Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess.B, ZeroAccess.C, Trojan.Gen2 Infection


  • This topic is locked This topic is locked
15 replies to this topic

#1 PRR60

PRR60

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 13 August 2013 - 02:02 PM

I am getting repeated Norton Security activity messages concerning the blocking of ZeroAccess.B, ZeroAccess.C, Trojan.Gen2, P2P attempts and other attacks. Issue started about two weeks ago. Other than the Norton messages, the system seems to be behaving normally. I have used the system sparingly since the messages started and I have run disconnected from the internet almost all of the time (using a Mac for internet access). The warnings only appear when the internet connection is active.

The system details are:

- Windows 7 Home Premium (x64)
- Norton Security Suite 20.4.0.40
- Dell 8300 desktop

The only action Ive taken to address this was a Norton full-system scan immediately after the warnings started. The Norton scan found nothing. No other tools or scans have been used.

One quick question before I paste the dds.Txt log. When I download tools as you instruct, should I do that on the infected computer, or leave the infected computer disconnected from the internet and use the Mac and copy to the PC? The repeated attacks while I connected are a bit disconcerting.


Thanks! Bill

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Bill2 at 13:55:54 on 2013-08-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2246 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LPDService
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP11-16469/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EB2C4D86-6B46-4058-85AB-F551CB2A2628} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-7-17 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-7-17 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-17 1393240]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-7-17 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130804.001\IDSviA64.sys [2013-8-6 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-7-17 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-7-17 433752]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe [2013-7-17 144368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-10 138912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-22 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-20 1255736]
.
=============== Created Last 30 ================
.
2013-07-17 20:54:07 796760 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\srtsp64.sys
2013-07-17 20:54:07 493656 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys
2013-07-17 20:54:07 433752 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys
2013-07-17 20:54:07 36952 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\srtspx64.sys
2013-07-17 20:54:07 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\symelam.sys
2013-07-17 20:54:07 1139800 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys
2013-07-17 20:54:06 224416 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys
2013-07-17 20:54:06 169048 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys
2013-07-17 20:53:53 -------- d-----w- C:\Windows\System32\drivers\N360x64\1404000.028
.
==================== Find3M ====================
.
2013-07-26 02:24:47 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-26 02:24:47 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-17 20:54:17 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 13:56:13.50 ===============

Attached Files


Edited by PRR60, 13 August 2013 - 02:09 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:40 PM

Posted 13 August 2013 - 05:01 PM

Good evening. :)

I'd carry on using your Mac to connect to the internet and piggyback the files over on a flashdriive.

 

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.
 

  • You will then need to extract the file(s) from the zipped folder.
     
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Extract and the contents should appear in a new window.

     
  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Change parameters and check the two boxes under Additional Options and then click OK.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • The log that the tool creates will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt. - i'd like a copy of the contents in your next reply.

    Please check that you get the one with the right date and time. :)

 

 


So long, and thanks for all the fish.

 

 


#3 PRR60

PRR60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 13 August 2013 - 06:24 PM

No actions identified, no reboot prompt.

19:09:30.0337 4348 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:09:30.0353 4348 ============================================================
19:09:30.0353 4348 Current date / time: 2013/08/13 19:09:30.0353
19:09:30.0353 4348 SystemInfo:
19:09:30.0353 4348
19:09:30.0353 4348 OS Version: 6.1.7601 ServicePack: 1.0
19:09:30.0353 4348 Product type: Workstation
19:09:30.0353 4348 ComputerName: MAGEE-PC
19:09:30.0353 4348 UserName: Bill2
19:09:30.0353 4348 Windows directory: C:\Windows
19:09:30.0353 4348 System windows directory: C:\Windows
19:09:30.0353 4348 Running under WOW64
19:09:30.0353 4348 Processor architecture: Intel x64
19:09:30.0353 4348 Number of processors: 4
19:09:30.0353 4348 Page size: 0x1000
19:09:30.0353 4348 Boot type: Normal boot
19:09:30.0353 4348 ============================================================
19:09:31.0632 4348 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:09:31.0648 4348 ============================================================
19:09:31.0648 4348 \Device\Harddisk0\DR0:
19:09:31.0648 4348 MBR partitions:
19:09:31.0648 4348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1400000
19:09:31.0648 4348 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x38F6D800
19:09:31.0648 4348 ============================================================
19:09:31.0679 4348 C: <-> \Device\Harddisk0\DR0\Partition2
19:09:31.0710 4348 D: <-> \Device\Harddisk0\DR0\Partition1
19:09:31.0710 4348 ============================================================
19:09:31.0710 4348 Initialize success
19:09:31.0710 4348 ============================================================
19:09:58.0214 4616 ============================================================
19:09:58.0214 4616 Scan started
19:09:58.0214 4616 Mode: Manual; SigCheck; TDLFS;
19:09:58.0214 4616 ============================================================
19:09:58.0636 4616 ================ Scan system memory ========================
19:09:58.0636 4616 System memory - ok
19:09:58.0636 4616 ================ Scan services =============================
19:09:58.0823 4616 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:09:58.0963 4616 1394ohci - ok
19:09:59.0010 4616 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:09:59.0026 4616 ACPI - ok
19:09:59.0072 4616 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:09:59.0197 4616 AcpiPmi - ok
19:09:59.0353 4616 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:09:59.0369 4616 AdobeARMservice - ok
19:09:59.0525 4616 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:09:59.0540 4616 AdobeFlashPlayerUpdateSvc - ok
19:09:59.0603 4616 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:09:59.0634 4616 adp94xx - ok
19:09:59.0650 4616 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:09:59.0665 4616 adpahci - ok
19:09:59.0696 4616 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:09:59.0712 4616 adpu320 - ok
19:09:59.0759 4616 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:09:59.0868 4616 AeLookupSvc - ok
19:09:59.0930 4616 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:10:00.0024 4616 AFD - ok
19:10:00.0086 4616 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:10:00.0086 4616 agp440 - ok
19:10:00.0118 4616 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:10:00.0164 4616 ALG - ok
19:10:00.0180 4616 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:10:00.0211 4616 aliide - ok
19:10:00.0227 4616 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:10:00.0242 4616 amdide - ok
19:10:00.0258 4616 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:10:00.0320 4616 AmdK8 - ok
19:10:00.0336 4616 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:10:00.0383 4616 AmdPPM - ok
19:10:00.0445 4616 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:10:00.0461 4616 amdsata - ok
19:10:00.0476 4616 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:10:00.0492 4616 amdsbs - ok
19:10:00.0508 4616 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:10:00.0523 4616 amdxata - ok
19:10:00.0586 4616 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:10:00.0726 4616 AppID - ok
19:10:00.0773 4616 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:10:00.0835 4616 AppIDSvc - ok
19:10:00.0898 4616 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
19:10:00.0976 4616 Appinfo - ok
19:10:01.0069 4616 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:10:01.0085 4616 Apple Mobile Device - ok
19:10:01.0116 4616 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:10:01.0132 4616 arc - ok
19:10:01.0147 4616 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:10:01.0163 4616 arcsas - ok
19:10:01.0241 4616 aspnet_state - ok
19:10:01.0272 4616 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:10:01.0350 4616 AsyncMac - ok
19:10:01.0381 4616 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:10:01.0397 4616 atapi - ok
19:10:01.0459 4616 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:10:01.0568 4616 AudioEndpointBuilder - ok
19:10:01.0568 4616 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:10:01.0615 4616 AudioSrv - ok
19:10:01.0678 4616 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:10:01.0771 4616 AxInstSV - ok
19:10:01.0818 4616 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:10:01.0880 4616 b06bdrv - ok
19:10:01.0912 4616 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:10:01.0958 4616 b57nd60a - ok
19:10:02.0068 4616 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:10:02.0099 4616 BBSvc - ok
19:10:02.0130 4616 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:10:02.0177 4616 BDESVC - ok
19:10:02.0192 4616 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:10:02.0255 4616 Beep - ok
19:10:02.0317 4616 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:10:02.0411 4616 BFE - ok
19:10:02.0676 4616 [ 6E10DB69DB1AA96207F4B14B18FF12F8 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys
19:10:02.0754 4616 BHDrvx64 - ok
19:10:02.0770 4616 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:10:02.0863 4616 BITS - ok
19:10:02.0894 4616 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:10:02.0926 4616 blbdrive - ok
19:10:03.0082 4616 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:10:03.0097 4616 Bonjour Service - ok
19:10:03.0144 4616 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:10:03.0206 4616 bowser - ok
19:10:03.0253 4616 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:10:03.0347 4616 BrFiltLo - ok
19:10:03.0362 4616 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:10:03.0378 4616 BrFiltUp - ok
19:10:03.0440 4616 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:10:03.0456 4616 Browser - ok
19:10:03.0487 4616 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:10:03.0550 4616 Brserid - ok
19:10:03.0565 4616 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:10:03.0596 4616 BrSerWdm - ok
19:10:03.0628 4616 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:10:03.0690 4616 BrUsbMdm - ok
19:10:03.0706 4616 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:10:03.0737 4616 BrUsbSer - ok
19:10:03.0752 4616 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:10:03.0784 4616 BTHMODEM - ok
19:10:03.0830 4616 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:10:03.0908 4616 bthserv - ok
19:10:04.0127 4616 [ 56685951208AC81CF923B9B08BEDF3B7 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys
19:10:04.0189 4616 ccSet_N360 - ok
19:10:04.0205 4616 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:10:04.0283 4616 cdfs - ok
19:10:04.0330 4616 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:10:04.0361 4616 cdrom - ok
19:10:04.0423 4616 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:10:04.0486 4616 CertPropSvc - ok
19:10:04.0532 4616 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:10:04.0564 4616 circlass - ok
19:10:04.0610 4616 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:10:04.0626 4616 CLFS - ok
19:10:04.0673 4616 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:10:04.0688 4616 clr_optimization_v2.0.50727_32 - ok
19:10:04.0782 4616 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:10:04.0798 4616 clr_optimization_v2.0.50727_64 - ok
19:10:04.0876 4616 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:10:04.0891 4616 clr_optimization_v4.0.30319_32 - ok
19:10:04.0938 4616 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:10:04.0969 4616 clr_optimization_v4.0.30319_64 - ok
19:10:04.0985 4616 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:10:05.0016 4616 CmBatt - ok
19:10:05.0063 4616 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:10:05.0078 4616 cmdide - ok
19:10:05.0125 4616 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:10:05.0172 4616 CNG - ok
19:10:05.0188 4616 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:10:05.0203 4616 Compbatt - ok
19:10:05.0234 4616 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:10:05.0266 4616 CompositeBus - ok
19:10:05.0281 4616 COMSysApp - ok
19:10:05.0297 4616 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:10:05.0312 4616 crcdisk - ok
19:10:05.0390 4616 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:10:05.0453 4616 CryptSvc - ok
19:10:05.0500 4616 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:10:05.0593 4616 DcomLaunch - ok
19:10:05.0624 4616 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:10:05.0687 4616 defragsvc - ok
19:10:05.0734 4616 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:10:05.0796 4616 DfsC - ok
19:10:05.0827 4616 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:10:05.0905 4616 Dhcp - ok
19:10:05.0921 4616 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:10:05.0983 4616 discache - ok
19:10:06.0030 4616 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:10:06.0046 4616 Disk - ok
19:10:06.0077 4616 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:10:06.0155 4616 Dnscache - ok
19:10:06.0202 4616 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:10:06.0264 4616 dot3svc - ok
19:10:06.0295 4616 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:10:06.0373 4616 DPS - ok
19:10:06.0436 4616 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:10:06.0482 4616 drmkaud - ok
19:10:06.0529 4616 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:10:06.0576 4616 DXGKrnl - ok
19:10:06.0623 4616 [ 416A2007878ED1D6FC5DDDB9E1F6DB3E ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
19:10:06.0701 4616 e1express - ok
19:10:06.0748 4616 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:10:06.0810 4616 EapHost - ok
19:10:06.0919 4616 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:10:07.0013 4616 ebdrv - ok
19:10:07.0106 4616 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:10:07.0138 4616 eeCtrl - ok
19:10:07.0184 4616 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:10:07.0231 4616 EFS - ok
19:10:07.0325 4616 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:10:07.0418 4616 ehRecvr - ok
19:10:07.0465 4616 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:10:07.0528 4616 ehSched - ok
19:10:07.0606 4616 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:10:07.0652 4616 elxstor - ok
19:10:07.0684 4616 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:10:07.0715 4616 EraserUtilRebootDrv - ok
19:10:07.0730 4616 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:10:07.0762 4616 ErrDev - ok
19:10:07.0824 4616 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:10:07.0871 4616 EventSystem - ok
19:10:07.0918 4616 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:10:07.0996 4616 exfat - ok
19:10:08.0027 4616 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:10:08.0058 4616 fastfat - ok
19:10:08.0105 4616 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:10:08.0198 4616 Fax - ok
19:10:08.0214 4616 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:10:08.0245 4616 fdc - ok
19:10:08.0276 4616 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:10:08.0323 4616 fdPHost - ok
19:10:08.0323 4616 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:10:08.0370 4616 FDResPub - ok
19:10:08.0386 4616 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:10:08.0386 4616 FileInfo - ok
19:10:08.0401 4616 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:10:08.0479 4616 Filetrace - ok
19:10:08.0495 4616 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:10:08.0510 4616 flpydisk - ok
19:10:08.0573 4616 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:10:08.0588 4616 FltMgr - ok
19:10:08.0651 4616 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:10:08.0713 4616 FontCache - ok
19:10:08.0776 4616 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:10:08.0791 4616 FontCache3.0.0.0 - ok
19:10:08.0807 4616 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:10:08.0838 4616 FsDepends - ok
19:10:08.0869 4616 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:10:08.0885 4616 Fs_Rec - ok
19:10:08.0932 4616 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:10:08.0947 4616 fvevol - ok
19:10:08.0978 4616 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:10:08.0994 4616 gagp30kx - ok
19:10:09.0056 4616 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:10:09.0072 4616 GEARAspiWDM - ok
19:10:09.0119 4616 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:10:09.0197 4616 gpsvc - ok
19:10:09.0244 4616 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:10:09.0290 4616 hcw85cir - ok
19:10:09.0337 4616 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:10:09.0384 4616 HdAudAddService - ok
19:10:09.0400 4616 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:10:09.0446 4616 HDAudBus - ok
19:10:09.0462 4616 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:10:09.0478 4616 HidBatt - ok
19:10:09.0665 4616 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:10:09.0696 4616 HidBth - ok
19:10:09.0712 4616 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:10:09.0727 4616 HidIr - ok
19:10:09.0758 4616 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:10:09.0805 4616 hidserv - ok
19:10:09.0883 4616 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:10:09.0899 4616 HidUsb - ok
19:10:09.0946 4616 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:10:10.0008 4616 hkmsvc - ok
19:10:10.0055 4616 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:10:10.0102 4616 HomeGroupListener - ok
19:10:10.0164 4616 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:10:10.0195 4616 HomeGroupProvider - ok
19:10:10.0258 4616 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:10:10.0289 4616 HpSAMD - ok
19:10:10.0351 4616 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:10:10.0429 4616 HTTP - ok
19:10:10.0476 4616 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:10:10.0492 4616 hwpolicy - ok
19:10:10.0554 4616 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:10:10.0570 4616 i8042prt - ok
19:10:10.0616 4616 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:10:10.0648 4616 iaStorV - ok
19:10:10.0710 4616 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:10:10.0741 4616 idsvc - ok
19:10:10.0897 4616 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130804.001\IDSvia64.sys
19:10:10.0944 4616 IDSVia64 - ok
19:10:11.0100 4616 [ 24CC43ECDEEFD4C19FBBEE4951B647F1 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:10:11.0318 4616 igfx - ok
19:10:11.0365 4616 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:10:11.0381 4616 iirsp - ok
19:10:11.0428 4616 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:10:11.0506 4616 IKEEXT - ok
19:10:11.0521 4616 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:10:11.0537 4616 intelide - ok
19:10:11.0552 4616 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:10:11.0584 4616 intelppm - ok
19:10:11.0724 4616 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
19:10:11.0740 4616 IntuitUpdateService - ok
19:10:11.0849 4616 [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
19:10:11.0849 4616 IntuitUpdateServiceV4 - ok
19:10:11.0911 4616 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:10:11.0974 4616 IPBusEnum - ok
19:10:12.0020 4616 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:10:12.0067 4616 IpFilterDriver - ok
19:10:12.0114 4616 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:10:12.0192 4616 iphlpsvc - ok
19:10:12.0239 4616 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:10:12.0254 4616 IPMIDRV - ok
19:10:12.0270 4616 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:10:12.0332 4616 IPNAT - ok
19:10:12.0410 4616 [ 0FF335D687C85097725A53458160E81E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:10:12.0442 4616 iPod Service - ok
19:10:12.0473 4616 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:10:12.0566 4616 IRENUM - ok
19:10:12.0566 4616 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:10:12.0582 4616 isapnp - ok
19:10:12.0644 4616 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:10:12.0660 4616 iScsiPrt - ok
19:10:12.0691 4616 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:10:12.0707 4616 kbdclass - ok
19:10:12.0754 4616 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:10:12.0785 4616 kbdhid - ok
19:10:12.0816 4616 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:10:12.0832 4616 KeyIso - ok
19:10:12.0863 4616 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:10:12.0894 4616 KSecDD - ok
19:10:12.0941 4616 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:10:12.0956 4616 KSecPkg - ok
19:10:12.0972 4616 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:10:13.0034 4616 ksthunk - ok
19:10:13.0066 4616 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:10:13.0128 4616 KtmRm - ok
19:10:13.0175 4616 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:10:13.0253 4616 LanmanServer - ok
19:10:13.0284 4616 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:10:13.0346 4616 LanmanWorkstation - ok
19:10:13.0378 4616 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:10:13.0440 4616 lltdio - ok
19:10:13.0487 4616 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:10:13.0549 4616 lltdsvc - ok
19:10:13.0565 4616 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:10:13.0596 4616 lmhosts - ok
19:10:13.0658 4616 [ 5DCD36FC4A6ECBF6E7F9B3BF7E0D0F55 ] LPDSVC C:\Windows\system32\lpdsvc.dll
19:10:13.0690 4616 LPDSVC - ok
19:10:13.0721 4616 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:10:13.0736 4616 LSI_FC - ok
19:10:13.0752 4616 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:10:13.0752 4616 LSI_SAS - ok
19:10:13.0783 4616 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:10:13.0799 4616 LSI_SAS2 - ok
19:10:13.0814 4616 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:10:13.0830 4616 LSI_SCSI - ok
19:10:13.0846 4616 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:10:13.0908 4616 luafv - ok
19:10:13.0955 4616 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:10:14.0002 4616 Mcx2Svc - ok
19:10:14.0017 4616 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:10:14.0033 4616 megasas - ok
19:10:14.0048 4616 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:10:14.0064 4616 MegaSR - ok
19:10:14.0189 4616 Microsoft SharePoint Workspace Audit Service - ok
19:10:14.0267 4616 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:10:14.0345 4616 MMCSS - ok
19:10:14.0376 4616 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:10:14.0438 4616 Modem - ok
19:10:14.0501 4616 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:10:14.0548 4616 monitor - ok
19:10:14.0626 4616 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:10:14.0641 4616 mouclass - ok
19:10:14.0704 4616 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:10:14.0735 4616 mouhid - ok
19:10:14.0766 4616 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:10:14.0782 4616 mountmgr - ok
19:10:14.0844 4616 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:10:14.0860 4616 mpio - ok
19:10:14.0875 4616 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:10:14.0922 4616 mpsdrv - ok
19:10:14.0953 4616 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:10:15.0031 4616 MpsSvc - ok
19:10:15.0078 4616 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:10:15.0109 4616 MRxDAV - ok
19:10:15.0140 4616 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:10:15.0203 4616 mrxsmb - ok
19:10:15.0250 4616 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:10:15.0328 4616 mrxsmb10 - ok
19:10:15.0343 4616 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:10:15.0359 4616 mrxsmb20 - ok
19:10:15.0374 4616 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:10:15.0390 4616 msahci - ok
19:10:15.0452 4616 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:10:15.0468 4616 msdsm - ok
19:10:15.0515 4616 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:10:15.0530 4616 MSDTC - ok
19:10:15.0546 4616 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:10:15.0577 4616 Msfs - ok
19:10:15.0593 4616 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:10:15.0655 4616 mshidkmdf - ok
19:10:15.0686 4616 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:10:15.0702 4616 msisadrv - ok
19:10:15.0764 4616 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:10:15.0827 4616 MSiSCSI - ok
19:10:15.0827 4616 msiserver - ok
19:10:15.0889 4616 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:10:15.0952 4616 MSKSSRV - ok
19:10:15.0983 4616 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:10:16.0045 4616 MSPCLOCK - ok
19:10:16.0061 4616 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:10:16.0108 4616 MSPQM - ok
19:10:16.0154 4616 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:10:16.0186 4616 MsRPC - ok
19:10:16.0201 4616 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:10:16.0217 4616 mssmbios - ok
19:10:16.0248 4616 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:10:16.0310 4616 MSTEE - ok
19:10:16.0342 4616 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:10:16.0388 4616 MTConfig - ok
19:10:16.0420 4616 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:10:16.0435 4616 Mup - ok
19:10:16.0544 4616 [ 1BF9D6476061B31CD7FC2BF848529A56 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
19:10:16.0560 4616 N360 - ok
19:10:16.0607 4616 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:10:16.0685 4616 napagent - ok
19:10:16.0747 4616 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:10:16.0794 4616 NativeWifiP - ok
19:10:16.0919 4616 [ 56540E526B46E379A476FB5BC381B290 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130805.023\ENG64.SYS
19:10:16.0950 4616 NAVENG - ok
19:10:17.0012 4616 [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130805.023\EX64.SYS
19:10:17.0106 4616 NAVEX15 - ok
19:10:17.0184 4616 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:10:17.0262 4616 NDIS - ok
19:10:17.0309 4616 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:10:17.0356 4616 NdisCap - ok
19:10:17.0371 4616 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:10:17.0402 4616 NdisTapi - ok
19:10:17.0449 4616 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:10:17.0512 4616 Ndisuio - ok
19:10:17.0558 4616 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:10:17.0621 4616 NdisWan - ok
19:10:17.0683 4616 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:10:17.0746 4616 NDProxy - ok
19:10:17.0777 4616 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:10:17.0839 4616 NetBIOS - ok
19:10:17.0886 4616 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:10:17.0948 4616 NetBT - ok
19:10:17.0964 4616 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:10:17.0980 4616 Netlogon - ok
19:10:18.0026 4616 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:10:18.0073 4616 Netman - ok
19:10:18.0104 4616 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:10:18.0167 4616 netprofm - ok
19:10:18.0198 4616 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:10:18.0214 4616 NetTcpPortSharing - ok
19:10:18.0245 4616 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:10:18.0260 4616 nfrd960 - ok
19:10:18.0292 4616 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:10:18.0338 4616 NlaSvc - ok
19:10:18.0370 4616 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:10:18.0416 4616 Npfs - ok
19:10:18.0463 4616 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:10:18.0526 4616 nsi - ok
19:10:18.0572 4616 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:10:18.0635 4616 nsiproxy - ok
19:10:18.0713 4616 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:10:18.0822 4616 Ntfs - ok
19:10:18.0853 4616 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:10:18.0884 4616 Null - ok
19:10:18.0900 4616 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:10:18.0916 4616 nvraid - ok
19:10:18.0978 4616 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:10:18.0994 4616 nvstor - ok
19:10:19.0009 4616 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:10:19.0025 4616 nv_agp - ok
19:10:19.0056 4616 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:10:19.0072 4616 ohci1394 - ok
19:10:19.0150 4616 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:10:19.0165 4616 ose - ok
19:10:19.0368 4616 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:10:19.0524 4616 osppsvc - ok
19:10:19.0571 4616 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:10:19.0633 4616 p2pimsvc - ok
19:10:19.0696 4616 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:10:19.0727 4616 p2psvc - ok
19:10:19.0742 4616 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:10:19.0758 4616 Parport - ok
19:10:19.0789 4616 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:10:19.0805 4616 partmgr - ok
19:10:19.0820 4616 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:10:19.0852 4616 PcaSvc - ok
19:10:19.0883 4616 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:10:19.0898 4616 pci - ok
19:10:19.0930 4616 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:10:19.0945 4616 pciide - ok
19:10:19.0961 4616 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:10:19.0992 4616 pcmcia - ok
19:10:20.0008 4616 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:10:20.0023 4616 pcw - ok
19:10:20.0039 4616 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:10:20.0117 4616 PEAUTH - ok
19:10:20.0210 4616 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:10:20.0257 4616 PerfHost - ok
19:10:20.0320 4616 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:10:20.0444 4616 pla - ok
19:10:20.0522 4616 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:10:20.0585 4616 PlugPlay - ok
19:10:20.0600 4616 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:10:20.0632 4616 PNRPAutoReg - ok
19:10:20.0647 4616 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:10:20.0663 4616 PNRPsvc - ok
19:10:20.0678 4616 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:10:20.0741 4616 PolicyAgent - ok
19:10:20.0803 4616 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:10:20.0834 4616 Power - ok
19:10:20.0881 4616 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:10:20.0944 4616 PptpMiniport - ok
19:10:20.0975 4616 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:10:20.0990 4616 Processor - ok
19:10:21.0053 4616 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:10:21.0084 4616 ProfSvc - ok
19:10:21.0100 4616 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:10:21.0115 4616 ProtectedStorage - ok
19:10:21.0178 4616 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:10:21.0224 4616 Psched - ok
19:10:21.0256 4616 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:10:21.0318 4616 ql2300 - ok
19:10:21.0334 4616 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:10:21.0349 4616 ql40xx - ok
19:10:21.0396 4616 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:10:21.0427 4616 QWAVE - ok
19:10:21.0443 4616 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:10:21.0474 4616 QWAVEdrv - ok
19:10:21.0505 4616 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:10:21.0552 4616 RasAcd - ok
19:10:21.0614 4616 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:10:21.0646 4616 RasAgileVpn - ok
19:10:21.0677 4616 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:10:21.0724 4616 RasAuto - ok
19:10:21.0739 4616 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:10:21.0802 4616 Rasl2tp - ok
19:10:21.0848 4616 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:10:21.0911 4616 RasMan - ok
19:10:21.0926 4616 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:10:21.0973 4616 RasPppoe - ok
19:10:21.0989 4616 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:10:22.0051 4616 RasSstp - ok
19:10:22.0067 4616 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:10:22.0129 4616 rdbss - ok
19:10:22.0160 4616 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:10:22.0207 4616 rdpbus - ok
19:10:22.0238 4616 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:10:22.0301 4616 RDPCDD - ok
19:10:22.0316 4616 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:10:22.0379 4616 RDPENCDD - ok
19:10:22.0410 4616 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:10:22.0441 4616 RDPREFMP - ok
19:10:22.0488 4616 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:10:22.0550 4616 RDPWD - ok
19:10:22.0613 4616 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:10:22.0628 4616 rdyboost - ok
19:10:22.0675 4616 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:10:22.0738 4616 RemoteAccess - ok
19:10:22.0784 4616 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:10:22.0847 4616 RemoteRegistry - ok
19:10:22.0878 4616 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:10:22.0940 4616 RpcEptMapper - ok
19:10:22.0972 4616 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:10:23.0018 4616 RpcLocator - ok
19:10:23.0065 4616 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:10:23.0112 4616 RpcSs - ok
19:10:23.0128 4616 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:10:23.0174 4616 rspndr - ok
19:10:23.0206 4616 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:10:23.0221 4616 SamSs - ok
19:10:23.0268 4616 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:10:23.0299 4616 sbp2port - ok
19:10:23.0330 4616 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:10:23.0377 4616 SCardSvr - ok
19:10:23.0424 4616 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:10:23.0486 4616 scfilter - ok
19:10:23.0549 4616 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:10:23.0642 4616 Schedule - ok
19:10:23.0689 4616 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:10:23.0736 4616 SCPolicySvc - ok
19:10:23.0783 4616 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:10:23.0798 4616 SDRSVC - ok
19:10:23.0908 4616 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:10:23.0923 4616 SeaPort - ok
19:10:23.0954 4616 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:10:23.0986 4616 secdrv - ok
19:10:24.0048 4616 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:10:24.0079 4616 seclogon - ok
19:10:24.0095 4616 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:10:24.0157 4616 SENS - ok
19:10:24.0189 4616 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:10:24.0235 4616 SensrSvc - ok
19:10:24.0251 4616 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:10:24.0298 4616 Serenum - ok
19:10:24.0313 4616 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:10:24.0345 4616 Serial - ok
19:10:24.0360 4616 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:10:24.0391 4616 sermouse - ok
19:10:24.0438 4616 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:10:24.0501 4616 SessionEnv - ok
19:10:24.0547 4616 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:10:24.0563 4616 sffdisk - ok
19:10:24.0563 4616 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:10:24.0610 4616 sffp_mmc - ok
19:10:24.0625 4616 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:10:24.0672 4616 sffp_sd - ok
19:10:24.0719 4616 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:10:24.0735 4616 sfloppy - ok
19:10:24.0781 4616 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:10:24.0859 4616 SharedAccess - ok
19:10:24.0906 4616 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:10:24.0969 4616 ShellHWDetection - ok
19:10:25.0000 4616 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:10:25.0000 4616 SiSRaid2 - ok
19:10:25.0015 4616 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:10:25.0031 4616 SiSRaid4 - ok
19:10:25.0062 4616 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:10:25.0093 4616 Smb - ok
19:10:25.0140 4616 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:10:25.0156 4616 SNMPTRAP - ok
19:10:25.0171 4616 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:10:25.0187 4616 spldr - ok
19:10:25.0249 4616 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:10:25.0281 4616 Spooler - ok
19:10:25.0390 4616 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:10:25.0499 4616 sppsvc - ok
19:10:25.0530 4616 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:10:25.0593 4616 sppuinotify - ok
19:10:25.0686 4616 [ 2FD9346F9D76CB4192D37329CFA47A82 ] SRTSP C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS
19:10:25.0749 4616 SRTSP - ok
19:10:25.0780 4616 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS
19:10:25.0780 4616 SRTSPX - ok
19:10:25.0842 4616 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:10:25.0920 4616 srv - ok
19:10:25.0967 4616 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:10:26.0014 4616 srv2 - ok
19:10:26.0045 4616 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:10:26.0092 4616 srvnet - ok
19:10:26.0170 4616 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:10:26.0263 4616 SSDPSRV - ok
19:10:26.0295 4616 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:10:26.0326 4616 SstpSvc - ok
19:10:26.0373 4616 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:10:26.0388 4616 stexstor - ok
19:10:26.0435 4616 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
19:10:26.0482 4616 StillCam - ok
19:10:26.0560 4616 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:10:26.0622 4616 stisvc - ok
19:10:26.0685 4616 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:10:26.0700 4616 swenum - ok
19:10:26.0716 4616 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:10:26.0809 4616 swprv - ok
19:10:26.0887 4616 [ 52DC0048D667757A8A2E4C87182890AC ] SymDS C:\Windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS
19:10:26.0919 4616 SymDS - ok
19:10:26.0950 4616 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS
19:10:26.0997 4616 SymEFA - ok
19:10:27.0043 4616 [ F19E5E37ED8134B9E5F6287F2D3A75D7 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:10:27.0075 4616 SymEvent - ok
19:10:27.0090 4616 SYMFW - ok
19:10:27.0137 4616 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS
19:10:27.0168 4616 SymIRON - ok
19:10:27.0168 4616 SYMNDISV - ok
19:10:27.0184 4616 [ 9CDCA70485BD6B9D230365F67C31F132 ] SymNetS C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS
19:10:27.0215 4616 SymNetS - ok
19:10:27.0277 4616 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:10:27.0371 4616 SysMain - ok
19:10:27.0418 4616 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:10:27.0465 4616 TabletInputService - ok
19:10:27.0511 4616 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:10:27.0589 4616 TapiSrv - ok
19:10:27.0636 4616 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:10:27.0683 4616 TBS - ok
19:10:27.0761 4616 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:10:27.0839 4616 Tcpip - ok
19:10:27.0886 4616 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:10:27.0917 4616 TCPIP6 - ok
19:10:27.0979 4616 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:10:28.0011 4616 tcpipreg - ok
19:10:28.0057 4616 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:10:28.0120 4616 TDPIPE - ok
19:10:28.0167 4616 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:10:28.0198 4616 TDTCP - ok
19:10:28.0260 4616 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:10:28.0291 4616 tdx - ok
19:10:28.0307 4616 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:10:28.0323 4616 TermDD - ok
19:10:28.0369 4616 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:10:28.0463 4616 TermService - ok
19:10:28.0479 4616 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:10:28.0510 4616 Themes - ok
19:10:28.0557 4616 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:10:28.0588 4616 THREADORDER - ok
19:10:28.0603 4616 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:10:28.0650 4616 TrkWks - ok
19:10:28.0744 4616 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:10:28.0806 4616 TrustedInstaller - ok
19:10:28.0853 4616 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:10:28.0915 4616 tssecsrv - ok
19:10:28.0978 4616 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:10:29.0025 4616 TsUsbFlt - ok
19:10:29.0087 4616 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:10:29.0149 4616 tunnel - ok
19:10:29.0196 4616 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:10:29.0212 4616 uagp35 - ok
19:10:29.0259 4616 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:10:29.0337 4616 udfs - ok
19:10:29.0368 4616 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:10:29.0383 4616 UI0Detect - ok
19:10:29.0399 4616 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:10:29.0415 4616 uliagpkx - ok
19:10:29.0477 4616 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:10:29.0508 4616 umbus - ok
19:10:29.0555 4616 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:10:29.0602 4616 UmPass - ok
19:10:29.0633 4616 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:10:29.0695 4616 upnphost - ok
19:10:29.0742 4616 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:10:29.0789 4616 USBAAPL64 - ok
19:10:29.0851 4616 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:10:29.0867 4616 usbccgp - ok
19:10:29.0929 4616 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:10:29.0945 4616 usbcir - ok
19:10:29.0992 4616 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:10:30.0023 4616 usbehci - ok
19:10:30.0054 4616 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:10:30.0070 4616 usbhub - ok
19:10:30.0085 4616 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:10:30.0117 4616 usbohci - ok
19:10:30.0148 4616 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:10:30.0179 4616 usbprint - ok
19:10:30.0226 4616 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:10:30.0257 4616 usbscan - ok
19:10:30.0273 4616 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:10:30.0335 4616 USBSTOR - ok
19:10:30.0335 4616 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:10:30.0382 4616 usbuhci - ok
19:10:30.0429 4616 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:10:30.0491 4616 UxSms - ok
19:10:30.0507 4616 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:10:30.0522 4616 VaultSvc - ok
19:10:30.0585 4616 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:10:30.0600 4616 vdrvroot - ok
19:10:30.0647 4616 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:10:30.0709 4616 vds - ok
19:10:30.0725 4616 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:10:30.0741 4616 vga - ok
19:10:30.0756 4616 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:10:30.0819 4616 VgaSave - ok
19:10:30.0850 4616 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:10:30.0881 4616 vhdmp - ok
19:10:30.0897 4616 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:10:30.0912 4616 viaide - ok
19:10:30.0928 4616 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:10:30.0943 4616 volmgr - ok
19:10:30.0975 4616 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:10:31.0006 4616 volmgrx - ok
19:10:31.0021 4616 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:10:31.0037 4616 volsnap - ok
19:10:31.0099 4616 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:10:31.0115 4616 vsmraid - ok
19:10:31.0177 4616 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:10:31.0255 4616 VSS - ok
19:10:31.0271 4616 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:10:31.0318 4616 vwifibus - ok
19:10:31.0365 4616 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:10:31.0458 4616 W32Time - ok
19:10:31.0489 4616 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:10:31.0521 4616 WacomPen - ok
19:10:31.0552 4616 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:10:31.0614 4616 WANARP - ok
19:10:31.0630 4616 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:10:31.0661 4616 Wanarpv6 - ok
19:10:31.0755 4616 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:10:31.0801 4616 WatAdminSvc - ok
19:10:31.0864 4616 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:10:31.0957 4616 wbengine - ok
19:10:31.0989 4616 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:10:32.0051 4616 WbioSrvc - ok
19:10:32.0145 4616 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:10:32.0207 4616 wcncsvc - ok
19:10:32.0223 4616 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:10:32.0254 4616 WcsPlugInService - ok
19:10:32.0269 4616 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:10:32.0285 4616 Wd - ok
19:10:32.0347 4616 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:10:32.0394 4616 Wdf01000 - ok
19:10:32.0410 4616 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:10:32.0503 4616 WdiServiceHost - ok
19:10:32.0503 4616 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:10:32.0535 4616 WdiSystemHost - ok
19:10:32.0581 4616 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:10:32.0613 4616 WebClient - ok
19:10:32.0644 4616 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:10:32.0706 4616 Wecsvc - ok
19:10:32.0737 4616 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:10:32.0800 4616 wercplsupport - ok
19:10:32.0831 4616 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:10:32.0878 4616 WerSvc - ok
19:10:32.0893 4616 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:10:32.0925 4616 WfpLwf - ok
19:10:32.0940 4616 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:10:32.0956 4616 WIMMount - ok
19:10:32.0987 4616 WinDefend - ok
19:10:33.0003 4616 WinHttpAutoProxySvc - ok
19:10:33.0081 4616 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:10:33.0127 4616 Winmgmt - ok
19:10:33.0205 4616 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:10:33.0315 4616 WinRM - ok
19:10:33.0393 4616 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:10:33.0439 4616 WinUsb - ok
19:10:33.0502 4616 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:10:33.0564 4616 Wlansvc - ok
19:10:33.0611 4616 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:10:33.0627 4616 WmiAcpi - ok
19:10:33.0689 4616 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:10:33.0736 4616 wmiApSrv - ok
19:10:33.0798 4616 WMPNetworkSvc - ok
19:10:33.0814 4616 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:10:33.0845 4616 WPCSvc - ok
19:10:33.0892 4616 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:10:33.0923 4616 WPDBusEnum - ok
19:10:33.0970 4616 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:10:34.0017 4616 ws2ifsl - ok
19:10:34.0048 4616 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:10:34.0079 4616 wscsvc - ok
19:10:34.0079 4616 WSearch - ok
19:10:34.0157 4616 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:10:34.0219 4616 wuauserv - ok
19:10:34.0266 4616 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:10:34.0313 4616 WudfPf - ok
19:10:34.0360 4616 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:10:34.0375 4616 WUDFRd - ok
19:10:34.0422 4616 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:10:34.0453 4616 wudfsvc - ok
19:10:34.0500 4616 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:10:34.0578 4616 WwanSvc - ok
19:10:34.0594 4616 ================ Scan global ===============================
19:10:34.0625 4616 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:10:34.0672 4616 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:10:34.0687 4616 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:10:34.0734 4616 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:10:34.0797 4616 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:10:34.0797 4616 [Global] - ok
19:10:34.0797 4616 ================ Scan MBR ==================================
19:10:34.0812 4616 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:10:35.0109 4616 \Device\Harddisk0\DR0 - ok
19:10:35.0109 4616 ================ Scan VBR ==================================
19:10:35.0124 4616 [ AA61BCF2157FA6739FEE4C424FD495F6 ] \Device\Harddisk0\DR0\Partition1
19:10:35.0124 4616 \Device\Harddisk0\DR0\Partition1 - ok
19:10:35.0140 4616 [ B0C73E16F80C8985DAAAE0E638403502 ] \Device\Harddisk0\DR0\Partition2
19:10:35.0140 4616 \Device\Harddisk0\DR0\Partition2 - ok
19:10:35.0140 4616 ============================================================
19:10:35.0140 4616 Scan finished
19:10:35.0140 4616 ============================================================
19:10:35.0140 3204 Detected object count: 0
19:10:35.0140 3204 Actual detected object count: 0
19:11:04.0764 2512 Deinitialize success



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:40 PM

Posted 14 August 2013 - 02:59 PM

Good evening. :)

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive. Plug the flashdrive into the infected PC and then enter System Recovery Options.
 

  • To enter System Recovery Options from the Advanced Boot Options:
     
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on  Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

  • Select Command Prompt.
  • In the Command Window type in notepad and hit <ENTER>.
  • When a notepad window opens, under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and hit <ENTER>.

    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • A log, called FRST.txt, will be created on the flash drive - please copy and paste the contents in your reply.

 

 

 

 


So long, and thanks for all the fish.

 

 


#5 PRR60

PRR60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 14 August 2013 - 07:03 PM

Here is the FRST.txt scan.  Thanks for your help! 
Bill


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 01
Ran by SYSTEM on 14-08-2013 19:57:33
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKU\Bill\...\Run: [Google Update] - [x]

==================== Services (Whitelisted) =================

S2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
S2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-10] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-10] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-10] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130804.001\IDSvia64.sys [513184 2013-06-05] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130804.001\IDSvia64.sys [513184 2013-06-05] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130805.023\ENG64.SYS [126040 2013-06-06] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130805.023\ENG64.SYS [126040 2013-06-06] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130805.023\EX64.SYS [2098776 2013-06-06] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130805.023\EX64.SYS [2098776 2013-06-06] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-17] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 SYMFW; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-13 15:16 - 2013-08-13 15:16 - 00000000 ____D C:\Users\Bill\Desktop\tdsskiller
2013-08-13 15:08 - 2013-08-13 15:08 - 00000000 ____D C:\Users\Bill2\Desktop\tdsskiller
2013-08-13 15:07 - 2013-08-13 15:02 - 02218636 _____ C:\Users\Bill2\Desktop\tdsskiller.zip
2013-08-13 09:56 - 2013-08-13 10:00 - 00006570 _____ C:\Users\Bill2\Desktop\attach.txt
2013-08-13 09:56 - 2013-08-13 09:56 - 00012400 _____ C:\Users\Bill2\Desktop\dds.txt
2013-08-13 09:55 - 2013-08-13 09:51 - 00688992 ____R (Swearware) C:\Users\Bill\Desktop\dds.com
2013-08-11 07:26 - 2013-08-11 07:26 - 00002208 _____ C:\{A83DDC24-ED16-43B2-876F-1AFD1EA1E20B}
2013-08-01 12:07 - 2013-08-01 12:07 - 00002112 _____ C:\{0A09EF8B-3277-47DD-8D75-689B45485F6F}
2013-07-28 04:24 - 2013-07-28 04:24 - 00000000 ____D C:\Users\Bill2\AppData\Roaming\Apple Computer
2013-07-28 04:24 - 2013-07-28 04:24 - 00000000 ____D C:\Users\Bill2\AppData\Roaming\Adobe
2013-07-28 04:23 - 2013-07-28 04:24 - 00000000 ____D C:\users\Bill2
2013-07-28 04:23 - 2013-07-28 04:23 - 00000020 ___SH C:\Users\Bill2\ntuser.ini
2013-07-28 04:23 - 2013-07-28 04:23 - 00000000 ____D C:\Users\Bill2\AppData\Local\VirtualStore
2013-07-28 04:23 - 2010-11-29 20:49 - 00000000 ____D C:\Users\Bill2\AppData\Roaming\Mozilla
2013-07-28 04:23 - 2010-02-02 19:07 - 00000000 ____D C:\Users\Bill2\AppData\Local\Microsoft Help
2013-07-28 04:23 - 2010-01-30 06:33 - 00000000 ____D C:\Users\Bill2\AppData\Roaming\Macromedia
2013-07-26 15:41 - 2013-07-26 15:41 - 00004280 _____ C:\{F166E429-070F-4401-9908-D4A279423D5A}
2013-07-26 07:57 - 2013-08-13 15:15 - 00000000 ____D C:\Users\Bill\AppData\Local\CrashDumps
2013-07-25 18:12 - 2013-07-25 18:12 - 00000000 ____D C:\Users\Bill\AppData\Local\Google
2013-07-18 04:12 - 2013-07-18 04:12 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite

==================== One Month Modified Files and Folders =======

2013-08-14 15:51 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-14 15:51 - 2009-07-13 20:51 - 00100762 _____ C:\Windows\setupact.log
2013-08-14 12:52 - 2010-01-29 22:34 - 01758651 _____ C:\Windows\WindowsUpdate.log
2013-08-14 12:04 - 2012-03-31 17:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-14 06:55 - 2009-07-13 20:45 - 00013440 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-14 06:55 - 2009-07-13 20:45 - 00013440 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-14 06:47 - 2010-01-29 20:40 - 00132012 _____ C:\Windows\PFRO.log
2013-08-13 15:16 - 2013-08-13 15:16 - 00000000 ____D C:\Users\Bill\Desktop\tdsskiller
2013-08-13 15:15 - 2013-07-26 07:57 - 00000000 ____D C:\Users\Bill\AppData\Local\CrashDumps
2013-08-13 15:08 - 2013-08-13 15:08 - 00000000 ____D C:\Users\Bill2\Desktop\tdsskiller
2013-08-13 15:02 - 2013-08-13 15:07 - 02218636 _____ C:\Users\Bill2\Desktop\tdsskiller.zip
2013-08-13 10:18 - 2010-02-03 19:19 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{82D216D2-89F0-41AB-9F71-5B4F4DCACF37}
2013-08-13 10:00 - 2013-08-13 09:56 - 00006570 _____ C:\Users\Bill2\Desktop\attach.txt
2013-08-13 09:56 - 2013-08-13 09:56 - 00012400 _____ C:\Users\Bill2\Desktop\dds.txt
2013-08-13 09:56 - 2009-07-13 21:13 - 00743986 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-13 09:51 - 2013-08-13 09:55 - 00688992 ____R (Swearware) C:\Users\Bill\Desktop\dds.com
2013-08-13 09:19 - 2008-06-07 11:34 - 00000000 ____D C:\Users\Bill\Documents\Run
2013-08-13 09:15 - 2008-06-07 11:34 - 00000000 ____D C:\Users\Bill\Documents\Phillies
2013-08-13 09:08 - 2011-10-16 06:30 - 00000000 ____D C:\Users\Bill\Documents\Medical
2013-08-11 07:26 - 2013-08-11 07:26 - 00002208 _____ C:\{A83DDC24-ED16-43B2-876F-1AFD1EA1E20B}
2013-08-08 07:47 - 2010-05-30 10:05 - 00000000 ____D C:\Users\Bill\Documents\aaTransfer
2013-08-08 07:43 - 2008-06-07 11:34 - 00000000 ____D C:\Users\Bill\Documents\Finance
2013-08-06 05:43 - 2008-06-07 11:04 - 00000000 ____D C:\Users\Bill\Documents\Quicken
2013-08-06 05:17 - 2008-06-09 16:18 - 00000000 ____D C:\Users\Bill\Documents\Mother
2013-08-04 10:37 - 2008-06-09 16:18 - 00000000 ____D C:\Users\Bill\Documents\Misc
2013-08-03 18:03 - 2008-06-07 11:33 - 00000000 ____D C:\Users\Bill\Documents\Rail Air
2013-08-01 12:07 - 2013-08-01 12:07 - 00002112 _____ C:\{0A09EF8B-3277-47DD-8D75-689B45485F6F}
2013-08-01 11:51 - 2010-08-31 09:06 - 00000000 ____D C:\Users\Bill\Documents\ASTM
2013-07-28 04:24 - 2013-07-28 04:24 - 00000000 ____D C:\Users\Bill2\AppData\Roaming\Apple Computer
2013-07-28 04:24 - 2013-07-28 04:24 - 00000000 ____D C:\Users\Bill2\AppData\Roaming\Adobe
2013-07-28 04:24 - 2013-07-28 04:23 - 00000000 ____D C:\users\Bill2
2013-07-28 04:23 - 2013-07-28 04:23 - 00000020 ___SH C:\Users\Bill2\ntuser.ini
2013-07-28 04:23 - 2013-07-28 04:23 - 00000000 ____D C:\Users\Bill2\AppData\Local\VirtualStore
2013-07-26 15:41 - 2013-07-26 15:41 - 00004280 _____ C:\{F166E429-070F-4401-9908-D4A279423D5A}
2013-07-26 08:53 - 2010-01-29 21:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-26 08:53 - 2009-07-13 18:34 - 00000478 _____ C:\Windows\win.ini
2013-07-25 18:24 - 2012-03-31 17:04 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-25 18:24 - 2012-03-31 17:04 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-25 18:24 - 2011-05-21 19:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-25 18:24 - 2010-01-30 06:30 - 00000000 ____D C:\Users\Bill\AppData\Local\Adobe
2013-07-25 18:12 - 2013-07-25 18:12 - 00000000 ____D C:\Users\Bill\AppData\Local\Google
2013-07-22 10:25 - 2010-01-30 08:27 - 00000000 ____D C:\ProgramData\pdf995
2013-07-22 10:11 - 2012-07-02 07:51 - 00000000 ____D C:\Users\Bill\Documents\ASCE
2013-07-18 04:12 - 2013-07-18 04:12 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
2013-07-18 04:07 - 2013-06-06 03:28 - 00003228 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-07-18 04:07 - 2010-01-29 20:54 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2013-07-17 12:54 - 2010-01-29 20:54 - 00177312 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-07-17 12:54 - 2010-01-29 20:54 - 00007631 _____ C:\Windows\System32\Drivers\SYMEVENT64x86.CAT

Files to move or delete:
====================
ZeroAccess:
C:\Users\Bill\AppData\Local\Google\Desktop\Install\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-07-06 05:18:11
Restore point made on: 2013-07-11 12:27:36
Restore point made on: 2013-07-12 20:03:27
Restore point made on: 2013-07-26 08:45:20
Restore point made on: 2013-08-03 06:20:23

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4085.18 MB
Available physical RAM: 3487.7 MB
Total Pagefile: 4083.32 MB
Available Pagefile: 3475.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:455.71 GB) (Free:219.36 GB) NTFS (Disk=0 Partition=3) ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.07 GB) NTFS (Disk=0 Partition=2)
Drive f: (KINGSTON) (Removable) (Total:7.5 GB) (Free:7.09 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 20000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=456 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)


LastRegBack: 2013-08-03 06:13

==================== End Of Log ============================

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:40 PM

Posted 15 August 2013 - 02:10 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*

  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.

* Please note from the instructions page:

Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.


So long, and thanks for all the fish.

 

 


#7 PRR60

PRR60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 15 August 2013 - 08:40 PM

Ran ComboFix. First time it hung for 30 minutes at the "Attempting to create a system restore point" message. I got out, made sure every possible aspect of Norton was turned off, re-ran it, and this time it seemed to work fine.
 
Following the ComboFix scan, I did a cold shutdown. After a couple of minutes of wait, I restarted the machine.  It restarted normally.  I turned on the Norton default protections.  I re-established the internet connection.  No Norton warnings.  So far, so good.
 
Thanks so much for your help!
 
Bill!
 
Following is the ComboFix log.

ComboFix 13-08-15.02 - Bill2 08/15/2013 21:09:03.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2951 [GMT -4:00]
Running from: c:\users\Bill2\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bill\AppData\Local\Google\Desktop\Install
c:\users\Bill\AppData\Local\Google\Desktop\Install\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\???\???\???\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\@
c:\users\Bill\AppData\Local\Google\Desktop\Install\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\???\???\???\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\GoogleUpdate.exe
c:\users\Bill\AppData\Local\Google\Desktop\Install\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\???\???\???\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\L\00000004.@
c:\users\Bill\AppData\Local\Google\Desktop\Install\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\???\???\???\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\U\80000032.@
c:\users\Bill\AppData\Local\Google\Desktop\Install\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\???\???\???\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\U\80000064.@
c:\users\Bill\AppData\Local\Google\Desktop\Install\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\2E2F~1\28F0~1\E628~1\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\@
c:\users\Bill\AppData\Local\Google\Desktop\Install\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\2E2F~1\28F0~1\E628~1\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\GoogleUpdate.exe
c:\users\Bill\AppData\Local\Google\Desktop\Install\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\2E2F~1\28F0~1\E628~1\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\L\00000004.@
c:\users\Bill\AppData\Local\Google\Desktop\Install\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\2E2F~1\28F0~1\E628~1\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\U\80000032.@
c:\users\Bill\AppData\Local\Google\Desktop\Install\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\2E2F~1\28F0~1\E628~1\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\U\80000064.@
.
.
((((((((((((((((((((((((( Files Created from 2013-07-16 to 2013-08-16 )))))))))))))))))))))))))))))))
.
.
2013-08-16 01:17 . 2013-08-16 01:17 -------- d-----w- c:\users\Marie\AppData\Local\temp
2013-08-16 01:17 . 2013-08-16 01:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-16 01:17 . 2013-08-16 01:17 -------- d-----w- c:\users\Bill\AppData\Local\temp
2013-08-15 03:57 . 2013-08-15 03:57 -------- d-----w- C:\FRST
2013-07-28 12:23 . 2013-07-28 12:24 -------- d-----w- c:\users\Bill2
2013-07-26 15:57 . 2013-08-13 23:15 -------- d-----w- c:\users\Bill\AppData\Local\CrashDumps
2013-07-26 02:12 . 2013-07-26 02:12 -------- d-----w- c:\users\Bill\AppData\Local\Google
2013-07-17 20:53 . 2013-07-18 12:06 -------- d-----w- c:\windows\system32\drivers\N360x64\1404000.028
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-26 02:24 . 2012-04-01 01:04 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-26 02:24 . 2011-05-22 03:35 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-17 20:54 . 2010-01-30 04:54 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-06-24 04:57 . 2010-01-30 14:04 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-11 23:43 . 2013-07-11 20:34 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-11 20:34 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-11 23:42 . 2013-07-11 20:34 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-11 23:42 . 2013-07-11 20:34 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26 . 2013-07-11 20:34 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-11 20:34 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-11 20:34 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-11 20:34 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-11 20:34 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-11 20:34 855552 ----a-w- c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-11 20:34 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-11 20:34 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-11 23:25 . 2013-07-11 20:34 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-11 23:25 . 2013-07-11 20:34 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:25 . 2013-07-11 20:34 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-06-11 23:25 . 2013-07-11 20:34 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 23:25 . 2013-07-11 20:34 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-06-11 23:25 . 2013-07-11 20:34 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-06-11 22:51 . 2013-07-11 20:34 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50 . 2013-07-11 20:34 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 03:22 . 2013-07-11 20:34 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-07 02:37 . 2013-07-11 20:34 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-05 03:34 . 2013-07-11 13:29 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 13:29 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 13:29 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-05-23 04:08 . 2013-05-23 04:08 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-23 04:08 . 2013-05-23 04:08 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-23 04:08 . 2013-05-23 04:08 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-23 04:08 . 2013-05-23 04:08 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-23 04:08 . 2013-05-23 04:08 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-23 04:08 . 2013-05-23 04:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-23 04:08 . 2013-05-23 04:08 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-23 04:08 . 2013-05-23 04:08 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-23 04:08 . 2013-05-23 04:08 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-23 04:08 . 2013-05-23 04:08 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-23 04:08 . 2013-05-23 04:08 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-23 04:08 . 2013-05-23 04:08 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-23 04:08 . 2013-05-23 04:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-23 04:08 . 2013-05-23 04:08 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-23 04:08 . 2013-05-23 04:08 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-23 04:08 . 2013-05-23 04:08 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-23 04:08 . 2013-05-23 04:08 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-23 04:08 . 2013-05-23 04:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-23 04:08 . 2013-05-23 04:08 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-23 04:08 . 2013-05-23 04:08 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-23 04:08 . 2013-05-23 04:08 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-23 04:08 . 2013-05-23 04:08 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-23 04:08 . 2013-05-23 04:08 441856 ----a-w- c:\windows\system32\html.iec
2013-05-23 04:08 . 2013-05-23 04:08 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-23 04:08 . 2013-05-23 04:08 235008 ----a-w- c:\windows\system32\url.dll
2013-05-23 04:08 . 2013-05-23 04:08 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-23 04:08 . 2013-05-23 04:08 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-23 04:08 . 2013-05-23 04:08 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-23 04:08 . 2013-05-23 04:08 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-23 04:08 . 2013-05-23 04:08 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-23 04:08 . 2013-05-23 04:08 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-23 04:08 . 2013-05-23 04:08 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-23 04:08 . 2013-05-23 04:08 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-23 04:08 . 2013-05-23 04:08 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-23 04:08 . 2013-05-23 04:08 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-23 04:08 . 2013-05-23 04:08 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-23 04:08 . 2013-05-23 04:08 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-23 04:08 . 2013-05-23 04:08 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-23 04:08 . 2013-05-23 04:08 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-23 04:08 . 2013-05-23 04:08 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-23 04:08 . 2013-05-23 04:08 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-23 04:08 . 2013-05-23 04:08 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-23 04:08 . 2013-05-23 04:08 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-23 04:08 . 2013-05-23 04:08 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-23 04:08 . 2013-05-23 04:08 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-23 04:08 . 2013-05-23 04:08 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-23 04:08 . 2013-05-23 04:08 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-23 04:08 . 2013-05-23 04:08 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-23 04:08 . 2013-05-23 04:08 12800 ----a-w- c:\windows\system32\msfeedssync.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\0308000.029\SYMNDISV.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130804.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130804.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 02:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-15 21:20:20
ComboFix-quarantined-files.txt 2013-08-16 01:20
.
Pre-Run: 241,811,701,760 bytes free
Post-Run: 241,285,685,248 bytes free
.
- - End Of File - - 882F211066D96F77182B75093A3B61D9
A36C5E4F47E84449FF07ED3517B43A31



#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:40 PM

Posted 16 August 2013 - 02:10 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.
 

  • Click the Run ESET Online Scanner button.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:
    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

Will you also throw in a fresh DDS log and let me know how the PC is behaving.

 

 

 


So long, and thanks for all the fish.

 

 


#9 PRR60

PRR60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 16 August 2013 - 03:13 PM

Thanks for the instructions. I'll be out this afternoon and evening, and will perform the work tomorrow morning. I'll make sure the coffee is ready.

 

Bil



#10 PRR60

PRR60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 17 August 2013 - 10:28 PM

You were not kidding about that ESET scan taking a while. It took about seven hours. Competed OK with two issues found. The text file of the list of threats follows. I also ran DDS again, with the DDS log below and the attach.txt file attached.
 
The computer seems to be performing normally. Norton updated normally after reconnecting to the internet.  Norton reported two actions taken just after I started the ESET scan.  I've pasted the text of the Norton action below the DDS log in case it would be helpful to you.
 
Windows updates are waiting to be installed. I will hold off installing the updates just in case doing so would foul your review.
 
Thanks again for all your help.

 
Bill

ESET report

C:\Qoobox\Quarantine\C\Users\Bill\AppData\Local\Google\Desktop\Install\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\2E2F~1\28F0~1\E628~1\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\GoogleUpdate.exe.vir a variant of Win32/Kryptik.BGOS trojan


C:\Users\Bill\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\52d38c59-35664676 multiple threats
 
DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Bill2 at 23:02:05 on 2013-08-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2104 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LPDService
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP11-16469/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EB2C4D86-6B46-4058-85AB-F551CB2A2628} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-7-17 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-7-17 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-17 1393240]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-7-17 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130804.001\IDSviA64.sys [2013-8-6 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-7-17 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-7-17 433752]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe [2013-7-17 144368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-10 138912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-22 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-20 1255736]
.
=============== Created Last 30 ================
.
2013-08-17 18:56:04 -------- d-----w- C:\Program Files (x86)\ESET
2013-08-16 01:30:44 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-16 00:45:20 98816 ----a-w- C:\Windows\sed.exe
2013-08-16 00:45:20 256000 ----a-w- C:\Windows\PEV.exe
2013-08-16 00:45:20 208896 ----a-w- C:\Windows\MBR.exe
2013-08-15 03:57:24 -------- d-----w- C:\FRST
.
==================== Find3M ====================
.
2013-07-26 02:24:47 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-26 02:24:47 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-17 20:54:17 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-23 05:25:28 1139800 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys
2013-05-21 05:02:00 493656 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys
.
============= FINISH: 23:02:38.51 ===============
 
Norton action report

Filename: 80000032.@.vir
Threat name: Trojan.Gen.3
Full Path: c:\qoobox\quarantine\c\users\bill\appdata\local\google\desktop\install\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\2e2f~1\28f0~1\e628~1\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\u\80000032.@.vir

____________________________

Details
Unknown Community Usage,  Unknown Age,  Risk High

Origin
Downloaded from Unknown

Activity
Actions performed: 2

____________________________


On computers as of Not Available
Last Used 8/17/2013 at 3:44:59 PM
Startup Item No
Launched No

____________________________


Unknown
It is unknown how many users in the Norton Community have used this file.

Unknown
This file release is currently not known.

High
This file risk is high.

Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.



____________________________



Source: External Media


____________________________

File Actions

File: c:\qoobox\quarantine\c\users\bill\appdata\local\google\desktop\install\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\2e2f~1\28f0~1\e628~1\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\u\80000032.@.virRemoved
File: c:\qoobox\quarantine\c\users\bill\appdata\local\google\desktop\install\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\2e2f~1\28f0~1\e628~1\{ac031cec-2d3f-92a2-c34c-3def4fdfc8af}\u\80000064.@.virRemoved
____________________________


File Thumbprint - SHA:
179726dfe75dd1f9db3e948fa7d8765a1955b5b7469dfae159a2e74e3a1b21c0
File Thumbprint - MD5:
Not available

Attached Files


Edited by PRR60, 17 August 2013 - 10:29 PM.


#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:40 PM

Posted 19 August 2013 - 01:56 PM

Good evening. :)

One ESET detection and all the Norton ones are to be found in the C:\Qoobox\Quarantine folder, which is where ComboFix drops copies of files that it has targeted as malicious and removed. They pose no threat to your PC so you can ignore them for now -  assuming that Norton hasn't already removed them, they should be removed automatically when you uninstall ComboFix, which you will be doing shortly.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

The second ESET detection will be taken care of when you uninstall you existing versions, which are seriously out of date:

1) Go here[, click the Free Java Download button and save the file somewhere handy.

2) Pay a visit to this page for a tutorial and download link for JavaRa. This will completely remove Java from your system in preparation for  installing the latest version.

3) Once the removal process has been completed, run the installer you downloaded in Step One and that should be that.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Having done the above, run Windows Updates and let me know how you get on.


So long, and thanks for all the fish.

 

 


#12 PRR60

PRR60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 20 August 2013 - 09:19 AM

Hi Noviciate

 

- Ran JavaRa successfully and cleaned out all the old Java.  Ran the Java installer and now have Version 7, Update 25.

 

- Windows update ran and all updates installed.

 

- Norton is up to date, and no security warnings are appearing.

 

- Rebooted several times in the process with all reboots normal.

 

Things seem to be operating normally - which is great! 

 

Bill



#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:40 PM

Posted 20 August 2013 - 02:19 PM

Good evening. :)

Create a new Restore Point with a memorable name - this will give a clean one should you need it in the future. If you use a Restore Point from before this point you may reinstall any infection that was present at the time, so only do so if using this latest one doesn't solve any issues.
A tutorial for System Restore is available here.

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet. It's a little old, but still contains some good ideas.
 

Other than the above, i'd say you were done.

 


So long, and thanks for all the fish.

 

 


#14 PRR60

PRR60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 20 August 2013 - 02:48 PM

First, thanks for all your help and the links for security advice! 

 

Before we part ways, is there any uninstall work I need to do?

 

Bill



#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:40 PM

Posted 20 August 2013 - 03:17 PM

You can uninstall the Eset scanner just as you would with any installed program, and delete the rest, apart from ComboFix. For that one you need to follow the instructions here - just scroll down to the bottom.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users