.0296 3684  [ 88B16142B40CC080A2D86AE769A30396 ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
17:45:51.0296 3684  e1express - ok
17:45:51.0327 3684  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
17:45:51.0327 3684  E1G60 - ok
17:45:51.0374 3684  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
17:45:51.0374 3684  EapHost - ok
17:45:51.0405 3684  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
17:45:51.0405 3684  Ecache - ok
17:45:51.0483 3684  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:45:51.0498 3684  eeCtrl - ok
17:45:51.0545 3684  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:45:51.0545 3684  ehRecvr - ok
17:45:51.0561 3684  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
17:45:51.0561 3684  ehSched - ok
17:45:51.0576 3684  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
17:45:51.0576 3684  ehstart - ok
17:45:51.0608 3684  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:45:51.0608 3684  elxstor - ok
17:45:51.0639 3684  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
17:45:51.0639 3684  EMDMgmt - ok
17:45:51.0686 3684  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:45:51.0686 3684  EraserUtilRebootDrv - ok
17:45:51.0717 3684  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
17:45:51.0717 3684  EventSystem - ok
17:45:51.0748 3684  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
17:45:51.0748 3684  exfat - ok
17:45:51.0748 3684  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:45:51.0748 3684  fastfat - ok
17:45:51.0779 3684  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:45:51.0779 3684  fdc - ok
17:45:51.0795 3684  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:45:51.0795 3684  fdPHost - ok
17:45:51.0826 3684  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:45:51.0826 3684  FDResPub - ok
17:45:51.0842 3684  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:45:51.0842 3684  FileInfo - ok
17:45:51.0873 3684  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:45:51.0873 3684  Filetrace - ok
17:45:51.0998 3684  [ 74CA3E6AD08389B78939EA0F1A2A0789 ] Fitbit Connect  C:\Program Files\Fitbit Connect\FitbitConnectService.exe
17:45:51.0998 3684  Fitbit Connect - ok
17:45:52.0044 3684  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:45:52.0044 3684  flpydisk - ok
17:45:52.0060 3684  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:45:52.0076 3684  FltMgr - ok
17:45:52.0122 3684  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
17:45:52.0122 3684  FontCache - ok
17:45:52.0169 3684  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:45:52.0169 3684  FontCache3.0.0.0 - ok
17:45:52.0200 3684  [ D909075FA72C090F27AA926C32CB4612 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
17:45:52.0200 3684  fssfltr - ok
17:45:52.0278 3684  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:45:52.0294 3684  fsssvc - ok
17:45:52.0310 3684  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:45:52.0310 3684  Fs_Rec - ok
17:45:52.0325 3684  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:45:52.0325 3684  gagp30kx - ok
17:45:52.0403 3684  [ 1C41BFF9536B9609A8C42EA8C2AF7182 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
17:45:52.0403 3684  GameConsoleService - ok
17:45:52.0450 3684  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:45:52.0450 3684  GEARAspiWDM - ok
17:45:52.0497 3684  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:45:52.0497 3684  gpsvc - ok
17:45:52.0590 3684  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:45:52.0590 3684  gupdate - ok
17:45:52.0590 3684  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:45:52.0590 3684  gupdatem - ok
17:45:52.0653 3684  [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:45:52.0653 3684  gusvc - ok
17:45:52.0700 3684  [ AC33BE07397814A442DC305223DE3524 ] HCW85BDA        C:\Windows\system32\drivers\HCW85BDA.sys
17:45:52.0700 3684  HCW85BDA - ok
17:45:52.0746 3684  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:45:52.0746 3684  HdAudAddService - ok
17:45:52.0778 3684  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:45:52.0778 3684  HDAudBus - ok
17:45:52.0809 3684  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:45:52.0809 3684  HidBth - ok
17:45:52.0840 3684  [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:45:52.0840 3684  HidIr - ok
17:45:52.0871 3684  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
17:45:52.0871 3684  hidserv - ok
17:45:52.0887 3684  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:45:52.0887 3684  HidUsb - ok
17:45:52.0918 3684  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:45:52.0918 3684  hkmsvc - ok
17:45:52.0980 3684  [ 89F9E1984C1CD9E5F4FE39642D886E11 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
17:45:52.0980 3684  HP Health Check Service - ok
17:45:53.0027 3684  [ DEB82AF183F1CD06813D91ED104C645C ] HPBtnSrv        c:\hp\HPEZBTN\HPBtnSrv.exe
17:45:53.0027 3684  HPBtnSrv - ok
17:45:53.0058 3684  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
17:45:53.0058 3684  HpCISSs - ok
17:45:53.0105 3684  [ 78C88781FBD2FDD3BCBA09F58897FE45 ] HSF_DP          C:\Windows\system32\DRIVERS\HSX_DP.sys
17:45:53.0105 3684  HSF_DP - ok
17:45:53.0121 3684  [ 1E289F978D1E6F11DB88D4FCB2F9D92F ] HSXHWBS2        C:\Windows\system32\DRIVERS\HSXHWBS2.sys
17:45:53.0121 3684  HSXHWBS2 - ok
17:45:53.0152 3684  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:45:53.0152 3684  HTTP - ok
17:45:53.0168 3684  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
17:45:53.0168 3684  i2omp - ok
17:45:53.0214 3684  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:45:53.0214 3684  i8042prt - ok
17:45:53.0246 3684  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
17:45:53.0246 3684  iaStorV - ok
17:45:53.0324 3684  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:45:53.0324 3684  IDriverT - ok
17:45:53.0480 3684  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:45:53.0495 3684  idsvc - ok
17:45:53.0682 3684  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130405.001\IDSvix86.sys
17:45:53.0682 3684  IDSVix86 - ok
17:45:53.0729 3684  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:45:53.0729 3684  iirsp - ok
17:45:53.0776 3684  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:45:53.0776 3684  IKEEXT - ok
17:45:53.0854 3684  [ 84ED2154239F9D013BBD3220755ADA8B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:45:53.0870 3684  IntcAzAudAddService - ok
17:45:53.0932 3684  [ CE5AF42679DD85947D2D287594F22CE0 ] IntelDHSvcConf  C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
17:45:53.0932 3684  IntelDHSvcConf - ok
17:45:53.0948 3684  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
17:45:53.0948 3684  intelide - ok
17:45:53.0963 3684  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:45:53.0963 3684  intelppm - ok
17:45:53.0994 3684  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:45:53.0994 3684  IPBusEnum - ok
17:45:54.0010 3684  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:45:54.0010 3684  IpFilterDriver - ok
17:45:54.0041 3684  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:45:54.0041 3684  iphlpsvc - ok
17:45:54.0041 3684  IpInIp - ok
17:45:54.0104 3684  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
17:45:54.0104 3684  IPMIDRV - ok
17:45:54.0150 3684  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
17:45:54.0150 3684  IPNAT - ok
17:45:54.0213 3684  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:45:54.0213 3684  iPod Service - ok
17:45:54.0275 3684  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:45:54.0275 3684  IRENUM - ok
17:45:54.0291 3684  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:45:54.0291 3684  isapnp - ok
17:45:54.0322 3684  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:45:54.0338 3684  iScsiPrt - ok
17:45:54.0369 3684  [ E29BA28F76C5A703E7F30F74CF36DF22 ] ISSM            C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
17:45:54.0369 3684  ISSM - ok
17:45:54.0384 3684  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
17:45:54.0384 3684  iteatapi - ok
17:45:54.0416 3684  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
17:45:54.0416 3684  iteraid - ok
17:45:54.0431 3684  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:45:54.0431 3684  kbdclass - ok
17:45:54.0447 3684  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:45:54.0447 3684  kbdhid - ok
17:45:54.0462 3684  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
17:45:54.0462 3684  KeyIso - ok
17:45:54.0494 3684  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:45:54.0494 3684  KSecDD - ok
17:45:54.0540 3684  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:45:54.0540 3684  KtmRm - ok
17:45:54.0556 3684  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
17:45:54.0572 3684  LanmanServer - ok
17:45:54.0587 3684  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:45:54.0587 3684  LanmanWorkstation - ok
17:45:54.0634 3684  [ 683A07B982832426128B684B7366710F ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:45:54.0634 3684  LightScribeService - ok
17:45:54.0650 3684  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:45:54.0650 3684  lltdio - ok
17:45:54.0681 3684  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:45:54.0681 3684  lltdsvc - ok
17:45:54.0712 3684  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:45:54.0712 3684  lmhosts - ok
17:45:54.0743 3684  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:45:54.0743 3684  LSI_FC - ok
17:45:54.0759 3684  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:45:54.0759 3684  LSI_SAS - ok
17:45:54.0774 3684  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:45:54.0774 3684  LSI_SCSI - ok
17:45:54.0790 3684  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
17:45:54.0790 3684  luafv - ok
17:45:54.0821 3684  lxcf_device - ok
17:45:54.0852 3684  [ 7B073FD0133346D0E555353F164057D7 ] M1 Server       C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
17:45:54.0852 3684  M1 Server - ok
17:45:54.0884 3684  [ 7BBA15CA5A2AA4E50C7CBFB78D11DB25 ] MCLServiceATL   C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
17:45:54.0884 3684  MCLServiceATL - ok
17:45:54.0915 3684  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:45:54.0915 3684  Mcx2Svc - ok
17:45:54.0962 3684  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:45:54.0962 3684  mdmxsdk - ok
17:45:54.0993 3684  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
17:45:54.0993 3684  megasas - ok
17:45:55.0008 3684  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
17:45:55.0008 3684  MMCSS - ok
17:45:55.0024 3684  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
17:45:55.0024 3684  Modem - ok
17:45:55.0055 3684  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:45:55.0055 3684  monitor - ok
17:45:55.0071 3684  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:45:55.0071 3684  mouclass - ok
17:45:55.0086 3684  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:45:55.0086 3684  mouhid - ok
17:45:55.0118 3684  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
17:45:55.0118 3684  MountMgr - ok
17:45:55.0149 3684  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:45:55.0149 3684  mpio - ok
17:45:55.0164 3684  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:45:55.0164 3684  mpsdrv - ok
17:45:55.0196 3684  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:45:55.0196 3684  MpsSvc - ok
17:45:55.0211 3684  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
17:45:55.0211 3684  Mraid35x - ok
17:45:55.0227 3684  mrtRate - ok
17:45:55.0227 3684  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:45:55.0242 3684  MRxDAV - ok
17:45:55.0274 3684  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:45:55.0274 3684  mrxsmb - ok
17:45:55.0305 3684  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:45:55.0305 3684  mrxsmb10 - ok
17:45:55.0320 3684  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:45:55.0320 3684  mrxsmb20 - ok
17:45:55.0352 3684  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:45:55.0352 3684  msahci - ok
17:45:55.0367 3684  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:45:55.0367 3684  msdsm - ok
17:45:55.0398 3684  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
17:45:55.0398 3684  MSDTC - ok
17:45:55.0414 3684  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:45:55.0414 3684  Msfs - ok
17:45:55.0430 3684  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:45:55.0430 3684  msisadrv - ok
17:45:55.0461 3684  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:45:55.0461 3684  MSiSCSI - ok
17:45:55.0476 3684  msiserver - ok
17:45:55.0539 3684  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:45:55.0539 3684  MSKSSRV - ok
17:45:55.0570 3684  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:45:55.0570 3684  MSPCLOCK - ok
17:45:55.0570 3684  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:45:55.0570 3684  MSPQM - ok
17:45:55.0601 3684  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:45:55.0601 3684  MsRPC - ok
17:45:55.0617 3684  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:45:55.0617 3684  mssmbios - ok
17:45:55.0648 3684  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:45:55.0648 3684  MSTEE - ok
17:45:55.0679 3684  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
17:45:55.0679 3684  Mup - ok
17:45:55.0804 3684  [ 241BD3019FB31E812A51B31B06906335 ] N360            C:\Program Files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
17:45:55.0804 3684  N360 - ok
17:45:55.0835 3684  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
17:45:55.0835 3684  napagent - ok
17:45:55.0866 3684  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:45:55.0866 3684  NativeWifiP - ok
17:45:55.0960 3684  [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130405.069\NAVENG.SYS
17:45:55.0960 3684  NAVENG - ok
17:45:56.0007 3684  [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130405.069\NAVEX15.SYS
17:45:56.0007 3684  NAVEX15 - ok
17:45:56.0038 3684  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:45:56.0054 3684  NDIS - ok
17:45:56.0069 3684  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:45:56.0069 3684  NdisTapi - ok
17:45:56.0100 3684  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:45:56.0100 3684  Ndisuio - ok
17:45:56.0116 3684  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:45:56.0132 3684  NdisWan - ok
17:45:56.0147 3684  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:45:56.0147 3684  NDProxy - ok
17:45:56.0163 3684  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:45:56.0163 3684  NetBIOS - ok
17:45:56.0178 3684  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
17:45:56.0178 3684  netbt - ok
17:45:56.0178 3684  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
17:45:56.0178 3684  Netlogon - ok
17:45:56.0210 3684  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
17:45:56.0210 3684  Netman - ok
17:45:56.0241 3684  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
17:45:56.0241 3684  netprofm - ok
17:45:56.0272 3684  [ C9AFE484B3645DA74FD459F45E4F756F ] netr73          C:\Windows\system32\DRIVERS\netr73.sys
17:45:56.0272 3684  netr73 - ok
17:45:56.0303 3684  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:45:56.0303 3684  NetTcpPortSharing - ok
17:45:56.0319 3684  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:45:56.0334 3684  nfrd960 - ok
17:45:56.0350 3684  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:45:56.0350 3684  NlaSvc - ok
17:45:56.0381 3684  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:45:56.0381 3684  Npfs - ok
17:45:56.0397 3684  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
17:45:56.0397 3684  nsi - ok
17:45:56.0428 3684  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:45:56.0428 3684  nsiproxy - ok
17:45:56.0490 3684  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:45:56.0490 3684  Ntfs - ok
17:45:56.0537 3684  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
17:45:56.0537 3684  ntrigdigi - ok
17:45:56.0553 3684  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
17:45:56.0553 3684  Null - ok
17:45:56.0787 3684  [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:45:56.0834 3684  nvlddmkm - ok
17:45:56.0849 3684  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:45:56.0849 3684  nvraid - ok
17:45:56.0865 3684  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:45:56.0865 3684  nvstor - ok
17:45:56.0896 3684  [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:45:56.0896 3684  nvsvc - ok
17:45:56.0990 3684  [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:45:57.0005 3684  nvUpdatusService - ok
17:45:57.0021 3684  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:45:57.0021 3684  nv_agp - ok
17:45:57.0021 3684  NwlnkFlt - ok
17:45:57.0021 3684  NwlnkFwd - ok
17:45:57.0068 3684  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:45:57.0068 3684  odserv - ok
17:45:57.0099 3684  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
17:45:57.0099 3684  ohci1394 - ok
17:45:57.0130 3684  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:45:57.0130 3684  ose - ok
17:45:57.0161 3684  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
17:45:57.0177 3684  p2pimsvc - ok
17:45:57.0192 3684  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:45:57.0192 3684  p2psvc - ok
17:45:57.0224 3684  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
17:45:57.0224 3684  Parport - ok
17:45:57.0255 3684  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:45:57.0255 3684  partmgr - ok
17:45:57.0270 3684  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
17:45:57.0270 3684  Parvdm - ok
17:45:57.0286 3684  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:45:57.0286 3684  PcaSvc - ok
17:45:57.0317 3684  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
17:45:57.0317 3684  pci - ok
17:45:57.0333 3684  [ 3B1901E401473E03EB8C874271E50C26 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:45:57.0333 3684  pciide - ok
17:45:57.0348 3684  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:45:57.0348 3684  pcmcia - ok
17:45:57.0395 3684  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:45:57.0395 3684  PEAUTH - ok
17:45:57.0473 3684  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
17:45:57.0473 3684  pla - ok
17:45:57.0504 3684  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:45:57.0504 3684  PlugPlay - ok
17:45:57.0520 3684  [ A1DD33D16F277CE34124EE52AB2C0F14 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
17:45:57.0536 3684  PnkBstrA - ok
17:45:57.0551 3684  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
17:45:57.0551 3684  PNRPAutoReg - ok
17:45:57.0582 3684  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
17:45:57.0582 3684  PNRPsvc - ok
17:45:57.0598 3684  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:45:57.0598 3684  PolicyAgent - ok
17:45:57.0629 3684  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:45:57.0629 3684  PptpMiniport - ok
17:45:57.0645 3684  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
17:45:57.0645 3684  Processor - ok
17:45:57.0676 3684  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:45:57.0676 3684  ProfSvc - ok
17:45:57.0676 3684  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:45:57.0692 3684  ProtectedStorage - ok
17:45:57.0707 3684  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
17:45:57.0707 3684  PSched - ok
17:45:57.0723 3684  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
17:45:57.0723 3684  PxHelp20 - ok
17:45:57.0770 3684  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:45:57.0770 3684  ql2300 - ok
17:45:57.0785 3684  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:45:57.0785 3684  ql40xx - ok
17:45:57.0832 3684  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
17:45:57.0832 3684  QWAVE - ok
17:45:57.0848 3684  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:45:57.0848 3684  QWAVEdrv - ok
17:45:57.0863 3684  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:45:57.0863 3684  RasAcd - ok
17:45:57.0894 3684  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
17:45:57.0894 3684  RasAuto - ok
17:45:57.0926 3684  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:45:57.0926 3684  Rasl2tp - ok
17:45:57.0941 3684  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
17:45:57.0957 3684  RasMan - ok
17:45:57.0988 3684  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:45:57.0988 3684  RasPppoe - ok
17:45:58.0019 3684  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:45:58.0019 3684  RasSstp - ok
17:45:58.0050 3684  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:45:58.0050 3684  rdbss - ok
17:45:58.0066 3684  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:45:58.0066 3684  RDPCDD - ok
17:45:58.0097 3684  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
17:45:58.0097 3684  rdpdr - ok
17:45:58.0097 3684  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:45:58.0097 3684  RDPENCDD - ok
17:45:58.0160 3684  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:45:58.0160 3684  RDPWD - ok
17:45:58.0206 3684  [ 752402F6BD5FA012805813C329F88DD3 ] Remote UI Service C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
17:45:58.0206 3684  Remote UI Service - ok
17:45:58.0253 3684  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:45:58.0253 3684  RemoteAccess - ok
17:45:58.0269 3684  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:45:58.0284 3684  RemoteRegistry - ok
17:45:58.0300 3684  [ F17713D108ACA124A139FDE877EEF68A ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
17:45:58.0300 3684  RimUsb - ok
17:45:58.0394 3684  [ 2DAC86F10C42B55F2511F14CBCEE7284 ] RoxMediaDB9     c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
17:45:58.0394 3684  RoxMediaDB9 - ok
17:45:58.0425 3684  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
17:45:58.0425 3684  RpcLocator - ok
17:45:58.0456 3684  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
17:45:58.0456 3684  RpcSs - ok
17:45:58.0518 3684  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:45:58.0518 3684  rspndr - ok
17:45:58.0534 3684  [ DCEFB50994BC5FB6D83BE1977EDBF897 ] SaiH0461        C:\Windows\system32\DRIVERS\SaiH0461.sys
17:45:58.0550 3684  SaiH0461 - ok
17:45:58.0550 3684  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
17:45:58.0550 3684  SamSs - ok
17:45:58.0581 3684  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:45:58.0581 3684  sbp2port - ok
17:45:58.0612 3684  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:45:58.0612 3684  SCardSvr - ok
17:45:58.0643 3684  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
17:45:58.0643 3684  Schedule - ok
17:45:58.0659 3684  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:45:58.0659 3684  SCPolicySvc - ok
17:45:58.0674 3684  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:45:58.0674 3684  SDRSVC - ok
17:45:58.0721 3684  [ 16A252022535B680046F6E34E136D378 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:45:58.0737 3684  SeaPort - ok
17:45:58.0752 3684  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:45:58.0752 3684  secdrv - ok
17:45:58.0768 3684  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
17:45:58.0784 3684  seclogon - ok
17:45:58.0799 3684  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
17:45:58.0799 3684  SENS - ok
17:45:58.0830 3684  [ 5FE7BE588762E3F89E2EE764C2E50C91 ] Ser2rs          C:\Windows\system32\DRIVERS\ser2rs.sys
17:45:58.0830 3684  Ser2rs - ok
17:45:58.0830 3684  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:45:58.0830 3684  Serenum - ok
17:45:58.0846 3684  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
17:45:58.0846 3684  Serial - ok
17:45:58.0877 3684  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:45:58.0877 3684  sermouse - ok
17:45:58.0908 3684  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:45:58.0908 3684  SessionEnv - ok
17:45:58.0924 3684  [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:45:58.0924 3684  sffdisk - ok
17:45:58.0940 3684  [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:45:58.0940 3684  sffp_mmc - ok
17:45:58.0940 3684  [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:45:58.0940 3684  sffp_sd - ok
17:45:58.0955 3684  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:45:58.0955 3684  sfloppy - ok
17:45:58.0971 3684  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:45:58.0971 3684  SharedAccess - ok
17:45:59.0002 3684  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:45:59.0018 3684  ShellHWDetection - ok
17:45:59.0033 3684  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:45:59.0033 3684  sisagp - ok
17:45:59.0049 3684  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
17:45:59.0049 3684  SiSRaid2 - ok
17:45:59.0064 3684  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:45:59.0064 3684  SiSRaid4 - ok
17:45:59.0142 3684  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
17:45:59.0174 3684  slsvc - ok
17:45:59.0205 3684  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
17:45:59.0205 3684  SLUINotify - ok
17:45:59.0236 3684  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:45:59.0236 3684  Smb - ok
17:45:59.0267 3684  [ 0A07295A3A4BBEA54D9DFCEAEDFDA331 ] SMR322          C:\Windows\system32\drivers\SMR322.SYS
17:45:59.0267 3684  SMR322 - ok
17:45:59.0283 3684  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:45:59.0283 3684  SNMPTRAP - ok
17:45:59.0314 3684  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
17:45:59.0314 3684  spldr - ok
17:45:59.0330 3684  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
17:45:59.0330 3684  Spooler - ok
17:45:59.0408 3684  [ 0A8F71E1DB5432A5B9285111421E77EC ] SRTSP           C:\Windows\System32\Drivers\N360\1403000.024\SRTSP.SYS
17:45:59.0408 3684  SRTSP - ok
17:45:59.0439 3684  [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX          C:\Windows\system32\drivers\N360\1403000.024\SRTSPX.SYS
17:45:59.0439 3684  SRTSPX - ok
17:45:59.0454 3684  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:45:59.0470 3684  srv - ok
17:45:59.0532 3684  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:45:59.0532 3684  srv2 - ok
17:45:59.0532 3684  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:45:59.0532 3684  srvnet - ok
17:45:59.0564 3684  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:45:59.0564 3684  SSDPSRV - ok
17:45:59.0595 3684  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:45:59.0595 3684  SstpSvc - ok
17:45:59.0688 3684  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:45:59.0688 3684  Stereo Service - ok
17:45:59.0720 3684  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
17:45:59.0720 3684  stisvc - ok
17:45:59.0766 3684  [ E5FF667E416DAC99BFF16B626234A379 ] stllssvr        c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
17:45:59.0766 3684  stllssvr - ok
17:45:59.0782 3684  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:45:59.0782 3684  swenum - ok
17:45:59.0798 3684  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
17:45:59.0813 3684  swprv - ok
17:45:59.0829 3684  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
17:45:59.0829 3684  Symc8xx - ok
17:45:59.0876 3684  [ 6EA77FF0CE4E839EA8B1CEA5F5B28C00 ] SymDS           C:\Windows\system32\drivers\N360\1403000.024\SYMDS.SYS
17:45:59.0876 3684  SymDS - ok
17:45:59.0922 3684  [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA          C:\Windows\system32\drivers\N360\1403000.024\SYMEFA.SYS
17:45:59.0938 3684  SymEFA - ok
17:45:59.0969 3684  [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
17:45:59.0969 3684  SymEvent - ok
17:46:00.0000 3684  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\Windows\system32\drivers\N360\1403000.024\Ironx86.SYS
17:46:00.0000 3684  SymIRON - ok
17:46:00.0016 3684  [ 93DE018EC6FBAA9A58FF9F2EB9198092 ] SYMTDIv         C:\Windows\System32\Drivers\N360\1403000.024\SYMTDIV.SYS
17:46:00.0016 3684  SYMTDIv - ok
17:46:00.0047 3684  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
17:46:00.0047 3684  Sym_hi - ok
17:46:00.0063 3684  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
17:46:00.0063 3684  Sym_u3 - ok
17:46:00.0094 3684  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
17:46:00.0094 3684  SysMain - ok
17:46:00.0110 3684  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:46:00.0125 3684  TabletInputService - ok
17:46:00.0141 3684  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:46:00.0141 3684  TapiSrv - ok
17:46:00.0172 3684  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
17:46:00.0172 3684  TBS - ok
17:46:00.0219 3684  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:46:00.0219 3684  Tcpip - ok
17:46:00.0250 3684  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
17:46:00.0250 3684  Tcpip6 - ok
17:46:00.0297 3684  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:46:00.0297 3684  tcpipreg - ok
17:46:00.0328 3684  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:46:00.0328 3684  TDPIPE - ok
17:46:00.0359 3684  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:46:00.0359 3684  TDTCP - ok
17:46:00.0375 3684  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:46:00.0375 3684  tdx - ok
17:46:00.0406 3684  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:46:00.0406 3684  TermDD - ok
17:46:00.0422 3684  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
17:46:00.0422 3684  TermService - ok
17:46:00.0437 3684  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
17:46:00.0437 3684  Themes - ok
17:46:00.0484 3684  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
17:46:00.0484 3684  THREADORDER - ok
17:46:00.0515 3684  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
17:46:00.0515 3684  TrkWks - ok
17:46:00.0546 3684  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:46:00.0546 3684  TrustedInstaller - ok
17:46:00.0578 3684  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:46:00.0578 3684  tssecsrv - ok
17:46:00.0593 3684  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
17:46:00.0609 3684  tunmp - ok
17:46:00.0624 3684  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:46:00.0624 3684  tunnel - ok
17:46:00.0640 3684  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:46:00.0640 3684  uagp35 - ok
17:46:00.0671 3684  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:46:00.0671 3684  udfs - ok
17:46:00.0702 3684  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:46:00.0702 3684  UI0Detect - ok
17:46:00.0718 3684  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:46:00.0718 3684  uliagpkx - ok
17:46:00.0749 3684  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
17:46:00.0749 3684  uliahci - ok
17:46:00.0780 3684  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
17:46:00.0780 3684  UlSata - ok
17:46:00.0796 3684  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
17:46:00.0796 3684  ulsata2 - ok
17:46:00.0827 3684  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:46:00.0827 3684  umbus - ok
17:46:00.0858 3684  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
17:46:00.0858 3684  upnphost - ok
17:46:00.0874 3684  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
17:46:00.0874 3684  USBAAPL - ok
17:46:00.0905 3684  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:46:00.0905 3684  usbaudio - ok
17:46:00.0936 3684  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:46:00.0936 3684  usbccgp - ok
17:46:00.0952 3684  [ 47B9770EA21436DE4AD5AEA7926E0900 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
17:46:00.0952 3684  usbcir - ok
17:46:00.0983 3684  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:46:00.0983 3684  usbehci - ok
17:46:01.0014 3684  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:46:01.0014 3684  usbhub - ok
17:46:01.0046 3684  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:46:01.0046 3684  usbohci - ok
17:46:01.0061 3684  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:46:01.0061 3684  usbprint - ok
17:46:01.0092 3684  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:46:01.0092 3684  usbscan - ok
17:46:01.0108 3684  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:46:01.0108 3684  USBSTOR - ok
17:46:01.0124 3684  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:46:01.0124 3684  usbuhci - ok
17:46:01.0124 3684  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
17:46:01.0124 3684  UxSms - ok
17:46:01.0155 3684  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
17:46:01.0155 3684  vds - ok
17:46:01.0186 3684  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:46:01.0186 3684  vga - ok
17:46:01.0202 3684  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:46:01.0202 3684  VgaSave - ok
17:46:01.0217 3684  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:46:01.0217 3684  viaagp - ok
17:46:01.0233 3684  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
17:46:01.0233 3684  ViaC7 - ok
17:46:01.0248 3684  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
17:46:01.0248 3684  viaide - ok
17:46:01.0280 3684  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:46:01.0280 3684  volmgr - ok
17:46:01.0295 3684  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:46:01.0311 3684  volmgrx - ok
17:46:01.0326 3684  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:46:01.0326 3684  volsnap - ok
17:46:01.0358 3684  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:46:01.0358 3684  vsmraid - ok
17:46:01.0404 3684  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
17:46:01.0420 3684  VSS - ok
17:46:01.0436 3684  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
17:46:01.0436 3684  W32Time - ok
17:46:01.0498 3684  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:46:01.0498 3684  WacomPen - ok
17:46:01.0529 3684  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
17:46:01.0529 3684  Wanarp - ok
17:46:01.0529 3684  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:46:01.0529 3684  Wanarpv6 - ok
17:46:01.0545 3684  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:46:01.0545 3684  wcncsvc - ok
17:46:01.0576 3684  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:46:01.0576 3684  WcsPlugInService - ok
17:46:01.0623 3684  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
17:46:01.0623 3684  Wd - ok
17:46:01.0654 3684  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:46:01.0654 3684  Wdf01000 - ok
17:46:01.0685 3684  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:46:01.0685 3684  WdiServiceHost - ok
17:46:01.0685 3684  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:46:01.0685 3684  WdiSystemHost - ok
17:46:01.0716 3684  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
17:46:01.0716 3684  WebClient - ok
17:46:01.0748 3684  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:46:01.0748 3684  Wecsvc - ok
17:46:01.0763 3684  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:46:01.0763 3684  wercplsupport - ok
17:46:01.0794 3684  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:46:01.0794 3684  WerSvc - ok
17:46:01.0826 3684  [ 0869C31E0FF995BF00628AF8C1658E26 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:46:01.0826 3684  winachsf - ok
17:46:01.0857 3684  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:46:01.0857 3684  WinDefend - ok
17:46:01.0872 3684  WinHttpAutoProxySvc - ok
17:46:01.0904 3684  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:46:01.0904 3684  Winmgmt - ok
17:46:01.0950 3684  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:46:01.0950 3684  WinRM - ok
17:46:01.0982 3684  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:46:01.0997 3684  Wlansvc - ok
17:46:02.0060 3684  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:46:02.0060 3684  wlidsvc - ok
17:46:02.0075 3684  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:46:02.0075 3684  WmiAcpi - ok
17:46:02.0106 3684  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:46:02.0106 3684  wmiApSrv - ok
17:46:02.0153 3684  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:46:02.0169 3684  WMPNetworkSvc - ok
17:46:02.0184 3684  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:46:02.0184 3684  WPCSvc - ok
17:46:02.0216 3684  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:46:02.0216 3684  WPDBusEnum - ok
17:46:02.0262 3684  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
17:46:02.0262 3684  WpdUsb - ok
17:46:02.0356 3684  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:46:02.0356 3684  WPFFontCache_v0400 - ok
17:46:02.0387 3684  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:46:02.0387 3684  ws2ifsl - ok
17:46:02.0418 3684  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
17:46:02.0418 3684  wscsvc - ok
17:46:02.0418 3684  WSearch - ok
17:46:02.0481 3684  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
17:46:02.0481 3684  wuauserv - ok
17:46:02.0528 3684  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:46:02.0528 3684  WudfPf - ok
17:46:02.0543 3684  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:46:02.0543 3684  WUDFRd - ok
17:46:02.0559 3684  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:46:02.0574 3684  wudfsvc - ok
17:46:02.0590 3684  [ BFCC507ECA58F11C5FED96E192B878CB ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
17:46:02.0590 3684  XAudio - ok
17:46:02.0606 3684  XAudioService - ok
17:46:02.0621 3684  ================ Scan global ===============================
17:46:02.0637 3684  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
17:46:02.0668 3684  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:46:02.0684 3684  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:46:02.0715 3684  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
17:46:02.0715 3684  [Global] - ok
17:46:02.0715 3684  ================ Scan MBR ==================================
17:46:02.0730 3684  [ 8913823FF508CCF109DB74B636C301DA ] \Device\Harddisk0\DR0
17:46:03.0011 3684  \Device\Harddisk0\DR0 - ok
17:46:03.0011 3684  [ 1DB61955601576B622C64349B22C390B ] \Device\Harddisk1\DR1
17:46:03.0167 3684  \Device\Harddisk1\DR1 - ok
17:46:03.0167 3684  ================ Scan VBR ==================================
17:46:03.0167 3684  [ 50F82A17913FAC2BF680718749D83187 ] \Device\Harddisk0\DR0\Partition1
17:46:03.0167 3684  \Device\Harddisk0\DR0\Partition1 - ok
17:46:03.0167 3684  [ FB381A7A81B9CC105CFCD5D9CC0463A5 ] \Device\Harddisk0\DR0\Partition2
17:46:03.0167 3684  \Device\Harddisk0\DR0\Partition2 - ok
17:46:03.0167 3684  [ 59BE471828956ADE096BBC2CB1938F69 ] \Device\Harddisk1\DR1\Partition1
17:46:03.0167 3684  \Device\Harddisk1\DR1\Partition1 - ok
17:46:03.0167 3684  ============================================================
17:46:03.0167 3684  Scan finished
17:46:03.0167 3684  ============================================================
17:46:03.0183 1608  Detected object count: 0
17:46:03.0183 1608  Actual detected object count: 0
17:46:09.0142 0412  Deinitialize success
 



#12 phil_50

phil_50
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 14 April 2013 - 04:55 PM

avast log to follow shortly



#13 phil_50

phil_50
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 14 April 2013 - 05:39 PM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-14 17:51:52
-----------------------------
17:51:52.148    OS Version: Windows 6.0.6002 Service Pack 2
17:51:52.148    Number of processors: 4 586 0xF0B
17:51:52.148    ComputerName: PHIL-PC  UserName: Phil
17:51:53.271    Initialize success
17:55:55.692    AVAST engine defs: 13041401
17:56:06.190    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:56:06.190    Disk 0 Vendor: ST3320820AS 3.CHL Size: 305245MB BusType: 3
17:56:06.190    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
17:56:06.190    Disk 1 Vendor: ST3320820AS 3.CHL Size: 305245MB BusType: 3
17:56:06.300    Disk 0 MBR read successfully
17:56:06.300    Disk 0 MBR scan
17:56:06.300    Disk 0 unknown MBR code
17:56:06.331    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       295978 MB offset 63
17:56:06.362    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         9264 MB offset 606164580
17:56:06.362    Disk 0 scanning sectors +625137345
17:56:06.487    Disk 0 scanning C:\Windows\system32\drivers
17:56:14.755    Service scanning
17:56:36.735    Modules scanning
17:56:40.323    Disk 0 trace - called modules:
17:56:40.339    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
17:56:40.339    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c45030]
17:56:40.339    3 CLASSPNP.SYS[8abaa8b3] -> nt!IofCallDriver -> [0x85982830]
17:56:40.354    5 acpi.sys[806976bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85988b98]
17:56:41.462    AVAST engine scan C:\Windows
17:56:44.535    AVAST engine scan C:\Windows\system32
17:59:41.876    AVAST engine scan C:\Windows\system32\drivers
17:59:57.554    AVAST engine scan C:\Users\Phil
18:26:50.750    AVAST engine scan C:\ProgramData
18:33:37.255    Scan finished successfully
18:37:04.766    Disk 0 MBR has been saved successfully to "C:\Users\Phil\Desktop\Desktop\MBR.dat"
18:37:04.766    The log file has been saved successfully to "C:\Users\Phil\Desktop\Desktop\aswMBR.txt"


 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:03 PM

Posted 14 April 2013 - 06:10 PM

Thanks Phil,

Now please run this for me.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Vista/7 users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • When the Status box shows Scan Finished click Delete
  • Click Report
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 phil_50

phil_50
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 14 April 2013 - 06:40 PM

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User : Phil [Admin rights]
Mode : Remove -- Date : 04/14/2013 19:26:41
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320820AS ATA Device +++++
--- User ---
[MBR] 91391958f5c7f391dfbc71051d84a654
[BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 295978 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 606164580 | Size: 9264 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3320820AS ATA Device +++++
--- User ---
[MBR] e03b93285064305c8cd233308336f698
[BSP] d9bebd66a742675c91f5c65423c1cd46 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_04142013_02d1926.txt >>
RKreport[1]_S_04142013_02d1919.txt ; RKreport[2]_D_04142013_02d1926.txt

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users