Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many locked files, registry entries created, changed, at ridiculous rate, ....


  • Please log in to reply
10 replies to this topic

#1 MyCrappyComputer

MyCrappyComputer

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 29 July 2013 - 12:13 AM

Hi people,
I am requesting assistance because my computer has major, major issues. Some of these are even comical but true, nonetheless.
1) When I visit certain websites, I see strange charachters. Usually an "A" with a carrot over it. (See photo at bottom)
2) My internet connection works fine but in the lower right hand corner of my computer there is always the network icon with a big red "X" (See photo at bottom)
3) I have a folder on my desktop entitled, and I kid you not, "TheBestBabes", that I constantly delete but it returns every time I connect to the internet. (See photo at bottom)

4) I downloaded MS Office and the log, which I can post, says the installation was corrupt, but yet it was almost a year before I read this log and everything functioned perfectly in MS Office. It wasn't until I started having computer problems that I began to search for logs and found it. It was one of the very first things I downloaded when I reformatted my computer, so if it contained an infection, almost everything on my computer was downloaded after this corrupt download.

5) While using a program on Safari, I clicked on view activity and there were so many scripts being executed and errors occurring, and redirects (See photo at bottom)

6) In firefox and IE, I have a ton of invalid certificates that are listed as valid. (See photo at bottom)

7) Google Chrome just installed by itself one day. I was just looking at my computer and all of a sudden google chrome starts installing all by itself.
8) I ran sfc/ scannow from the commandline and it told me that there are many corrupt files that cannot be fixed. (See photo at bottom)

9) I have a ton of logs that contain very strange characters. (See Links)

10) When I ran "tracerroute", it took 19 hops to get from their server to my computer. Is that normal? (See photo at bottom)

11) When I send and receive certain emails, there are about 6 hops, and the email is usually spam.

12) I always get fake emails or spam from a lot of my friends on facebook, that they never sent.
13) recently I had 12 "svchosts" running in task manager and 12 or so "Acroreader32" running in task manager also. 
14) every time i go onto a website, a new survey pops up instantaneously. that cannot be normal.
15) every time I open a browser, the font is totally different than it was 5 minutes ago, and the position of the browser is constantly changing.
16) Computer is very slow.
17) On July 18, I had a computer person from my school download "Symantec Endpoint Protection" onto my computer. It has generated so many error logs and registry changes.
18) Starting about July 25, anytime I tried to run any sort of malware removal tool I would get this pop-up message, "The specified service does not exist as an installed service", and they would not run. However, they would run in "Safe Mode." I used "system restore" to return my computer to July 19, and now the malware tools, like these DDS Logs, were able to be run in normal mode.
19) Many of my programs, I have lost control over. In the "Properties" section of my programs, under "security", I see many strange entries. I see numbers, "interactive", "everybody", "trusted installer", along with the normal entries.
20) I have a ton of programs that under "properties", have a totally different name than what they're actually called.
21) I have a ton of ntuser.dat files, I have many locked programs that I don't have access to and I'm the only one that uses this computer.(See photo at bottom)

22) despite being the only one who uses this computer, in internet explorer, under "Internet Options" and then "advanced", some settings I can't change. It says they are controlled by the system administrator. I am the only one who uses this computer.

23) thousands of registry changes a minute as logged by webroot. (See photo at bottom)

 

 

I have included the 2 DDS logs. I have attached the "attached". I had previously posted in "am i infected" http://www.bleepingcomputer.com/forums/t/501902/havin-problems/

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635
Run by el guapo y el fuerte at 0:27:30 on 2013-07-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8086.6598 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\locator.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\vds.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?cid=cgps07062013
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\IPS\IPSBHO.dll
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{3EC6427F-73EF-4499-8BC3-071E9665AD5C} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{AB972E73-E196-418B-B8E0-A3B14447F46C} : DHCPNameServer = 128.6.1.1 172.28.0.114
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.13.0.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\el guapo y el fuerte\AppData\Roaming\Mozilla\Firefox\Profiles\kd3qgoyi.default\
FF - prefs.js: browser.search.selectedEngine - Xfinity.com Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-23 00:01; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\IPSFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-5-28 14456]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-8 30056]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymDS64.sys [2012-11-3 493216]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymEFA64.sys [2012-11-3 1133216]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130716.011_f7f\BHDrvx64.sys [2013-7-16 1393240]
R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [2012-11-3 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130726.011_f86\IDSviA64.sys [2013-7-28 513184]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2012-10-8 284008]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.sys [2012-11-3 224416]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\symnets.sys [2012-11-3 432800]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-9-18 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-8 1166848]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [2012-11-3 143928]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-12-13 342528]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-8-5 76912]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
S2 !SASCORE;SAS Core Service;"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" --> C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" --> C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [?]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-7-18 138912]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-5-28 39504]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-2-21 169752]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-27 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2013-07-26 16:11:26 -------- d-----w- C:\Users\el guapo y el fuerte\ClipConverter
2013-07-26 16:09:35 -------- d-----w- C:\Users\el guapo y el fuerte\AppData\Roaming\Lunaweb
2013-07-23 16:07:16 -------- d-----w- C:\Windows\System32\MRT
2013-07-23 07:22:21 -------- d-----w- C:\Users\el guapo y el fuerte\AppData\Local\ElevatedDiagnostics
2013-07-23 02:38:21 -------- d-----w- C:\Users\el guapo y el fuerte\AppData\Roaming\Malwarebytes
2013-07-23 02:38:05 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-23 02:38:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-23 01:05:30 -------- d-----w- C:\Program Files (x86)\ESET
2013-07-23 01:01:33 -------- d-----w- C:\$RECYCLE.BIN
2013-07-18 20:48:20 -------- d-----w- C:\Users\el guapo y el fuerte\AppData\Local\Symantec
2013-07-18 19:43:18 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-07-18 19:43:18 -------- d-----w- C:\Program Files\Symantec
2013-07-18 19:43:18 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2013-07-18 19:38:11 575952 ----a-w- C:\Windows\System32\SymVPN.dll
2013-07-18 19:38:11 56272 ----a-w- C:\Windows\System32\snacnp.dll
2013-07-18 19:38:11 50128 ----a-w- C:\Windows\SysWow64\snacnp.dll
2013-07-18 19:38:11 44008 ----a-w- C:\Windows\System32\drivers\WGX64.SYS
2013-07-18 19:38:11 419792 ----a-w- C:\Windows\SysWow64\SymVPN.dll
2013-07-18 19:38:11 157136 ----a-w- C:\Windows\System32\FwsVpn.dll
2013-07-18 19:38:11 136144 ----a-w- C:\Windows\SysWow64\FwsVpn.dll
2013-07-18 19:35:59 -------- d-----w- C:\ProgramData\regid.1992-12.com.symantec
2013-07-18 19:35:45 -------- d-----w- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64
2013-07-18 19:35:45 -------- d-----w- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105
2013-07-18 19:35:45 -------- d-----w- C:\Windows\System32\drivers\SEP\0C0107DF
2013-07-18 19:35:45 -------- d-----w- C:\Windows\System32\drivers\SEP
2013-07-18 19:35:31 -------- d-----w- C:\Program Files (x86)\Symantec
2013-07-18 18:54:50 -------- d-----w- C:\Program Files (x86)\Cisco
2013-07-18 18:51:10 -------- d--h--w- C:\Windows\System32\WLANProfiles
2013-07-18 18:50:32 -------- d-----w- C:\ProgramData\Roaming
2013-07-18 18:47:32 -------- d-----w- C:\Program Files\Common Files\Intel
2013-07-18 18:47:20 -------- d-----w- C:\ProgramData\Intel.sav
2013-07-10 08:29:25 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 08:29:25 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-10 08:29:25 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-10 08:29:25 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 08:29:25 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-10 08:29:25 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-10 08:29:25 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-10 08:29:19 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-10 08:29:19 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-10 08:29:16 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-10 08:29:16 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-10 08:28:46 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 08:28:46 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 08:28:44 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-10 08:28:38 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-10 08:28:38 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-09 03:59:32 -------- d-----w- C:\Device
2013-07-09 02:11:52 263576 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-07-09 01:25:03 -------- d-----w- C:\Users\el guapo y el fuerte\AppData\Local\temp
2013-07-08 23:58:27 743248 ----a-w- C:\Windows\SysWow64\msvcp100d.dll
2013-07-08 23:58:27 1498960 ----a-w- C:\Windows\SysWow64\msvcr100d.dll
2013-07-08 23:58:26 1858896 ----a-w- C:\Windows\System32\msvcr100d.dll
2013-07-08 23:58:26 1014096 ----a-w- C:\Windows\System32\msvcp100d.dll
2013-07-08 23:58:26 -------- d-----w- C:\Program Files\Malwarebytes Anti-Exploit
2013-07-08 12:14:12 -------- d-----w- C:\Users\el guapo y el fuerte\AppData\Local\Zemana
2013-07-08 05:50:16 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-08 05:50:16 -------- d-----w- C:\Program Files\iTunes
2013-07-08 05:50:16 -------- d-----w- C:\Program Files\iPod
2013-07-08 05:40:59 -------- d-----w- C:\Program Files (x86)\iTunes
2013-07-06 09:37:50 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2013-07-06 09:30:55 -------- d-----w- C:\ProgramData\IsolatedStorage
2013-07-06 09:30:44 -------- d-----w- C:\Users\el guapo y el fuerte\AppData\Local\White_Sky,_Inc
2013-07-06 09:28:01 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite
2013-07-06 09:26:14 -------- d-----w- C:\ProgramData\White Sky, Inc
2013-07-06 07:42:47 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{32499939-B524-46EE-988E-20E45A33944F}\mpengine.dll
2013-07-05 04:44:39 112640 ----a-w- C:\Windows\System32\smss.exe.001
.
==================== Find3M  ====================
.
2013-07-10 04:28:23 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-10 04:28:23 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-05 04:44:41 112640 ----a-w- C:\Windows\System32\smss.exe
2013-06-28 13:39:18 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-27 23:34:09 208216 ----a-w- C:\Windows\System32\drivers\72091023.sys
2013-05-26 22:46:05 39338 ----a-w- C:\Windows\System32\drivers\etc\HOSTS.tmp
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH:  0:27:40.02 ===============
 

Attached File  attach.txt   11.54KB   0 downloads

Attached File  19hops.JPG   40.04KB   4 downloads

Attached File  commandlinescan.JPG   50.33KB   4 downloads

Attached File  firefoxcert8.JPG   49.56KB   5 downloads

Attached File  modemindicator.JPG   9.52KB   5 downloads

Attached File  strangecharacter.JPG   9.99KB   5 downloads

Attached File  thebestbabes.JPG   9.98KB   5 downloads

Attached File  Igotthiswhileoncitibankshoppingwebsite.JPG   59.66KB   6 downloads

Attached File  boot.backup.LOG   21KB   0 downloads

Attached File  ntuserfiles.JPG   111.76KB   5 downloads

Attached File  excessive activity.JPG   51.69KB   4 downloads

Attached Files



BC AdBot (Login to Remove)

 


#2 MyCrappyComputer

MyCrappyComputer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 29 July 2013 - 12:18 AM

I have Windows 7 64-bit. I have not done anything to the computer, other than run a few scans, but I didn't change anything as I have no idea how to interpret them. I would really appreciate any assistance. Thank you very much,

MCC



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:57 AM

Posted 02 August 2013 - 08:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Let start with these scans.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+


#4 MyCrappyComputer

MyCrappyComputer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 02 August 2013 - 05:27 PM

Hi Nasdaq,
 
I recently learned about the "verifier" tool in windows 7 64-bit and I decided to verify my drivers. These are the results:
 
1) When I only checked off the non-windows drivers to be verified, the computer rebooted just fine.
 
2) When I checked off just the Windows drivers, I repeatedly got a blue screen with the message, "A device driver attempting to corrupt the system has been caught. The faulty driver currently on the kernel stack must be replaced with a working version." The computer would then only reboot in safe-mode, until I deleted the settings from verifier.exe
 
3) Lower down on the blue screen it says:
Technical Information:
**** Stop: 0x000000C4  (0x0000000000000000, 0x000000000000000, 0x0000000000000000, 0x0000000000000000)
Collecting data for crash dump.
 
4) Since I posted my logs and prior to your response, some other strange things have happenned to my computer that I thought might help you diagnose my problems.
 
5) One time I was trying to go to mlb.com, I was sent to "wap.mlb.com", and then "m.mlb.com". At the time I was on my home computer directly plugged into my modem. I think these are mobile sites. Is that normal?
 
6) Every time I open up Internet explorer or Safari, I get a warning from my AV software that these programs have just modified my "HOSTS" file. Is that normal or does that tell you anything?
 
Anyway, I have attached my compressed MBR.Dat, and pasted my three logs. Thank you for your help.
 
MCC 

 

 

 

17:23:49.0979 3012  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:23:50.0509 3012  ============================================================
17:23:50.0509 3012  Current date / time: 2013/08/02 17:23:50.0509
17:23:50.0509 3012  SystemInfo:
17:23:50.0509 3012  
17:23:50.0509 3012  OS Version: 6.1.7601 ServicePack: 1.0
17:23:50.0509 3012  Product type: Workstation
17:23:50.0509 3012  ComputerName: ELGUAPOYELFUERT
17:23:50.0509 3012  UserName: el guapo y el fuerte
17:23:50.0509 3012  Windows directory: C:\Windows
17:23:50.0509 3012  System windows directory: C:\Windows
17:23:50.0509 3012  Running under WOW64
17:23:50.0509 3012  Processor architecture: Intel x64
17:23:50.0509 3012  Number of processors: 4
17:23:50.0509 3012  Page size: 0x1000
17:23:50.0509 3012  Boot type: Normal boot
17:23:50.0509 3012  ============================================================
17:23:52.0428 3012  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:23:52.0428 3012  ============================================================
17:23:52.0428 3012  \Device\Harddisk0\DR0:
17:23:52.0428 3012  MBR partitions:
17:23:52.0428 3012  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:23:52.0428 3012  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000
17:23:52.0428 3012  ============================================================
17:23:52.0444 3012  C: <-> \Device\Harddisk0\DR0\Partition2
17:23:52.0444 3012  ============================================================
17:23:52.0444 3012  Initialize success
17:23:52.0444 3012  ============================================================
17:24:02.0896 2780  ============================================================
17:24:02.0896 2780  Scan started
17:24:02.0896 2780  Mode: Manual; SigCheck; TDLFS; 
17:24:02.0896 2780  ============================================================
17:24:04.0877 2780  ================ Scan system memory ========================
17:24:04.0877 2780  System memory - ok
17:24:04.0877 2780  ================ Scan services =============================
17:24:04.0908 2780  !SASCORE - ok
17:24:05.0033 2780  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:24:05.0080 2780  1394ohci - ok
17:24:05.0111 2780  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:24:05.0126 2780  ACPI - ok
17:24:05.0126 2780  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:24:05.0158 2780  AcpiPmi - ok
17:24:05.0236 2780  AdobeARMservice - ok
17:24:05.0329 2780  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:24:05.0345 2780  AdobeFlashPlayerUpdateSvc - ok
17:24:05.0392 2780  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:24:05.0407 2780  adp94xx - ok
17:24:05.0438 2780  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:24:05.0454 2780  adpahci - ok
17:24:05.0454 2780  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:24:05.0470 2780  adpu320 - ok
17:24:05.0501 2780  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:24:05.0532 2780  AeLookupSvc - ok
17:24:05.0548 2780  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
17:24:05.0548 2780  AERTFilters - ok
17:24:05.0579 2780  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:24:05.0610 2780  AFD - ok
17:24:05.0626 2780  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:24:05.0641 2780  agp440 - ok
17:24:05.0657 2780  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:24:05.0688 2780  ALG - ok
17:24:05.0704 2780  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:24:05.0719 2780  aliide - ok
17:24:05.0719 2780  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:24:05.0735 2780  amdide - ok
17:24:05.0750 2780  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:24:05.0782 2780  AmdK8 - ok
17:24:05.0782 2780  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
17:24:05.0813 2780  AmdPPM - ok
17:24:05.0844 2780  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:24:05.0860 2780  amdsata - ok
17:24:05.0875 2780  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:24:05.0891 2780  amdsbs - ok
17:24:05.0906 2780  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:24:05.0922 2780  amdxata - ok
17:24:05.0938 2780  [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
17:24:05.0953 2780  AMPPAL - ok
17:24:06.0000 2780  [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
17:24:06.0000 2780  AMPPALP - ok
17:24:06.0078 2780  [ 864C632B999BE1237A3DC46736E71F27 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
17:24:06.0109 2780  AMPPALR3 - ok
17:24:06.0125 2780  AntiLog32 - ok
17:24:06.0125 2780  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:24:06.0172 2780  AppID - ok
17:24:06.0203 2780  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:24:06.0250 2780  AppIDSvc - ok
17:24:06.0265 2780  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
17:24:06.0281 2780  Appinfo - ok
17:24:06.0328 2780  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
17:24:06.0328 2780  arc - ok
17:24:06.0343 2780  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:24:06.0343 2780  arcsas - ok
17:24:06.0374 2780  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:24:06.0437 2780  AsyncMac - ok
17:24:06.0452 2780  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:24:06.0468 2780  atapi - ok
17:24:06.0484 2780  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:24:06.0515 2780  AudioEndpointBuilder - ok
17:24:06.0546 2780  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:24:06.0577 2780  AudioSrv - ok
17:24:06.0593 2780  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:24:06.0640 2780  AxInstSV - ok
17:24:06.0671 2780  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
17:24:06.0702 2780  b06bdrv - ok
17:24:06.0749 2780  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:24:06.0780 2780  b57nd60a - ok
17:24:06.0905 2780  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:24:06.0983 2780  BDESVC - ok
17:24:07.0092 2780  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:24:07.0139 2780  Beep - ok
17:24:07.0170 2780  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
17:24:07.0217 2780  BFE - ok
17:24:07.0388 2780  [ 6E10DB69DB1AA96207F4B14B18FF12F8 ] BHDrvx64        C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130716.011_f7f\BHDrvx64.sys
17:24:07.0404 2780  BHDrvx64 - ok
17:24:07.0435 2780  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:24:07.0482 2780  BITS - ok
17:24:07.0498 2780  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:24:07.0513 2780  blbdrive - ok
17:24:07.0529 2780  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:24:07.0560 2780  bowser - ok
17:24:07.0576 2780  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
17:24:07.0591 2780  BrFiltLo - ok
17:24:07.0607 2780  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
17:24:07.0607 2780  BrFiltUp - ok
17:24:07.0638 2780  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
17:24:07.0685 2780  BridgeMP - ok
17:24:07.0732 2780  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:24:07.0732 2780  Browser - ok
17:24:07.0747 2780  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:24:07.0778 2780  Brserid - ok
17:24:07.0794 2780  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:24:07.0841 2780  BrSerWdm - ok
17:24:07.0856 2780  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:24:07.0872 2780  BrUsbMdm - ok
17:24:07.0872 2780  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:24:07.0888 2780  BrUsbSer - ok
17:24:07.0919 2780  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
17:24:07.0950 2780  BthEnum - ok
17:24:07.0966 2780  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:24:07.0997 2780  BTHMODEM - ok
17:24:08.0012 2780  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
17:24:08.0059 2780  BthPan - ok
17:24:08.0090 2780  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
17:24:08.0122 2780  BTHPORT - ok
17:24:08.0153 2780  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:24:08.0184 2780  bthserv - ok
17:24:08.0231 2780  [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
17:24:08.0231 2780  BTHSSecurityMgr - ok
17:24:08.0246 2780  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
17:24:08.0262 2780  BTHUSB - ok
17:24:08.0262 2780  btmaudio - ok
17:24:08.0262 2780  btmaux - ok
17:24:08.0278 2780  [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
17:24:08.0309 2780  btmhsf - ok
17:24:08.0371 2780  [ 248C952C82DF1E23775432774CBB20F1 ] ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553} C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys
17:24:08.0387 2780  ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553} - ok
17:24:08.0418 2780  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:24:08.0434 2780  cdfs - ok
17:24:08.0465 2780  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:24:08.0496 2780  cdrom - ok
17:24:08.0512 2780  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:24:08.0558 2780  CertPropSvc - ok
17:24:08.0574 2780  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
17:24:08.0590 2780  circlass - ok
17:24:08.0605 2780  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:24:08.0621 2780  CLFS - ok
17:24:08.0668 2780  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:24:08.0699 2780  clr_optimization_v2.0.50727_32 - ok
17:24:08.0714 2780  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:24:08.0730 2780  clr_optimization_v2.0.50727_64 - ok
17:24:08.0761 2780  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:24:08.0777 2780  clr_optimization_v4.0.30319_32 - ok
17:24:08.0824 2780  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:24:08.0824 2780  clr_optimization_v4.0.30319_64 - ok
17:24:08.0870 2780  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:24:08.0886 2780  CmBatt - ok
17:24:08.0917 2780  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:24:08.0917 2780  cmdide - ok
17:24:08.0948 2780  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
17:24:08.0964 2780  CNG - ok
17:24:08.0995 2780  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:24:08.0995 2780  Compbatt - ok
17:24:09.0011 2780  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
17:24:09.0026 2780  CompositeBus - ok
17:24:09.0026 2780  COMSysApp - ok
17:24:09.0042 2780  [ 4F19119C392210244FC0108E76939DC5 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
17:24:09.0058 2780  cphs - ok
17:24:09.0058 2780  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:24:09.0073 2780  crcdisk - ok
17:24:09.0104 2780  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:24:09.0136 2780  CryptSvc - ok
17:24:09.0167 2780  [ 1CA90212A99DB6975C344826D11055C9 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
17:24:09.0182 2780  dc3d - ok
17:24:09.0214 2780  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:24:09.0260 2780  DcomLaunch - ok
17:24:09.0307 2780  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:24:09.0338 2780  defragsvc - ok
17:24:09.0338 2780  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:24:09.0385 2780  DfsC - ok
17:24:09.0401 2780  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:24:09.0432 2780  Dhcp - ok
17:24:09.0448 2780  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:24:09.0494 2780  discache - ok
17:24:09.0526 2780  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
17:24:09.0541 2780  Disk - ok
17:24:09.0557 2780  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:24:09.0588 2780  Dnscache - ok
17:24:09.0604 2780  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:24:09.0635 2780  dot3svc - ok
17:24:09.0650 2780  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:24:09.0682 2780  DPS - ok
17:24:09.0728 2780  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:24:09.0744 2780  drmkaud - ok
17:24:09.0791 2780  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:24:09.0806 2780  DXGKrnl - ok
17:24:09.0822 2780  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:24:09.0838 2780  EapHost - ok
17:24:09.0947 2780  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
17:24:10.0025 2780  ebdrv - ok
17:24:10.0072 2780  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:24:10.0087 2780  eeCtrl - ok
17:24:10.0103 2780  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:24:10.0134 2780  EFS - ok
17:24:10.0196 2780  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:24:10.0228 2780  ehRecvr - ok
17:24:10.0243 2780  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:24:10.0259 2780  ehSched - ok
17:24:10.0306 2780  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:24:10.0321 2780  elxstor - ok
17:24:10.0384 2780  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:24:10.0384 2780  EraserUtilRebootDrv - ok
17:24:10.0399 2780  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:24:10.0430 2780  ErrDev - ok
17:24:10.0430 2780  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:24:10.0477 2780  EventSystem - ok
17:24:10.0508 2780  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:24:10.0540 2780  exfat - ok
17:24:10.0555 2780  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:24:10.0586 2780  fastfat - ok
17:24:10.0602 2780  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
17:24:10.0618 2780  fdc - ok
17:24:10.0649 2780  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:24:10.0664 2780  fdPHost - ok
17:24:10.0680 2780  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:24:10.0727 2780  FDResPub - ok
17:24:10.0742 2780  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:24:10.0742 2780  FileInfo - ok
17:24:10.0758 2780  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:24:10.0789 2780  Filetrace - ok
17:24:10.0820 2780  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
17:24:10.0820 2780  flpydisk - ok
17:24:10.0836 2780  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:24:10.0852 2780  FltMgr - ok
17:24:10.0883 2780  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
17:24:10.0914 2780  FontCache - ok
17:24:10.0914 2780  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:24:10.0930 2780  FsDepends - ok
17:24:10.0945 2780  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:24:10.0961 2780  Fs_Rec - ok
17:24:10.0992 2780  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:24:11.0008 2780  fvevol - ok
17:24:11.0008 2780  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:24:11.0023 2780  gagp30kx - ok
17:24:11.0039 2780  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:24:11.0054 2780  GEARAspiWDM - ok
17:24:11.0070 2780  [ 9F5E8645FECD68C0ECC374F5A4AE068A ] gfiark          C:\Windows\system32\drivers\gfiark.sys
17:24:11.0086 2780  gfiark - ok
17:24:11.0101 2780  [ 14908F4F9005C29DE8F5587E271390EE ] gfibto          C:\Windows\system32\drivers\gfibto.sys
17:24:11.0117 2780  gfibto - ok
17:24:11.0148 2780  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:24:11.0179 2780  gpsvc - ok
17:24:11.0195 2780  gupdate - ok
17:24:11.0210 2780  gupdatem - ok
17:24:11.0226 2780  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:24:11.0242 2780  hcw85cir - ok
17:24:11.0288 2780  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:24:11.0304 2780  HdAudAddService - ok
17:24:11.0320 2780  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:24:11.0351 2780  HDAudBus - ok
17:24:11.0351 2780  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
17:24:11.0382 2780  HidBatt - ok
17:24:11.0398 2780  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:24:11.0444 2780  HidBth - ok
17:24:11.0460 2780  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:24:11.0476 2780  HidIr - ok
17:24:11.0491 2780  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
17:24:11.0522 2780  hidserv - ok
17:24:11.0554 2780  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:24:11.0569 2780  HidUsb - ok
17:24:11.0585 2780  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:24:11.0632 2780  hkmsvc - ok
17:24:11.0647 2780  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:24:11.0663 2780  HomeGroupListener - ok
17:24:11.0678 2780  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:24:11.0694 2780  HomeGroupProvider - ok
17:24:11.0725 2780  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:24:11.0725 2780  HpSAMD - ok
17:24:11.0756 2780  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:24:11.0803 2780  HTTP - ok
17:24:11.0819 2780  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:24:11.0834 2780  hwpolicy - ok
17:24:11.0850 2780  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:24:11.0866 2780  i8042prt - ok
17:24:11.0897 2780  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:24:11.0912 2780  iaStorV - ok
17:24:11.0928 2780  [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
17:24:11.0959 2780  iBtFltCoex - ok
17:24:12.0006 2780  [ 83FF82FE209E7997067B375DAD6CF23D ] ICCS            C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
17:24:12.0022 2780  ICCS - ok
17:24:12.0193 2780  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130801.011\IDSvia64.sys
17:24:12.0209 2780  IDSVia64 - ok
17:24:12.0287 2780  [ 348214F96642FD4FEF630DE021BA3540 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:24:12.0396 2780  igfx - ok
17:24:12.0427 2780  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:24:12.0443 2780  iirsp - ok
17:24:12.0458 2780  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:24:12.0521 2780  IKEEXT - ok
17:24:12.0568 2780  [ A3C9367A02B2A1FC22536ADD3601B64F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:24:12.0614 2780  IntcAzAudAddService - ok
17:24:12.0630 2780  [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
17:24:12.0630 2780  IntcDAud - ok
17:24:12.0646 2780  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:24:12.0661 2780  intelide - ok
17:24:12.0677 2780  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:24:12.0692 2780  intelppm - ok
17:24:12.0724 2780  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:24:12.0755 2780  IPBusEnum - ok
17:24:12.0786 2780  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:24:12.0802 2780  IpFilterDriver - ok
17:24:13.0238 2780  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:24:13.0254 2780  iphlpsvc - ok
17:24:13.0348 2780  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:24:13.0441 2780  IPMIDRV - ok
17:24:13.0472 2780  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:24:13.0582 2780  IPNAT - ok
17:24:13.0628 2780  [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:24:13.0644 2780  iPod Service - ok
17:24:13.0660 2780  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:24:13.0675 2780  IRENUM - ok
17:24:13.0691 2780  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:24:13.0691 2780  isapnp - ok
17:24:13.0706 2780  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:24:13.0722 2780  iScsiPrt - ok
17:24:13.0738 2780  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:24:13.0753 2780  kbdclass - ok
17:24:13.0769 2780  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:24:13.0784 2780  kbdhid - ok
17:24:13.0800 2780  keycrypt - ok
17:24:13.0816 2780  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:24:13.0831 2780  KeyIso - ok
17:24:13.0847 2780  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:24:13.0862 2780  KSecDD - ok
17:24:13.0878 2780  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:24:13.0878 2780  KSecPkg - ok
17:24:13.0894 2780  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:24:13.0972 2780  ksthunk - ok
17:24:13.0987 2780  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:24:14.0034 2780  KtmRm - ok
17:24:14.0081 2780  [ 0219F13AB1664005ADCBA884C0EB975E ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
17:24:14.0081 2780  L1C - ok
17:24:14.0112 2780  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
17:24:14.0143 2780  LanmanServer - ok
17:24:14.0174 2780  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:24:14.0221 2780  LanmanWorkstation - ok
17:24:14.0252 2780  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:24:14.0284 2780  lltdio - ok
17:24:14.0315 2780  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:24:14.0346 2780  lltdsvc - ok
17:24:14.0362 2780  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:24:14.0377 2780  lmhosts - ok
17:24:14.0408 2780  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:24:14.0424 2780  LSI_FC - ok
17:24:14.0424 2780  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:24:14.0440 2780  LSI_SAS - ok
17:24:14.0440 2780  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
17:24:14.0455 2780  LSI_SAS2 - ok
17:24:14.0455 2780  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:24:14.0471 2780  LSI_SCSI - ok
17:24:14.0502 2780  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:24:14.0549 2780  luafv - ok
17:24:14.0564 2780  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:24:14.0580 2780  Mcx2Svc - ok
17:24:14.0596 2780  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:24:14.0596 2780  megasas - ok
17:24:14.0627 2780  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
17:24:14.0642 2780  MegaSR - ok
17:24:14.0674 2780  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
17:24:14.0674 2780  MEIx64 - ok
17:24:14.0705 2780  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:24:14.0736 2780  MMCSS - ok
17:24:14.0752 2780  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:24:14.0798 2780  Modem - ok
17:24:14.0830 2780  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:24:14.0861 2780  monitor - ok
17:24:14.0876 2780  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:24:14.0892 2780  mouclass - ok
17:24:14.0908 2780  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:24:14.0923 2780  mouhid - ok
17:24:14.0939 2780  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:24:14.0939 2780  mountmgr - ok
17:24:14.0986 2780  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:24:15.0001 2780  MozillaMaintenance - ok
17:24:15.0017 2780  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:24:15.0017 2780  mpio - ok
17:24:15.0032 2780  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:24:15.0048 2780  mpsdrv - ok
17:24:15.0064 2780  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:24:15.0095 2780  MpsSvc - ok
17:24:15.0110 2780  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:24:15.0157 2780  MRxDAV - ok
17:24:15.0188 2780  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:24:15.0204 2780  mrxsmb - ok
17:24:15.0220 2780  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:24:15.0235 2780  mrxsmb10 - ok
17:24:15.0235 2780  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:24:15.0251 2780  mrxsmb20 - ok
17:24:15.0266 2780  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:24:15.0266 2780  msahci - ok
17:24:15.0282 2780  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:24:15.0298 2780  msdsm - ok
17:24:15.0313 2780  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:24:15.0329 2780  MSDTC - ok
17:24:15.0344 2780  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:24:15.0376 2780  Msfs - ok
17:24:15.0391 2780  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:24:15.0407 2780  mshidkmdf - ok
17:24:15.0422 2780  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:24:15.0438 2780  msisadrv - ok
17:24:15.0454 2780  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:24:15.0485 2780  MSiSCSI - ok
17:24:15.0485 2780  msiserver - ok
17:24:15.0500 2780  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:24:15.0547 2780  MSKSSRV - ok
17:24:15.0563 2780  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:24:15.0594 2780  MSPCLOCK - ok
17:24:15.0594 2780  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:24:15.0641 2780  MSPQM - ok
17:24:15.0656 2780  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:24:15.0672 2780  MsRPC - ok
17:24:15.0672 2780  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:24:15.0688 2780  mssmbios - ok
17:24:15.0703 2780  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:24:15.0750 2780  MSTEE - ok
17:24:15.0766 2780  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
17:24:15.0781 2780  MTConfig - ok
17:24:15.0781 2780  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:24:15.0797 2780  Mup - ok
17:24:15.0844 2780  [ 8F57DB74BF5407A4CDA6C8B005DC8DD0 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
17:24:15.0859 2780  MyWiFiDHCPDNS - ok
17:24:15.0890 2780  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:24:15.0922 2780  napagent - ok
17:24:15.0968 2780  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:24:16.0000 2780  NativeWifiP - ok
17:24:16.0093 2780  [ 56540E526B46E379A476FB5BC381B290 ] NAVENG          C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130801.034\ENG64.SYS
17:24:16.0109 2780  NAVENG - ok
17:24:16.0171 2780  [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15         C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130801.034\EX64.SYS
17:24:16.0202 2780  NAVEX15 - ok
17:24:16.0249 2780  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:24:16.0265 2780  NDIS - ok
17:24:16.0280 2780  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:24:16.0312 2780  NdisCap - ok
17:24:16.0327 2780  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:24:16.0343 2780  NdisTapi - ok
17:24:16.0358 2780  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:24:16.0405 2780  Ndisuio - ok
17:24:16.0421 2780  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:24:16.0468 2780  NdisWan - ok
17:24:16.0483 2780  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:24:16.0514 2780  NDProxy - ok
17:24:16.0514 2780  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:24:16.0561 2780  NetBIOS - ok
17:24:16.0592 2780  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:24:16.0608 2780  NetBT - ok
17:24:16.0624 2780  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:24:16.0639 2780  Netlogon - ok
17:24:16.0670 2780  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:24:16.0717 2780  Netman - ok
17:24:16.0733 2780  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:24:16.0780 2780  netprofm - ok
17:24:16.0904 2780  [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
17:24:17.0045 2780  NETwNs64 - ok
17:24:17.0060 2780  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:24:17.0076 2780  nfrd960 - ok
17:24:17.0092 2780  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:24:17.0107 2780  NlaSvc - ok
17:24:17.0107 2780  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:24:17.0138 2780  Npfs - ok
17:24:17.0138 2780  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:24:17.0185 2780  nsi - ok
17:24:17.0201 2780  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:24:17.0248 2780  nsiproxy - ok
17:24:17.0294 2780  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:24:17.0341 2780  Ntfs - ok
17:24:17.0341 2780  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:24:17.0372 2780  Null - ok
17:24:17.0419 2780  [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
17:24:17.0419 2780  nusb3hub - ok
17:24:17.0435 2780  [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:24:17.0450 2780  nusb3xhc - ok
17:24:17.0482 2780  [ 65E6BB06A644533118BE007E9601B2C2 ] nvkflt          C:\Windows\system32\DRIVERS\nvkflt.sys
17:24:17.0497 2780  nvkflt - ok
17:24:17.0669 2780  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:24:17.0809 2780  nvlddmkm - ok
17:24:17.0840 2780  [ 918841B2454F4F2BD94479692079490B ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
17:24:17.0856 2780  nvpciflt - ok
17:24:17.0872 2780  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:24:17.0887 2780  nvraid - ok
17:24:17.0903 2780  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:24:17.0903 2780  nvstor - ok
17:24:17.0950 2780  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:24:17.0996 2780  nvUpdatusService - ok
17:24:18.0028 2780  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:24:18.0028 2780  nv_agp - ok
17:24:18.0043 2780  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:24:18.0059 2780  ohci1394 - ok
17:24:18.0106 2780  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:24:18.0106 2780  ose - ok
17:24:18.0199 2780  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:24:18.0308 2780  osppsvc - ok
17:24:18.0324 2780  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:24:18.0355 2780  p2pimsvc - ok
17:24:18.0402 2780  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:24:18.0418 2780  p2psvc - ok
17:24:18.0433 2780  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
17:24:18.0433 2780  Parport - ok
17:24:18.0464 2780  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:24:18.0464 2780  partmgr - ok
17:24:18.0480 2780  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:24:18.0511 2780  PcaSvc - ok
17:24:18.0527 2780  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:24:18.0542 2780  pci - ok
17:24:18.0558 2780  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:24:18.0558 2780  pciide - ok
17:24:18.0574 2780  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:24:18.0589 2780  pcmcia - ok
17:24:18.0620 2780  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:24:18.0620 2780  pcw - ok
17:24:18.0636 2780  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:24:18.0698 2780  PEAUTH - ok
17:24:18.0730 2780  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:24:18.0761 2780  PerfHost - ok
17:24:18.0792 2780  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:24:18.0854 2780  pla - ok
17:24:18.0886 2780  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:24:18.0932 2780  PlugPlay - ok
17:24:18.0964 2780  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:24:18.0979 2780  PNRPAutoReg - ok
17:24:18.0995 2780  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:24:19.0010 2780  PNRPsvc - ok
17:24:19.0026 2780  [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
17:24:19.0042 2780  Point64 - ok
17:24:19.0135 2780  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:24:19.0182 2780  PolicyAgent - ok
17:24:19.0213 2780  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:24:19.0260 2780  Power - ok
17:24:19.0276 2780  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:24:19.0322 2780  PptpMiniport - ok
17:24:19.0338 2780  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
17:24:19.0369 2780  Processor - ok
17:24:19.0400 2780  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:24:19.0432 2780  ProfSvc - ok
17:24:19.0447 2780  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:24:19.0447 2780  ProtectedStorage - ok
17:24:19.0494 2780  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:24:19.0541 2780  ql2300 - ok
17:24:19.0556 2780  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:24:19.0572 2780  ql40xx - ok
17:24:19.0603 2780  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:24:19.0619 2780  QWAVE - ok
17:24:19.0619 2780  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:24:19.0634 2780  QWAVEdrv - ok
17:24:19.0650 2780  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:24:19.0697 2780  RasAcd - ok
17:24:19.0728 2780  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:24:19.0759 2780  RasAgileVpn - ok
17:24:19.0759 2780  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:24:19.0790 2780  RasAuto - ok
17:24:19.0806 2780  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:24:19.0853 2780  Rasl2tp - ok
17:24:19.0884 2780  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:24:19.0915 2780  RasMan - ok
17:24:19.0931 2780  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:24:19.0962 2780  RasPppoe - ok
17:24:19.0993 2780  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:24:20.0040 2780  RasSstp - ok
17:24:20.0056 2780  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:24:20.0087 2780  rdbss - ok
17:24:20.0118 2780  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
17:24:20.0118 2780  rdpbus - ok
17:24:20.0134 2780  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:24:20.0180 2780  RDPCDD - ok
17:24:20.0180 2780  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:24:20.0212 2780  RDPENCDD - ok
17:24:20.0227 2780  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:24:20.0258 2780  RDPREFMP - ok
17:24:20.0274 2780  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:24:20.0305 2780  RDPWD - ok
17:24:20.0321 2780  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:24:20.0336 2780  rdyboost - ok
17:24:20.0383 2780  [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:24:20.0399 2780  RegSrvc - ok
17:24:20.0414 2780  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:24:20.0446 2780  RemoteAccess - ok
17:24:20.0461 2780  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:24:20.0492 2780  RemoteRegistry - ok
17:24:20.0508 2780  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
17:24:20.0539 2780  RFCOMM - ok
17:24:20.0555 2780  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:24:20.0602 2780  RpcEptMapper - ok
17:24:20.0617 2780  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:24:20.0633 2780  RpcLocator - ok
17:24:20.0648 2780  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:24:20.0680 2780  RpcSs - ok
17:24:20.0711 2780  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:24:20.0726 2780  rspndr - ok
17:24:20.0726 2780  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:24:20.0742 2780  SamSs - ok
17:24:20.0758 2780  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:24:20.0773 2780  sbp2port - ok
17:24:20.0789 2780  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:24:20.0804 2780  SCardSvr - ok
17:24:20.0820 2780  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:24:20.0867 2780  scfilter - ok
17:24:20.0898 2780  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:24:20.0960 2780  Schedule - ok
17:24:20.0976 2780  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:24:21.0007 2780  SCPolicySvc - ok
17:24:21.0007 2780  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:24:21.0038 2780  SDRSVC - ok
17:24:21.0070 2780  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:24:21.0116 2780  secdrv - ok
17:24:21.0132 2780  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:24:21.0163 2780  seclogon - ok
17:24:21.0179 2780  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:24:21.0226 2780  SENS - ok
17:24:21.0226 2780  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:24:21.0241 2780  SensrSvc - ok
17:24:21.0319 2780  [ 59BAE636BD55295307296093FADEC771 ] SepMasterService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
17:24:21.0335 2780  SepMasterService - ok
17:24:21.0335 2780  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:24:21.0366 2780  Serenum - ok
17:24:21.0382 2780  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
17:24:21.0413 2780  Serial - ok
17:24:21.0444 2780  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:24:21.0460 2780  sermouse - ok
17:24:21.0491 2780  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:24:21.0522 2780  SessionEnv - ok
17:24:21.0538 2780  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:24:21.0553 2780  sffdisk - ok
17:24:21.0569 2780  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:24:21.0569 2780  sffp_mmc - ok
17:24:21.0584 2780  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:24:21.0616 2780  sffp_sd - ok
17:24:21.0616 2780  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:24:21.0631 2780  sfloppy - ok
17:24:21.0647 2780  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:24:21.0678 2780  SharedAccess - ok
17:24:21.0694 2780  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:24:21.0725 2780  ShellHWDetection - ok
17:24:21.0756 2780  [ E9E830D540EDEDED650F906628468548 ] simptcp         C:\Windows\System32\tcpsvcs.exe
17:24:21.0772 2780  simptcp - ok
17:24:21.0772 2780  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:24:21.0787 2780  SiSRaid2 - ok
17:24:21.0787 2780  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:24:21.0803 2780  SiSRaid4 - ok
17:24:21.0818 2780  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:24:21.0865 2780  Smb - ok
17:24:21.0959 2780  [ 014EC99CC1C892B5B6BA65776592E7B4 ] SmcService      C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
17:24:22.0006 2780  SmcService - ok
17:24:22.0037 2780  [ 88078B50B806B8E8A4A08E547C0D6492 ] SNAC            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe
17:24:22.0052 2780  SNAC - ok
17:24:22.0084 2780  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:24:22.0115 2780  SNMPTRAP - ok
17:24:22.0130 2780  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:24:22.0146 2780  spldr - ok
17:24:22.0162 2780  [ B9D7A4858CF32A6A15D2763F1DE47E0E ] Spooler         C:\Windows\System32\spoolsv.exe
17:24:22.0193 2780  Spooler - ok
17:24:22.0255 2780  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:24:22.0333 2780  sppsvc - ok
17:24:22.0349 2780  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:24:22.0364 2780  sppuinotify - ok
17:24:22.0442 2780  [ BFF91C4FF4A2FEDDB0B285EAD0AC1B7B ] SRTSP           C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSP64.SYS
17:24:22.0458 2780  SRTSP - ok
17:24:22.0474 2780  [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX          C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSPX64.SYS
17:24:22.0489 2780  SRTSPX - ok
17:24:22.0505 2780  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:24:22.0536 2780  srv - ok
17:24:22.0552 2780  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:24:22.0598 2780  srv2 - ok
17:24:22.0614 2780  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:24:22.0630 2780  srvnet - ok
17:24:22.0645 2780  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:24:22.0692 2780  SSDPSRV - ok
17:24:22.0708 2780  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:24:22.0739 2780  SstpSvc - ok
17:24:22.0754 2780  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:24:22.0770 2780  stexstor - ok
17:24:22.0786 2780  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:24:22.0817 2780  stisvc - ok
17:24:23.0035 2780  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:24:23.0051 2780  swenum - ok
17:24:23.0238 2780  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:24:23.0300 2780  swprv - ok
17:24:23.0878 2780  [ 688BBE78970E639BC1D66AE733394DCF ] SymDS           C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS
17:24:23.0987 2780  SymDS - ok
17:24:24.0205 2780  [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA          C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS
17:24:24.0236 2780  SymEFA - ok
17:24:24.0268 2780  [ F19E5E37ED8134B9E5F6287F2D3A75D7 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
17:24:24.0283 2780  SymEvent - ok
17:24:24.0314 2780  [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON         C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS
17:24:24.0330 2780  SymIRON - ok
17:24:24.0346 2780  [ 1605EBD8CB86AFC4430116065995279A ] SYMNETS         C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS
17:24:24.0361 2780  SYMNETS - ok
17:24:24.0392 2780  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:24:24.0439 2780  SysMain - ok
17:24:24.0455 2780  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:24:24.0470 2780  TabletInputService - ok
17:24:24.0486 2780  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:24:24.0533 2780  TapiSrv - ok
17:24:24.0548 2780  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:24:24.0564 2780  TBS - ok
17:24:24.0611 2780  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:24:24.0658 2780  Tcpip - ok
17:24:24.0689 2780  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:24:24.0704 2780  TCPIP6 - ok
17:24:24.0720 2780  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:24:24.0736 2780  tcpipreg - ok
17:24:24.0767 2780  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:24:24.0782 2780  TDPIPE - ok
17:24:24.0814 2780  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:24:24.0845 2780  TDTCP - ok
17:24:24.0860 2780  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:24:24.0892 2780  tdx - ok
17:24:24.0907 2780  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:24:24.0907 2780  TermDD - ok
17:24:24.0923 2780  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:24:24.0970 2780  TermService - ok
17:24:25.0001 2780  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:24:25.0001 2780  Themes - ok
17:24:25.0016 2780  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:24:25.0032 2780  THREADORDER - ok
17:24:25.0048 2780  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:24:25.0094 2780  TrkWks - ok
17:24:25.0141 2780  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:24:25.0172 2780  TrustedInstaller - ok
17:24:25.0172 2780  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:24:25.0219 2780  tssecsrv - ok
17:24:25.0235 2780  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:24:25.0250 2780  TsUsbFlt - ok
17:24:25.0266 2780  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
17:24:25.0266 2780  TsUsbGD - ok
17:24:25.0297 2780  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:24:25.0344 2780  tunnel - ok
17:24:25.0360 2780  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:24:25.0375 2780  uagp35 - ok
17:24:25.0375 2780  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:24:25.0422 2780  udfs - ok
17:24:25.0438 2780  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:24:25.0469 2780  UI0Detect - ok
17:24:25.0500 2780  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:24:25.0516 2780  uliagpkx - ok
17:24:25.0516 2780  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:24:25.0547 2780  umbus - ok
17:24:25.0562 2780  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
17:24:25.0578 2780  UmPass - ok
17:24:25.0609 2780  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:24:25.0656 2780  upnphost - ok
17:24:25.0687 2780  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:24:25.0703 2780  usbccgp - ok
17:24:25.0703 2780  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:24:25.0718 2780  usbcir - ok
17:24:25.0734 2780  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:24:25.0750 2780  usbehci - ok
17:24:25.0765 2780  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:24:25.0812 2780  usbhub - ok
17:24:25.0828 2780  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:24:25.0843 2780  usbohci - ok
17:24:25.0874 2780  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:24:25.0906 2780  usbprint - ok
17:24:25.0937 2780  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:24:25.0952 2780  usbscan - ok
17:24:25.0968 2780  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:24:25.0984 2780  USBSTOR - ok
17:24:26.0015 2780  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:24:26.0030 2780  usbuhci - ok
17:24:26.0077 2780  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:24:26.0093 2780  usbvideo - ok
17:24:26.0093 2780  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:24:26.0140 2780  UxSms - ok
17:24:26.0155 2780  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:24:26.0155 2780  VaultSvc - ok
17:24:26.0186 2780  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:24:26.0186 2780  vdrvroot - ok
17:24:26.0202 2780  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:24:26.0249 2780  vds - ok
17:24:26.0280 2780  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:24:26.0296 2780  vga - ok
17:24:26.0311 2780  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:24:26.0327 2780  VgaSave - ok
17:24:26.0358 2780  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:24:26.0358 2780  vhdmp - ok
17:24:26.0374 2780  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:24:26.0389 2780  viaide - ok
17:24:26.0405 2780  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:24:26.0420 2780  volmgr - ok
17:24:26.0420 2780  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:24:26.0436 2780  volmgrx - ok
17:24:26.0452 2780  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:24:26.0467 2780  volsnap - ok
17:24:26.0483 2780  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:24:26.0498 2780  vsmraid - ok
17:24:26.0530 2780  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:24:26.0608 2780  VSS - ok
17:24:26.0623 2780  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:24:26.0654 2780  vwifibus - ok
17:24:26.0670 2780  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:24:26.0686 2780  vwififlt - ok
17:24:26.0701 2780  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
17:24:26.0717 2780  vwifimp - ok
17:24:26.0732 2780  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:24:26.0764 2780  W32Time - ok
17:24:26.0779 2780  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:24:26.0795 2780  WacomPen - ok
17:24:26.0826 2780  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:24:26.0873 2780  WANARP - ok
17:24:26.0888 2780  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:24:26.0920 2780  Wanarpv6 - ok
17:24:26.0966 2780  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:24:26.0998 2780  WatAdminSvc - ok
17:24:27.0029 2780  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:24:27.0091 2780  wbengine - ok
17:24:27.0107 2780  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:24:27.0122 2780  WbioSrvc - ok
17:24:27.0138 2780  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:24:27.0169 2780  wcncsvc - ok
17:24:27.0169 2780  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:24:27.0200 2780  WcsPlugInService - ok
17:24:27.0216 2780  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
17:24:27.0232 2780  Wd - ok
17:24:27.0263 2780  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:24:27.0278 2780  Wdf01000 - ok
17:24:27.0294 2780  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:24:27.0341 2780  WdiServiceHost - ok
17:24:27.0341 2780  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:24:27.0356 2780  WdiSystemHost - ok
17:24:27.0372 2780  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:24:27.0419 2780  WebClient - ok
17:24:27.0434 2780  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:24:27.0466 2780  Wecsvc - ok
17:24:27.0497 2780  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:24:27.0512 2780  wercplsupport - ok
17:24:27.0528 2780  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:24:27.0559 2780  WerSvc - ok
17:24:27.0575 2780  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:24:27.0590 2780  WfpLwf - ok
17:24:27.0606 2780  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:24:27.0622 2780  WIMMount - ok
17:24:27.0622 2780  WinDefend - ok
17:24:27.0637 2780  WinHttpAutoProxySvc - ok
17:24:27.0668 2780  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:24:27.0684 2780  Winmgmt - ok
17:24:27.0731 2780  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:24:27.0793 2780  WinRM - ok
17:24:27.0840 2780  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:24:27.0856 2780  WinUsb - ok
17:24:27.0871 2780  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:24:27.0902 2780  Wlansvc - ok
17:24:27.0918 2780  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:24:27.0934 2780  WmiAcpi - ok
17:24:27.0949 2780  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:24:27.0965 2780  wmiApSrv - ok
17:24:27.0996 2780  WMPNetworkSvc - ok
17:24:27.0996 2780  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:24:28.0012 2780  WPCSvc - ok
17:24:28.0027 2780  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:24:28.0027 2780  WPDBusEnum - ok
17:24:28.0043 2780  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:24:28.0074 2780  ws2ifsl - ok
17:24:28.0090 2780  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
17:24:28.0121 2780  wscsvc - ok
17:24:28.0121 2780  WSearch - ok
17:24:28.0168 2780  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:24:28.0230 2780  wuauserv - ok
17:24:28.0246 2780  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:24:28.0261 2780  WudfPf - ok
17:24:28.0277 2780  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:24:28.0292 2780  WUDFRd - ok
17:24:28.0324 2780  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:24:28.0339 2780  wudfsvc - ok
17:24:28.0355 2780  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:24:28.0386 2780  WwanSvc - ok
17:24:28.0417 2780  ZeroConfigService - ok
17:24:28.0433 2780  ================ Scan global ===============================
17:24:28.0433 2780  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:24:28.0448 2780  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:24:28.0464 2780  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:24:28.0480 2780  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:24:28.0495 2780  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:24:28.0495 2780  [Global] - ok
17:24:28.0495 2780  ================ Scan MBR ==================================
17:24:28.0511 2780  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:24:28.0807 2780  \Device\Harddisk0\DR0 - ok
17:24:28.0807 2780  ================ Scan VBR ==================================
17:24:28.0807 2780  [ F7F2DED8A89019E4E6F1095AA335FF00 ] \Device\Harddisk0\DR0\Partition1
17:24:28.0807 2780  \Device\Harddisk0\DR0\Partition1 - ok
17:24:28.0838 2780  [ 54A07FF444B85C45AB98127FE9AE3248 ] \Device\Harddisk0\DR0\Partition2
17:24:28.0838 2780  \Device\Harddisk0\DR0\Partition2 - ok
17:24:28.0838 2780  ============================================================
17:24:28.0838 2780  Scan finished
17:24:28.0838 2780  ============================================================
17:24:28.0854 4916  Detected object count: 0
17:24:28.0854 4916  Actual detected object count: 0
17:24:58.0744 4576  Deinitialize success
 

 

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-02 17:39:28
-----------------------------
17:39:28.310    OS Version: Windows x64 6.1.7601 Service Pack 1
17:39:28.310    Number of processors: 4 586 0x2A07
17:39:28.326    ComputerName: ELGUAPOYELFUERT  UserName: 
17:39:31.477    Initialize success
17:46:17.239    AVAST engine defs: 13080202
17:46:33.400    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:46:33.400    Disk 0 Vendor: WDC_WD7500BPKT-75PK4T0 01.01A01 Size: 715404MB BusType: 3
17:46:33.525    Disk 0 MBR read successfully
17:46:33.525    Disk 0 MBR scan
17:46:33.525    Disk 0 Windows 7 default MBR code
17:46:33.525    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:46:33.541    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       715302 MB offset 206848
17:46:33.556    Disk 0 scanning C:\Windows\system32\drivers
17:46:41.076    Service scanning
17:46:55.209    Modules scanning
17:46:55.209    Disk 0 trace - called modules:
17:46:55.256    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys 
17:46:55.256    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007de3060]
17:46:55.256    3 CLASSPNP.SYS[fffff88001a4543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b28060]
17:46:58.485    AVAST engine scan C:\Windows
17:47:00.186    AVAST engine scan C:\Windows\system32
17:48:41.898    AVAST engine scan C:\Windows\system32\drivers
17:48:55.018    AVAST engine scan C:\Users\el guapo y el fuerte
18:00:47.518    AVAST engine scan C:\ProgramData
18:02:14.800    Scan finished successfully
18:02:34.300    Disk 0 MBR has been saved successfully to "C:\Users\el guapo y el fuerte\Desktop\MBR.dat"
18:02:34.315    The log file has been saved successfully to "C:\Users\el guapo y el fuerte\Desktop\aswMBR.txt"
 
 

 

RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : el guapo y el fuerte [Admin rights]
Mode : Remove -- Date : 08/02/2013 18:08:09
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 8 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKCU\[...]\System : DisableCMD (0) -> DELETED
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : DisableCMD (0) -> DELETED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified. 
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. 
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableCMD (0) -> [0x2] The system cannot find the file specified. 
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 0scan.com
127.0.0.1 www.0scan.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-domains-registrations.com
127.0.0.1 www.1-domains-registrations.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: WDC WD7500BPKT-75PK4T0 ATA Device +++++
--- User ---
[MBR] 44d46a98289543686d200ff26cd2d947
[BSP] b904504c9a1d49fb441bda35a89c63f6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715302 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_08022013_180809.txt >>
RKreport[0]_S_08022013_180716.txt
 
 
 

Attached File  MBR.zip   559bytes   0 downloads



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:57 AM

Posted 03 August 2013 - 07:47 AM


All your logs are clean.

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#6 MyCrappyComputer

MyCrappyComputer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 04 August 2013 - 06:22 AM

1) I have many files that if you click on properties, the original file name is different than the current file name. Is that a concern?
1a) Every time that I restart my computer, all my settings, including thumbnails or icons, virus on/off, etc., always reset themselves. Is that normal?
2) I ran Combofix and JRT twice. For Combofix it picked up new deletions the second time.
3) For JRT, it said it was deleting the same folder on both occasions that I ran it. Does that mean it never really deleted it the first time? Is that a problem?
4) Also in running all these tools, in the tamper protection log of my Symantec Endpoint Protection, almost all of the tools were cited multiple times. Is that normal?
5) Also there are a few processes that were logged as always changing my "Hosts" File. The ones attempting to change it the most were "svchost.exe", "adwcleaner.exe", "webkit2webprocess.exe", "iexplore.exe", "safari.exe", and "flashplayerupdateservice.exe".
6) Does that tell you anything and is that normal behavior for these Applications to modify the "Hosts" file?
7) I recently learned about the "verifier" tool in windows 7 64-bit and I decided to verify my drivers. These are the results:
a) When I only checked off the non-windows drivers to be verified, the computer rebooted just fine.
B) When I checked off just the Windows drivers, I repeatedly got a blue screen with the message, "A device driver attempting to corrupt the system has been caught. The faulty driver currently on the kernel stack must be replaced with a working version." The computer would then only reboot in safe-mode, until I deleted the settings from verifier.exe
c) Lower down on the blue screen it says:
Technical Information:
**** Stop: 0x000000C4  (0x0000000000000000, 0x000000000000000, 0x0000000000000000, 0x0000000000000000)
Collecting data for crash dump.
8) What would this mean?
9) Also if my logs are clean, I'm still having all the issues that I had in the initial post.
10) Lastly, I think my antivirus software is corrupt or outdated because I've seen much higher model numbers, and I have virtually no way of shutting it down. Where the link in your post shows how to shutdown Symantec Endpoint Protection, my "Shutdown" in the menu after I right click it is there but it is greyed out.
 
Sorry to inundate you with all this info. but I know there is something wrong with my computer and I just cannot figure out what.
 
Thanks again,
MCC

 

 

 

# AdwCleaner v2.306 - Logfile created 08/04/2013 at 06:01:50
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : el guapo y el fuerte - ELGUAPOYELFUERT
# Boot Mode : Normal
# Running from : C:\Users\el guapo y el fuerte\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v22.0 (en-US)
 
File : C:\Users\el guapo y el fuerte\AppData\Roaming\Mozilla\Firefox\Profiles\kd3qgoyi.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Users\el guapo y el fuerte\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [764 octets] - [24/05/2013 05:22:19]
AdwCleaner[R2].txt - [3447 octets] - [08/07/2013 21:03:29]
AdwCleaner[S1].txt - [355 octets] - [24/05/2013 05:23:04]
AdwCleaner[S2].txt - [3400 octets] - [08/07/2013 21:04:37]
AdwCleaner[S6].txt - [1115 octets] - [04/08/2013 06:01:50]
 
########## EOF - C:\AdwCleaner[S6].txt - [1175 octets] ##########
 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.2 (08.03.2013:1)
OS: Windows 7 Home Premium x64
Ran by el guapo y el fuerte on Sun 08/04/2013 at  5:38:36.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\el guapo y el fuerte\AppData\Roaming\mozilla\firefox\profiles\kd3qgoyi.default\minidumps [13 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/04/2013 at  5:41:42.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

ComboFix 13-08-04.01 - el guapo y el fuerte 08/04/2013   3:40.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8086.6680 [GMT -4:00]
Running from: c:\users\el guapo y el fuerte\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-04 to 2013-08-04  )))))))))))))))))))))))))))))))
.
.
2013-08-04 07:44 . 2013-08-04 07:47 -------- d-----w- c:\users\el guapo y el fuerte\AppData\Local\temp
2013-08-04 07:44 . 2013-08-04 07:44 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-08-04 07:44 . 2013-08-04 07:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-04 07:44 . 2013-08-04 07:44 -------- d-----w- c:\users\corleone\AppData\Local\temp
2013-08-04 07:44 . 2013-08-04 07:44 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2013-07-31 06:23 . 2013-07-31 06:23 -------- d-----w- c:\program files\HyperCam 2
2013-07-30 15:23 . 2013-07-31 10:53 -------- d-----w- c:\program files (x86)\Real
2013-07-30 13:34 . 2013-07-30 13:34 0 ----a-w- c:\windows\system32\igdumd32.dll
2013-07-30 13:31 . 2012-07-27 02:02 173504 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-07-26 16:11 . 2013-07-26 16:11 -------- d-----w- c:\users\el guapo y el fuerte\ClipConverter
2013-07-26 16:09 . 2013-07-26 16:11 -------- d-----w- c:\users\el guapo y el fuerte\AppData\Roaming\Lunaweb
2013-07-23 16:07 . 2013-07-23 16:09 -------- d-----w- c:\windows\system32\MRT
2013-07-23 07:22 . 2013-07-25 08:15 -------- d-----w- c:\users\el guapo y el fuerte\AppData\Local\ElevatedDiagnostics
2013-07-23 02:38 . 2013-07-23 02:38 -------- d-----w- c:\users\el guapo y el fuerte\AppData\Roaming\Malwarebytes
2013-07-23 02:38 . 2013-07-23 02:38 -------- d-----w- c:\programdata\Malwarebytes
2013-07-23 02:38 . 2013-07-29 03:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-23 01:05 . 2013-07-23 01:05 -------- d-----w- c:\program files (x86)\ESET
2013-07-18 20:48 . 2013-07-18 20:48 -------- d-----w- c:\users\el guapo y el fuerte\AppData\Local\Symantec
2013-07-18 19:43 . 2013-07-29 03:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-07-18 19:43 . 2013-07-25 08:28 -------- d-----w- c:\program files\Symantec
2013-07-18 19:43 . 2013-07-18 19:43 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-18 19:38 . 2013-07-18 19:38 575952 ----a-w- c:\windows\system32\SymVPN.dll
2013-07-18 19:38 . 2013-07-18 19:38 56272 ----a-w- c:\windows\system32\snacnp.dll
2013-07-18 19:38 . 2013-07-18 19:38 50128 ----a-w- c:\windows\SysWow64\snacnp.dll
2013-07-18 19:38 . 2013-07-18 19:38 44008 ----a-w- c:\windows\system32\drivers\WGX64.SYS
2013-07-18 19:38 . 2013-07-18 19:38 419792 ----a-w- c:\windows\SysWow64\SymVPN.dll
2013-07-18 19:38 . 2013-07-18 19:38 157136 ----a-w- c:\windows\system32\FwsVpn.dll
2013-07-18 19:38 . 2013-07-18 19:38 136144 ----a-w- c:\windows\SysWow64\FwsVpn.dll
2013-07-18 19:35 . 2013-07-18 19:36 -------- d-----w- c:\programdata\regid.1992-12.com.symantec
2013-07-18 19:35 . 2013-07-18 19:35 -------- d-----w- c:\windows\system32\drivers\SEP
2013-07-18 19:35 . 2013-07-18 19:35 -------- d-----w- c:\program files (x86)\Symantec
2013-07-18 18:54 . 2013-07-18 18:54 -------- d-----w- c:\program files (x86)\Cisco
2013-07-18 18:51 . 2013-07-18 18:51 -------- d--h--w- c:\windows\system32\WLANProfiles
2013-07-18 18:47 . 2013-07-18 18:54 -------- d-----w- c:\program files\Intel
2013-07-18 18:47 . 2013-07-18 18:47 -------- d-----w- c:\program files\Common Files\Intel
2013-07-18 18:47 . 2013-07-18 18:47 -------- d-----w- c:\programdata\Intel.sav
2013-07-10 08:29 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 08:29 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-10 08:29 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-10 08:29 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 08:29 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 08:29 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 08:29 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 08:29 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 08:29 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-10 08:29 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 08:29 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 08:28 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 08:28 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 08:28 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 08:28 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 08:28 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-09 03:59 . 2013-07-09 03:59 -------- d-----w- C:\Device
2013-07-09 02:11 . 2013-06-18 14:22 263576 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-07-08 23:58 . 2010-03-18 13:15 743248 ----a-w- c:\windows\SysWow64\msvcp100d.dll
2013-07-08 23:58 . 2010-03-18 13:15 1498960 ----a-w- c:\windows\SysWow64\msvcr100d.dll
2013-07-08 23:58 . 2013-07-18 04:27 -------- d-----w- c:\program files\Malwarebytes Anti-Exploit
2013-07-08 23:58 . 2010-03-18 13:36 1858896 ----a-w- c:\windows\system32\msvcr100d.dll
2013-07-08 23:58 . 2010-03-18 13:36 1014096 ----a-w- c:\windows\system32\msvcp100d.dll
2013-07-08 12:14 . 2013-07-08 12:14 -------- d-----w- c:\users\el guapo y el fuerte\AppData\Local\Zemana
2013-07-08 05:50 . 2013-07-08 05:51 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-08 05:50 . 2013-07-08 05:51 -------- d-----w- c:\program files\iTunes
2013-07-08 05:50 . 2013-07-08 05:50 -------- d-----w- c:\program files\iPod
2013-07-08 05:40 . 2013-07-08 06:05 -------- d-----w- c:\program files (x86)\iTunes
2013-07-06 09:37 . 2013-07-18 19:16 -------- d-----w- c:\program files (x86)\NortonInstaller
2013-07-06 09:30 . 2013-07-06 09:30 -------- d-----w- c:\programdata\IsolatedStorage
2013-07-06 09:30 . 2013-07-06 09:30 -------- d-----w- c:\users\el guapo y el fuerte\AppData\Local\White_Sky,_Inc
2013-07-06 09:28 . 2013-07-08 12:19 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2013-07-06 09:26 . 2013-07-06 09:26 -------- d-----w- c:\programdata\White Sky, Inc
2013-07-06 07:42 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32499939-B524-46EE-988E-20E45A33944F}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-03 00:02 . 2012-12-28 00:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-08-03 00:02 . 2012-12-28 00:37 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-08-03 00:02 . 2012-12-28 00:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-08-03 00:02 . 2012-12-29 00:10 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-07-31 03:32 . 2012-08-07 19:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-31 03:32 . 2012-08-07 19:12 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-11 14:42 . 2012-12-26 10:55 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-07-11 14:42 . 2012-12-26 10:55 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-07-11 14:41 . 2012-12-26 10:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-07-11 04:44 . 2012-08-05 19:54 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-06 12:03 . 2012-12-26 10:55 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-07-05 04:44 . 2013-04-10 17:43 112640 ----a-w- c:\windows\system32\smss.exe
2013-07-05 04:44 . 2013-07-05 04:44 112640 ----a-w- c:\windows\system32\smss.exe.001
2013-06-28 13:39 . 2013-05-28 04:29 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-05-27 23:34 . 2013-05-27 23:34 208216 ----a-w- c:\windows\system32\drivers\72091023.sys
2013-05-27 21:34 . 2013-05-27 21:34 73728 ----a-r- c:\users\el guapo y el fuerte\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-05-27 21:34 . 2013-05-27 21:34 73728 ----a-r- c:\users\el guapo y el fuerte\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-05-27 21:34 . 2013-05-27 21:34 73728 ----a-r- c:\users\el guapo y el fuerte\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-05-26 22:46 . 2013-05-26 22:44 39338 ----a-w- c:\windows\system32\drivers\etc\HOSTS.tmp
2013-05-24 18:53 . 2013-05-24 18:53 388096 ----a-r- c:\users\el guapo y el fuerte\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-05-13 05:51 . 2013-06-12 19:34 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 19:34 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 19:34 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 19:34 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 19:34 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 19:34 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 04:45 . 2013-06-12 19:34 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 03:43 . 2013-06-12 19:34 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 19:34 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 19:34 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 19:34 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 19:34 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 19:34 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130716.011_f7f\BHDrvx64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130716.011_f7f\BHDrvx64.sys [x]
S1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130802.011\IDSvia64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130802.011\IDSvia64.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [x]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-27 08:29 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 03:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://xfinity.comcast.net/?cid=cgps07062013
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\el guapo y el fuerte\AppData\Roaming\Mozilla\Firefox\Profiles\kd3qgoyi.default\
FF - prefs.js: browser.search.selectedEngine - Xfinity.com Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-07-23 00:01; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\IPSFFPlgn
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-69464662.sys
AddRemove-{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1 - c:\program files (x86)\Safer Networking\RegAlyzer\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWow64\perfhost.exe
.
**************************************************************************
.
Completion time: 2013-08-04  03:51:18 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-04 07:51
ComboFix2.txt  2013-07-09 01:25
.
Pre-Run: 228,488,208,384 bytes free
Post-Run: 228,808,355,840 bytes free
.
- - End Of File - - 66F64DEBE009891BB2644A5931BD73E9
A36C5E4F47E84449FF07ED3517B43A31
 

 

When I ran it a second time, this was the log:

 

 

ComboFix 13-08-04.01 - el guapo y el fuerte 08/04/2013   4:24.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8086.6758 [GMT -4:00]
Running from: c:\users\el guapo y el fuerte\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\el guapo y el fuerte\AppData\Local\temp\Setup00000530\OSETUP.DLL
c:\users\ELGUAP~1\AppData\Local\Temp\Setup00000530\OSETUP.DLL
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-04 to 2013-08-04  )))))))))))))))))))))))))))))))
.
.
2013-08-04 08:29 . 2013-08-04 08:31 -------- d-----w- c:\users\el guapo y el fuerte\AppData\Local\temp
2013-08-04 08:29 . 2013-08-04 08:29 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-08-04 08:29 . 2013-08-04 08:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-04 08:29 . 2013-08-04 08:29 -------- d-----w- c:\users\corleone\AppData\Local\temp
2013-08-04 08:29 . 2013-08-04 08:29 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2013-07-31 06:23 . 2013-07-31 06:23 -------- d-----w- c:\program files\HyperCam 2
2013-07-30 15:23 . 2013-07-31 10:53 -------- d-----w- c:\program files (x86)\Real
2013-07-30 13:34 . 2013-07-30 13:34 0 ----a-w- c:\windows\system32\igdumd32.dll
2013-07-30 13:31 . 2012-07-27 02:02 173504 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-07-26 16:11 . 2013-07-26 16:11 -------- d-----w- c:\users\el guapo y el fuerte\ClipConverter
2013-07-26 16:09 . 2013-07-26 16:11 -------- d-----w- c:\users\el guapo y el fuerte\AppData\Roaming\Lunaweb
2013-07-23 16:07 . 2013-07-23 16:09 -------- d-----w- c:\windows\system32\MRT
2013-07-23 07:22 . 2013-07-25 08:15 -------- d-----w- c:\users\el guapo y el fuerte\AppData\Local\ElevatedDiagnostics
2013-07-23 02:38 . 2013-07-23 02:38 -------- d-----w- c:\users\el guapo y el fuerte\AppData\Roaming\Malwarebytes
2013-07-23 02:38 . 2013-07-23 02:38 -------- d-----w- c:\programdata\Malwarebytes
2013-07-23 02:38 . 2013-07-29 03:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-23 01:05 . 2013-07-23 01:05 -------- d-----w- c:\program files (x86)\ESET
2013-07-18 20:48 . 2013-07-18 20:48 -------- d-----w- c:\users\el guapo y el fuerte\AppData\Local\Symantec
2013-07-18 19:43 . 2013-07-29 03:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-07-18 19:43 . 2013-07-25 08:28 -------- d-----w- c:\program files\Symantec
2013-07-18 19:43 . 2013-07-18 19:43 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-18 19:38 . 2013-07-18 19:38 575952 ----a-w- c:\windows\system32\SymVPN.dll
2013-07-18 19:38 . 2013-07-18 19:38 56272 ----a-w- c:\windows\system32\snacnp.dll
2013-07-18 19:38 . 2013-07-18 19:38 50128 ----a-w- c:\windows\SysWow64\snacnp.dll
2013-07-18 19:38 . 2013-07-18 19:38 44008 ----a-w- c:\windows\system32\drivers\WGX64.SYS
2013-07-18 19:38 . 2013-07-18 19:38 419792 ----a-w- c:\windows\SysWow64\SymVPN.dll
2013-07-18 19:38 . 2013-07-18 19:38 157136 ----a-w- c:\windows\system32\FwsVpn.dll
2013-07-18 19:38 . 2013-07-18 19:38 136144 ----a-w- c:\windows\SysWow64\FwsVpn.dll
2013-07-18 19:35 . 2013-07-18 19:36 -------- d-----w- c:\programdata\regid.1992-12.com.symantec
2013-07-18 19:35 . 2013-07-18 19:35 -------- d-----w- c:\windows\system32\drivers\SEP
2013-07-18 19:35 . 2013-07-18 19:35 -------- d-----w- c:\program files (x86)\Symantec
2013-07-18 18:54 . 2013-07-18 18:54 -------- d-----w- c:\program files (x86)\Cisco
2013-07-18 18:51 . 2013-07-18 18:51 -------- d--h--w- c:\windows\system32\WLANProfiles
2013-07-18 18:47 . 2013-07-18 18:54 -------- d-----w- c:\program files\Intel
2013-07-18 18:47 . 2013-07-18 18:47 -------- d-----w- c:\program files\Common Files\Intel
2013-07-18 18:47 . 2013-07-18 18:47 -------- d-----w- c:\programdata\Intel.sav
2013-07-10 08:29 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 08:29 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-10 08:29 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-10 08:29 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 08:29 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 08:29 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 08:29 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 08:29 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 08:29 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-10 08:29 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 08:29 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 08:28 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 08:28 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 08:28 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 08:28 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 08:28 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-09 03:59 . 2013-07-09 03:59 -------- d-----w- C:\Device
2013-07-09 02:11 . 2013-06-18 14:22 263576 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-07-08 23:58 . 2010-03-18 13:15 743248 ----a-w- c:\windows\SysWow64\msvcp100d.dll
2013-07-08 23:58 . 2010-03-18 13:15 1498960 ----a-w- c:\windows\SysWow64\msvcr100d.dll
2013-07-08 23:58 . 2013-07-18 04:27 -------- d-----w- c:\program files\Malwarebytes Anti-Exploit
2013-07-08 23:58 . 2010-03-18 13:36 1858896 ----a-w- c:\windows\system32\msvcr100d.dll
2013-07-08 23:58 . 2010-03-18 13:36 1014096 ----a-w- c:\windows\system32\msvcp100d.dll
2013-07-08 12:14 . 2013-07-08 12:14 -------- d-----w- c:\users\el guapo y el fuerte\AppData\Local\Zemana
2013-07-08 05:50 . 2013-07-08 05:51 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-08 05:50 . 2013-07-08 05:51 -------- d-----w- c:\program files\iTunes
2013-07-08 05:50 . 2013-07-08 05:50 -------- d-----w- c:\program files\iPod
2013-07-08 05:40 . 2013-07-08 06:05 -------- d-----w- c:\program files (x86)\iTunes
2013-07-06 09:37 . 2013-07-18 19:16 -------- d-----w- c:\program files (x86)\NortonInstaller
2013-07-06 09:30 . 2013-07-06 09:30 -------- d-----w- c:\programdata\IsolatedStorage
2013-07-06 09:30 . 2013-07-06 09:30 -------- d-----w- c:\users\el guapo y el fuerte\AppData\Local\White_Sky,_Inc
2013-07-06 09:28 . 2013-07-08 12:19 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2013-07-06 09:26 . 2013-07-06 09:26 -------- d-----w- c:\programdata\White Sky, Inc
2013-07-06 07:42 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32499939-B524-46EE-988E-20E45A33944F}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-03 00:02 . 2012-12-28 00:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-08-03 00:02 . 2012-12-28 00:37 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-08-03 00:02 . 2012-12-28 00:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-08-03 00:02 . 2012-12-29 00:10 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-07-31 03:32 . 2012-08-07 19:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-31 03:32 . 2012-08-07 19:12 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-11 14:42 . 2012-12-26 10:55 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-07-11 14:42 . 2012-12-26 10:55 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-07-11 14:41 . 2012-12-26 10:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-07-11 04:44 . 2012-08-05 19:54 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-06 12:03 . 2012-12-26 10:55 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-07-05 04:44 . 2013-04-10 17:43 112640 ----a-w- c:\windows\system32\smss.exe
2013-07-05 04:44 . 2013-07-05 04:44 112640 ----a-w- c:\windows\system32\smss.exe.001
2013-06-28 13:39 . 2013-05-28 04:29 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-05-27 23:34 . 2013-05-27 23:34 208216 ----a-w- c:\windows\system32\drivers\72091023.sys
2013-05-27 21:34 . 2013-05-27 21:34 73728 ----a-r- c:\users\el guapo y el fuerte\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-05-27 21:34 . 2013-05-27 21:34 73728 ----a-r- c:\users\el guapo y el fuerte\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-05-27 21:34 . 2013-05-27 21:34 73728 ----a-r- c:\users\el guapo y el fuerte\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-05-26 22:46 . 2013-05-26 22:44 39338 ----a-w- c:\windows\system32\drivers\etc\HOSTS.tmp
2013-05-24 18:53 . 2013-05-24 18:53 388096 ----a-r- c:\users\el guapo y el fuerte\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-05-13 05:51 . 2013-06-12 19:34 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 19:34 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 19:34 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 19:34 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 19:34 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 19:34 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 04:45 . 2013-06-12 19:34 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 03:43 . 2013-06-12 19:34 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 19:34 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 19:34 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 19:34 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 19:34 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 19:34 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130716.011_f7f\BHDrvx64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130716.011_f7f\BHDrvx64.sys [x]
S1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130802.011\IDSvia64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130802.011\IDSvia64.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [x]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-27 08:29 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 03:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://xfinity.comcast.net/?cid=cgps07062013
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\el guapo y el fuerte\AppData\Roaming\Mozilla\Firefox\Profiles\kd3qgoyi.default\
FF - prefs.js: browser.search.selectedEngine - Xfinity.com Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-07-23 00:01; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\IPSFFPlgn
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1 - c:\program files (x86)\Safer Networking\RegAlyzer\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWow64\perfhost.exe
.
**************************************************************************
.
Completion time: 2013-08-04  04:35:15 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-04 08:35
ComboFix2.txt  2013-07-09 01:25
.
Pre-Run: 228,841,734,144 bytes free
Post-Run: 228,754,513,920 bytes free
.
- - End Of File - - DA9F3098ECC8E99121D476232BA83B79
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

 Results of screen317's Security Check version 0.99.71  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Symantec Endpoint Protection   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Adobe Flash Player 11.8.800.94  
 Adobe Reader XI  
 Mozilla Firefox (22.0) 
 Google Chrome 27.0.1453.116  
 Google Chrome 27.0.1453.94  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 6% 
````````````````````End of Log`````````````````````` 


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:57 AM

Posted 04 August 2013 - 08:03 AM

Before we go any further did you apply this Microsoft Hotfix?

If not I suggest you read the article and run it.

http://support.microsoft.com/kb/2661796

Restart the computer normally.

Any change?

#8 MyCrappyComputer

MyCrappyComputer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 06 August 2013 - 08:21 AM

Hi Nasdaq,

 

 

0) I downloaded the Hotfix but still had the same blue screen.
 
1) One thing that I found strange, and please correct me if I am wrong, is I followed your link to the hotfix. It made me enter my email and said it would email me a link to the hotfix. I followed the emailed link and downloaded the hotfix which was a zip file entitled "442637_intl_x64_zip.exe". The file had an expired certificate but I figured that was no big deal as my certificate store is all messed up. It also said in "properties" that "this file came from another computer and might be blocked to protect this computer." I always get the "this file came from another computer and might be blocked to protect this computer", every time I download things. Is that normal?
 
a) When I only checked off the non-windows drivers to be verified, the computer rebooted just fine.
B) When I checked off just the Windows drivers, I repeatedly got a blue screen with the message, "A device driver attempting to corrupt the system has been caught. The faulty driver currently on the kernel stack must be replaced with a working version." The computer would then only reboot in safe-mode, until I deleted the settings from verifier.exe
c) Lower down on the blue screen it says:
Technical Information:
**** Stop: 0x000000C4  (0x0000000000000000, 0x000000000000000, 0x0000000000000000, 0x0000000000000000)
Collecting data for crash dump.
 
2) I ran GMER about a month ago, but didn't make any changes because I didn't know what to do, virtually every registry entry that it checked was the color "red". Not all of them but a large proportion, especially under  HKEY_LOCAL_MACHINE. Does that tell you anything?
 
3) I have ntbt.log, windowsupdate.log, setupact.log, bootstat.DAT, a large MEMORY.DMP, a PFRO.log, a lot of which show errors. 
 
4) I used Spybot Search and Destroy to do a deep root-kit scan. Below are the results. Do any of these look suspicious?
 
 
// info: Rootkit removal help file
// copyright: © 2008-2013 Safer-Networking Ltd. All rights reserved.
 
:: RootAlyzer Results
 
Spybot Deep Rootkit scan 8/6/13
 
1) File:"Unknown ADS","C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
 
2) File:"Unknown ADS","C:\Users\el guapo y el fuerte\Desktop\LogsofProblemsMay15newssssssss\LoggedOnUsersDirtyMajorProblems\report.xml:Qgrg2rf1Znaluncm1kfl1xla5h:$DATA"
 
3) File:"No admin in ACL","C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\SRTSP\SrtETmp"
 
4) File:"Unknown ADS","C:\perflogs\System\Diagnostics\ELGUAPOYELFUERT_20130521- 000002\report.xml:Qgrg2rf1Znaluncm1kfl1xla5h:$DATA"
 
5) RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\","Flyout"
 
6) RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\","Svc"
 

 

 
5) About a year ago, I redownloaded Microsoft Office from Amazon. It was one of the first programs that I redownloaded when I reinstalled my OS. It was working fine until recently, until it kept trying to reinstall itself everytime that I opened an office document, and it started telling me that it was unlicensed, which I thought was odd because it had been working fine for over a year.
 so I decided to check the installation log from about a year ago. Apparently the code I entered upon installation was corrupt, and my MS Office should never have been activated, and the log said that it was installing programs and certificates that were corrupt as well. But this was over a year ago, and I was able to use it just fine until recently. I was wondering since I have problems with outdated and corrupt certificates and files if this could maybe be the problem? There is one program that I happenned to notice that calls itself "Office Document Cache Holder" but has a real file name of "urlredirect.dll". Is that normal?
 
6) If I go to C:\ProgramDatata\Spybot - Search & Destroy\Quarantine, I have a ton of zipped up files which require a password to open, and there are a lot of "Suspected Rootkit.Zip" files along with many others. Should I delete these? Does this mean that I had viruses and rootkits but are now safely zipped up, or could they be still on my system?
 
7) Once my MS Office stopped working, I downloaded just the "reading" files for Word and Excel. None of them have a publisher listed, so would it be best to delete them?
 
8) Also I have a "Microsoft Visual C++" update, "KB2467173" that is unsigned, in fact I have two of them, should any file I have that is unsigned be deleted? 
 
9) I also have some Microsoft Updates that are unsigned. Should these be deleted?
 
10) In searching through my "windows" folder, I have some dated for the year "2000". Literally, like "5/27/2000". Is that a problem?
 
11) Lastly, when I use the command prompt to type "sfc /scannow", it says that there are a lot of errors that cannot be fixed. What do you make of that? Is there a way to fix them? Is it even important?
 
I apologize again for inundating you with information but I'm just trying to help provide as much help as I can so my computer can be running normal.
 
Thank you so much, once again,
MCC


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:57 AM

Posted 06 August 2013 - 10:19 AM

We are at a point that I cannot help your identifying the cause of your problems.

I did found this article or a tutorial on how to use The Verifier.

http://www.techrepublic.com/blog/windows-and-office/troubleshoot-driver-problems-in-windows-7-with-driver-verifier-manager/

I can only sugges you start a topic with this group. Link at the end of the page or start a new topic in the Windows 7 Forum
http://www.bleepingcomputer.com/forums/forum167.html here.

This is not a malware issue and is not my forte.

#10 MyCrappyComputer

MyCrappyComputer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 07 August 2013 - 05:37 AM

Nasdaq,

 

I do appreciate all your help and effort. Before we terminate this thread may I ask you a few questions? (to make it easy for you, you can just copy and paste my questions and give a simple "yes" or "no" next to them. I would really appreciate it.

 

1) The bold items in my last post, found during a spybot search and destroy root scan, would they concern you?

 

2) Are my unsigned Windows Updates a concern, and should they be deleted?

 

3) Are my unsigned "Word", and "Excel" reader files a concern and should they be deleted?

 

4) The fact that I do sfc /scannow from the command prompt and am told that some drivers are corrupt and could not be fixed; is that something that I need to look into or don't worry about it?

 

5) Lastly, I've reinstalled my OS about 7 times and the same problems keep cropping up. The way that I obtained the disc was from a phone call from Dell, unsolicited, and that they were sending me a new OS disc, as the computer did not come with one. Is it possible that this was a scam and the OS disc was tampered with?

 

Once again, I appreciate all your help,

MCC



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:57 AM

Posted 07 August 2013 - 08:04 AM

1) The bold items in my last post, found during a spybot search and destroy root scan, would they concern you?

No.
They are Alternate Data Streams ADS, they are set by know programs.

2) Are my unsigned Windows Updates a concern, and should they be deleted?
Do not delete them. If they were causing problems the operating systems would report it.

3) Are my unsigned "Word", and "Excel" reader files a concern and should they be deleted?
Do not know.

4) The fact that I do sfc /scannow from the command prompt and am told that some drivers are corrupt and could not be fixed; is that something that I need to look into or don't worry about it?
That is what we are trying to find out, what are the bad drivers.

5) Lastly, I've reinstalled my OS about 7 times and the same problems keep cropping up. The way that I obtained the disc was from a phone call from Dell, unsolicited, and that they were sending me a new OS disc, as the computer did not come with one. Is it possible that this was a scam and the OS disc was tampered with?
Yes, definitely Dell does not call the owner of their product.

You may be able to restore you system to the factory settings.

How to restore your Windows 7 computer to factory settings
http://www.dell.com/support/troubleshooting/us/en/04/KCS/KcsArticles/ArticleView?c=us&l=en&s=bsd&docid=DSN_362066

First you may want to contact DELL support

https://support.dell.com/support/topics/global.aspx/support/dellcare/en/backupcd_form?DoNotRedirect=y

Good luck.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users