Jump to content


Photo
- - - - -

Please help remove malware


  • This topic is locked This topic is locked
15 replies to this topic

#1 rysktkr2

rysktkr2

    New Member

  • Members
  • Pip
  • 37 posts

Posted 04 October 2012 - 11:36 AM

Hi,

I believe my PC is infected with malware. All kinds of strange things are happening on it. It is running very sluggish sometimes hangs. The keyboard sometimes does not allow me to type although the mouse works. The CD drive no longer ejects. I ran DDS one time and saved the logs to the desktop to only have them disappear. I was able to save them to flash drive:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Mark at 17:45:35 on 2012-10-03
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3255.2765 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2FF4A191-1B08-43AC-A5B8-4A6C6F686024} : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{69EEA09C-0A33-418A-9A80-4B6773F36C49} : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{7AA9D918-AA53-4E3F-8448-B3BDC1EFD192} : DhcpNameServer = 192.168.1.1
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\44xw4471.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-7 242240]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-29 2477304]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/07/10 19:55:37];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-6-11 217600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-12-17 27648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-15 250288]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-6-11 8733696]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-6-11 295936]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-22 106656]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-29 40776]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-5 113120]
S3 PRISM_USB;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\drivers\PRISMUSB.sys [2002-2-18 50264]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtTeam60.sys [2009-12-17 35840]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2009-12-17 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-5 1343400]
.
=============== Created Last 30 ================
.
2012-10-02 00:41:06 -------- d-----w- c:\programdata\Kaspersky Lab
2012-09-30 00:49:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-21 23:12:41 -------- d-sh--w- C:\found.001
2012-09-21 22:51:14 9573296 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-09-15 06:09:27 490496 ----a-w- c:\windows\system32\d3d10level9.dll
.
==================== Find3M ====================
.
2012-09-23 04:28:36 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-23 04:28:36 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-18 17:10:29 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 20:53:53 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-07-07 19:43:08 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
============= FINISH: 17:45:42.43 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/17/2009 9:34:13 AM
System Uptime: 10/3/2012 5:39:37 PM (0 hours ago)
.
Motherboard: ASRock | | P55 Deluxe
Processor: Intel® Core™ i5 CPU 750 @ 2.67GHz | CPUSocket | 2660/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 721.816 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP183: 7/27/2012 1:23:12 AM - Scheduled Checkpoint
RP184: 8/17/2012 5:43:07 PM - Scheduled Checkpoint
RP185: 8/18/2012 3:00:12 AM - Windows Update
RP187: 8/24/2012 2:59:28 PM - Installed EasyRecovery Professional
RP188: 9/1/2012 12:00:03 AM - Scheduled Checkpoint
RP189: 9/8/2012 7:12:50 PM - Scheduled Checkpoint
RP190: 9/14/2012 11:51:16 PM - Windows Update
RP191: 9/22/2012 12:00:03 AM - Scheduled Checkpoint
RP192: 9/22/2012 3:00:11 AM - Windows Update
RP193: 9/29/2012 7:01:00 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
ACDSee 10 Photo Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
ATI Catalyst Registration
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Collectorz.com Game Collector
Collectorz.com Movie Collector
COTM Reminder by We-Care.com v4.1.17.2
CyberLink PowerDVD 10
D-Link 11Mbps Wireless LAN for Windows
DAEMON Tools Lite
EasyRecovery Professional
eReg
Google Toolbar for Internet Explorer
Google Update Helper
Java Auto Updater
JMicron JMB36X Driver
LiveUpdate 3.3 (Symantec Corporation)
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Realtek Ethernet Diagnostic Utility
Realtek High Definition Audio Driver
SAMSUNG Intelli-studio
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Symantec Endpoint Protection
The Lord of the Rings FREE Trial
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.2
Winamp
Winamp Application Detect
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
9/29/2012 5:51:50 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
9/29/2012 5:30:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
9/29/2012 5:30:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.
9/29/2012 5:30:09 PM, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/29/2012 5:25:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
10/3/2012 5:42:44 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2012 5:40:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
10/3/2012 5:40:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/3/2012 5:40:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/3/2012 5:40:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/3/2012 5:40:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/3/2012 5:40:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl spldr sptd SRTSP SRTSPX Wanarpv6
10/3/2012 5:40:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/3/2012 5:39:38 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
10/3/2012 5:33:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
10/3/2012 5:33:39 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/3/2012 5:33:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
10/3/2012 5:29:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
.
==== End Of File ===========================

#2 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 04 October 2012 - 11:38 AM

Hi and welcome to Malwarebytes.

What happened just before these issues began? It sounds like a hardware issue to me, but let's check for malware first.

Why are you in Safe Mode? Run DDS in Normal Mode and post its log please.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 rysktkr2

rysktkr2

    New Member

  • Members
  • Pip
  • 37 posts

Posted 04 October 2012 - 05:21 PM

Logs in normal mode:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Mark at 15:08:31 on 2012-10-04
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3255.2131 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2FF4A191-1B08-43AC-A5B8-4A6C6F686024} : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{69EEA09C-0A33-418A-9A80-4B6773F36C49} : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{7AA9D918-AA53-4E3F-8448-B3BDC1EFD192} : DhcpNameServer = 192.168.1.1
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\44xw4471.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-7 242240]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/07/10 19:55:37];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-6-11 217600]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-12-17 27648]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-29 2477304]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-6-11 8733696]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-6-11 295936]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-22 106656]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-15 250288]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-29 40776]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-5 113120]
S3 PRISM_USB;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\drivers\PRISMUSB.sys [2002-2-18 50264]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtTeam60.sys [2009-12-17 35840]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2009-12-17 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-5 1343400]
.
=============== Created Last 30 ================
.
2012-10-02 00:41:06 -------- d-----w- c:\programdata\Kaspersky Lab
2012-09-30 00:49:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-21 23:12:41 -------- d-sh--w- C:\found.001
2012-09-21 22:51:14 9573296 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-09-15 06:09:27 490496 ----a-w- c:\windows\system32\d3d10level9.dll
.
==================== Find3M ====================
.
2012-09-23 04:28:36 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-23 04:28:36 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-18 17:10:29 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 20:53:53 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-07-07 19:43:08 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
============= FINISH: 15:09:22.62 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/17/2009 9:34:13 AM
System Uptime: 10/4/2012 3:05:23 PM (0 hours ago)
.
Motherboard: ASRock | | P55 Deluxe
Processor: Intel® Core™ i5 CPU 750 @ 2.67GHz | CPUSocket | 2507/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 721.826 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP183: 7/27/2012 1:23:12 AM - Scheduled Checkpoint
RP184: 8/17/2012 5:43:07 PM - Scheduled Checkpoint
RP185: 8/18/2012 3:00:12 AM - Windows Update
RP187: 8/24/2012 2:59:28 PM - Installed EasyRecovery Professional
RP188: 9/1/2012 12:00:03 AM - Scheduled Checkpoint
RP189: 9/8/2012 7:12:50 PM - Scheduled Checkpoint
RP190: 9/14/2012 11:51:16 PM - Windows Update
RP191: 9/22/2012 12:00:03 AM - Scheduled Checkpoint
RP192: 9/22/2012 3:00:11 AM - Windows Update
RP193: 9/29/2012 7:01:00 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
ACDSee 10 Photo Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
ATI Catalyst Registration
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Collectorz.com Game Collector
Collectorz.com Movie Collector
COTM Reminder by We-Care.com v4.1.17.2
CyberLink PowerDVD 10
D-Link 11Mbps Wireless LAN for Windows
DAEMON Tools Lite
EasyRecovery Professional
eReg
Google Toolbar for Internet Explorer
Google Update Helper
Java Auto Updater
JMicron JMB36X Driver
LiveUpdate 3.3 (Symantec Corporation)
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Realtek Ethernet Diagnostic Utility
Realtek High Definition Audio Driver
SAMSUNG Intelli-studio
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Symantec Endpoint Protection
The Lord of the Rings FREE Trial
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.2
Winamp
Winamp Application Detect
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
9/29/2012 5:51:50 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
9/29/2012 5:30:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
9/29/2012 5:30:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.
9/29/2012 5:30:09 PM, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/29/2012 5:25:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
10/4/2012 3:07:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
10/4/2012 3:05:24 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
10/4/2012 3:03:45 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2012 5:40:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
10/3/2012 5:40:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/3/2012 5:40:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/3/2012 5:40:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/3/2012 5:40:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/3/2012 5:40:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl spldr sptd SRTSP SRTSPX Wanarpv6
10/3/2012 5:40:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/3/2012 5:33:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
10/3/2012 5:33:39 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/3/2012 5:33:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
.
==== End Of File ===========================

#4 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 05 October 2012 - 12:01 PM

What happened just before these issues began?


Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 rysktkr2

rysktkr2

    New Member

  • Members
  • Pip
  • 37 posts

Posted 06 October 2012 - 12:36 PM

My wife and I went on vacation and one of our kids was using my PC and it got infected with ZeroAccess malware among others. At this time the PC that I am posting began having symptoms of malware. It sometimes hangs, can't type, cd no longer ejects, etc.

#6 rysktkr2

rysktkr2

    New Member

  • Members
  • Pip
  • 37 posts

Posted 06 October 2012 - 12:37 PM

Just to be more clear the PC that had ZA is networked with the PC I posted the log to on this thread.

#7 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 08 October 2012 - 11:26 PM

Hi,


Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.


If after ComboFix reboots you get a message about an "Invalid Option Registry Key Marked for Deletion," please reboot again and the error will go away.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8 rysktkr2

rysktkr2

    New Member

  • Members
  • Pip
  • 37 posts

Posted 11 October 2012 - 08:05 PM

Sorry I haven't got back to you. I have been on travel all week and don't have access to the computer. I will be back Saturday and will post logs then.

#9 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 12 October 2012 - 12:01 PM

Thanks for the update. I'll leave this topic open for you.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#10 rysktkr2

rysktkr2

    New Member

  • Members
  • Pip
  • 37 posts

Posted 13 October 2012 - 12:55 PM

Here is the log:

ComboFix 12-10-12.01 - Mark 10/13/2012 10:37:39.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3255.1910 [GMT -7:00]
Running from: F:\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-09-13 to 2012-10-13 )))))))))))))))))))))))))))))))
.
.
2012-10-13 17:41 . 2012-10-13 17:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-13 17:41 . 2012-10-13 17:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 04:39 . 2012-08-24 17:10 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 04:39 . 2012-09-14 18:30 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-02 00:41 . 2012-10-02 00:41 -------- d-----w- c:\programdata\Kaspersky Lab
2012-09-30 00:49 . 2012-09-30 00:50 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-21 23:12 . 2012-09-21 23:12 -------- d-----w- C:\found.001
2012-09-15 06:09 . 2012-08-02 17:05 490496 ----a-w- c:\windows\system32\d3d10level9.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 03:51 . 2012-07-15 20:55 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 03:51 . 2011-07-17 03:08 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-08 00:04 . 2012-06-28 03:28 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-18 17:10 . 2012-08-18 00:20 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 20:54 . 2012-07-15 20:54 53248 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-07-15 20:53 . 2012-07-15 20:53 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-09-28 03:42 . 2011-12-17 20:11 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-14 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 307200]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-29 115560]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AsrCDDrv;AsrCDDrv;c:\windows\system32\Drivers\AsrCDDrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 PRISM_USB;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\DRIVERS\PRISMUSB.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/07/10 19:55];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 03:51]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-17 18:27]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-17 18:27]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\44xw4471.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.032"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ani"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.apd"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.arw"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bay"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bmp"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bw"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cr2"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.crw"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cs1"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cur"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcr"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcx"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dib"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djv"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djvu"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dng"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.emf"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.eps"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.erf"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fff"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fpx"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.gif"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.hdr"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icl"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icn"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ico"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2725046493-622747726-3050739882-1000)
"Progid"="ACDSee 10.0.iff"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ilbm"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.int"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.inta"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iw4"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2c"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2k"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jfif"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jif"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jp2"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpc"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpe"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpeg"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpg"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpk"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpx"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.lbm"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mef"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mos"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mrw"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.nef"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.orf"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pbm"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcd"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pct"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcx"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pef"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pgm"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pic"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pict"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pix"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.png"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ppm"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psd"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psp"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pspimage"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raf"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ras"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2725046493-622747726-3050739882-1000)
"Progid"="ACDSee 10.0.raw"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgb"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgba"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rle"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rsb"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sgi"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sr2"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.srf"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tga"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.thm"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tif"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tiff"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttc"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttf"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbm"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbmp"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wmf"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xbm"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xif"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"
.
[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xpm"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-13 10:44:31
ComboFix-quarantined-files.txt 2012-10-13 17:44
ComboFix2.txt 2012-07-04 16:41
.
Pre-Run: 777,377,026,048 bytes free
Post-Run: 777,675,153,408 bytes free
.
- - End Of File - - E8B13B9889C5E6CFB86D41BA8805AF2A

#11 rysktkr2

rysktkr2

    New Member

  • Members
  • Pip
  • 37 posts

Posted 15 October 2012 - 01:20 PM

Not sure why font size came out so small so I will repost
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/17/2009 9:34:13 AM
System Uptime: 10/14/2012 3:41:12 PM (20 hours ago)
.
Motherboard: ASRock | | P55 Deluxe
Processor: Intel® Core™ i5 CPU 750 @ 2.67GHz | CPUSocket | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 724.745 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP188: 9/1/2012 12:00:03 AM - Scheduled Checkpoint
RP189: 9/8/2012 7:12:50 PM - Scheduled Checkpoint
RP190: 9/14/2012 11:51:16 PM - Windows Update
RP191: 9/22/2012 12:00:03 AM - Scheduled Checkpoint
RP192: 9/22/2012 3:00:11 AM - Windows Update
RP193: 9/29/2012 7:01:00 PM - Scheduled Checkpoint
RP194: 10/7/2012 12:00:04 AM - Scheduled Checkpoint
RP195: 10/10/2012 3:00:12 AM - Windows Update
RP197: 10/13/2012 10:36:08 AM - ComboFix created restore point
RP198: 10/14/2012 3:00:10 AM - Windows Update
.
==== Installed Programs ======================
.
ACDSee 10 Photo Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
ATI Catalyst Registration
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Collectorz.com Game Collector
Collectorz.com Movie Collector
COTM Reminder by We-Care.com v4.1.17.2
CyberLink PowerDVD 10
D-Link 11Mbps Wireless LAN for Windows
DAEMON Tools Lite
EasyRecovery Professional
eReg
Google Toolbar for Internet Explorer
Google Update Helper
Java Auto Updater
JMicron JMB36X Driver
LiveUpdate 3.3 (Symantec Corporation)
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Realtek Ethernet Diagnostic Utility
Realtek High Definition Audio Driver
SAMSUNG Intelli-studio
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Symantec Endpoint Protection
The Lord of the Rings FREE Trial
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.2
Winamp
Winamp Application Detect
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
10/14/2012 4:02:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
10/14/2012 4:02:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.
10/14/2012 4:02:43 PM, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/14/2012 3:42:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
10/14/2012 3:41:13 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
10/14/2012 3:40:40 PM, Error: Service Control Manager [7023] -
10/14/2012 3:38:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SmcService service.
10/14/2012 3:37:46 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
10/14/2012 3:35:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
10/13/2012 11:07:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004004: Security Update for Windows 7 (KB2731847).
10/13/2012 10:41:49 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Mark at 11:14:31 on 2012-10-15
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3255.2263 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{2FF4A191-1B08-43AC-A5B8-4A6C6F686024} : DhcpNameServer = 192.168.1.1 68.238.64.12
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\44xw4471.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-7 242240]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/07/10 19:55:37];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-6-11 217600]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-12-17 27648]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-29 2477304]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-6-11 8733696]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-6-11 295936]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-22 106656]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-15 250808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-29 40776]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-5 113120]
S3 PRISM_USB;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\drivers\PRISMUSB.sys [2002-2-18 50264]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtTeam60.sys [2009-12-17 35840]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2009-12-17 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-5 1343400]
.
=============== Created Last 30 ================
.
2012-10-13 17:44:15 -------- d-sh--w- C:\$RECYCLE.BIN
2012-10-10 04:39:29 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 04:39:22 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-02 00:41:06 -------- d-----w- c:\programdata\Kaspersky Lab
2012-09-30 00:49:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-21 23:12:41 -------- d-----w- C:\found.001
.
==================== Find3M ====================
.
2012-10-09 03:51:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 03:51:16 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 17:21:56 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:18:33 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:18:33 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-18 11:23:05 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-18 11:21:20 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-18 11:18:47 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-18 09:07:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-10 23:54:04 541184 ----a-w- c:\windows\system32\kerberos.dll
2012-08-02 17:05:42 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-18 17:10:29 2344448 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 11:15:13.18 ===============


#12 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 16 October 2012 - 11:52 AM

Hi,

Run TFC by OldTimer to clear temporary files:
  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.



  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).
The log is like UtilityName.Version_Date_Time_log.txt.
for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.



Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Export the threats found (if any), and post them here.


Next, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.



Next, download my Security Check from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#13 rysktkr2

rysktkr2

    New Member

  • Members
  • Pip
  • 37 posts

Posted 16 October 2012 - 04:49 PM

Eset did not detect any threats. Stills seems to be running slugish but I am able to type now and am able to open CD tray.


13:13:12.0702 3016 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
13:13:13.0186 3016 ============================================================
13:13:13.0186 3016 Current date / time: 2012/10/16 13:13:13.0186
13:13:13.0186 3016 SystemInfo:
13:13:13.0186 3016
13:13:13.0186 3016 OS Version: 6.1.7600 ServicePack: 0.0
13:13:13.0186 3016 Product type: Workstation
13:13:13.0186 3016 ComputerName: DSHTPC
13:13:13.0186 3016 UserName: Mark
13:13:13.0186 3016 Windows directory: C:\Windows
13:13:13.0186 3016 System windows directory: C:\Windows
13:13:13.0186 3016 Processor architecture: Intel x86
13:13:13.0186 3016 Number of processors: 4
13:13:13.0202 3016 Page size: 0x1000
13:13:13.0202 3016 Boot type: Normal boot
13:13:13.0202 3016 ============================================================
13:13:14.0514 3016 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:13:14.0514 3016 Drive \Device\Harddisk1\DR1 - Size: 0x7AC00000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:13:14.0514 3016 ============================================================
13:13:14.0514 3016 \Device\Harddisk0\DR0:
13:13:14.0514 3016 MBR partitions:
13:13:14.0514 3016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:13:14.0514 3016 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
13:13:14.0514 3016 \Device\Harddisk1\DR1:
13:13:14.0514 3016 MBR partitions:
13:13:14.0514 3016 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0xF3, BlocksNum 0x3D5F0D
13:13:14.0514 3016 ============================================================
13:13:14.0545 3016 C: <-> \Device\Harddisk0\DR0\Partition2
13:13:14.0545 3016 ============================================================
13:13:14.0545 3016 Initialize success
13:13:14.0545 3016 ============================================================
13:13:54.0608 3244 ============================================================
13:13:54.0608 3244 Scan started
13:13:54.0608 3244 Mode: Manual;
13:13:54.0608 3244 ============================================================
13:13:54.0842 3244 ================ Scan system memory ========================
13:13:54.0842 3244 System memory - ok
13:13:54.0842 3244 ================ Scan services =============================
13:13:54.0967 3244 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
13:13:54.0967 3244 1394ohci - ok
13:13:54.0999 3244 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
13:13:54.0999 3244 ACPI - ok
13:13:55.0014 3244 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
13:13:55.0030 3244 AcpiPmi - ok
13:13:55.0108 3244 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:13:55.0108 3244 AdobeFlashPlayerUpdateSvc - ok
13:13:55.0139 3244 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:13:55.0170 3244 adp94xx - ok
13:13:55.0186 3244 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:13:55.0202 3244 adpahci - ok
13:13:55.0217 3244 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:13:55.0233 3244 adpu320 - ok
13:13:55.0249 3244 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:13:55.0249 3244 AeLookupSvc - ok
13:13:55.0280 3244 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
13:13:55.0280 3244 AFD - ok
13:13:55.0280 3244 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
13:13:55.0295 3244 agp440 - ok
13:13:55.0295 3244 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
13:13:55.0295 3244 aic78xx - ok
13:13:55.0327 3244 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
13:13:55.0358 3244 ALG - ok
13:13:55.0358 3244 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
13:13:55.0374 3244 aliide - ok
13:13:55.0405 3244 [ B90A4332CF4C6580C845266A656DE4AB ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:13:55.0405 3244 AMD External Events Utility - ok
13:13:55.0405 3244 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
13:13:55.0420 3244 amdagp - ok
13:13:55.0436 3244 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
13:13:55.0452 3244 amdide - ok
13:13:55.0467 3244 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:13:55.0467 3244 AmdK8 - ok
13:13:55.0655 3244 [ 7844984A5E1E6F18D93AF9E9BCC65436 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:13:55.0795 3244 amdkmdag - ok
13:13:55.0811 3244 [ 202DEF509D76105B08741D36C3A7E4D7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:13:55.0811 3244 amdkmdap - ok
13:13:55.0842 3244 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:13:55.0842 3244 AmdPPM - ok
13:13:55.0889 3244 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:13:55.0905 3244 amdsata - ok
13:13:55.0920 3244 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:13:55.0936 3244 amdsbs - ok
13:13:55.0952 3244 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:13:55.0952 3244 amdxata - ok
13:13:55.0967 3244 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
13:13:55.0967 3244 AppID - ok
13:13:55.0999 3244 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:13:56.0014 3244 AppIDSvc - ok
13:13:56.0045 3244 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
13:13:56.0045 3244 Appinfo - ok
13:13:56.0077 3244 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
13:13:56.0092 3244 AppMgmt - ok
13:13:56.0108 3244 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
13:13:56.0124 3244 arc - ok
13:13:56.0139 3244 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:13:56.0155 3244 arcsas - ok
13:13:56.0170 3244 AsrCDDrv - ok
13:13:56.0186 3244 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:13:56.0202 3244 AsyncMac - ok
13:13:56.0217 3244 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
13:13:56.0217 3244 atapi - ok
13:13:56.0264 3244 [ 6ADC42CF4A6AB84975CA63DCCFAAF5D8 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
13:13:56.0264 3244 AtiHDAudioService - ok
13:13:56.0280 3244 [ 36A49B49E982450AC117EDA6AB35BDF5 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
13:13:56.0295 3244 AtiHdmiService - ok
13:13:56.0452 3244 [ 7844984A5E1E6F18D93AF9E9BCC65436 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:13:56.0483 3244 atikmdag - ok
13:13:56.0514 3244 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:13:56.0514 3244 AudioEndpointBuilder - ok
13:13:56.0514 3244 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:13:56.0514 3244 Audiosrv - ok
13:13:56.0530 3244 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:13:56.0530 3244 AxInstSV - ok
13:13:56.0561 3244 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
13:13:56.0561 3244 b06bdrv - ok
13:13:56.0592 3244 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
13:13:56.0608 3244 b57nd60x - ok
13:13:56.0639 3244 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
13:13:56.0655 3244 BDESVC - ok
13:13:56.0670 3244 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
13:13:56.0670 3244 Beep - ok
13:13:56.0686 3244 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
13:13:56.0702 3244 BFE - ok
13:13:56.0733 3244 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll
13:13:56.0764 3244 BITS - ok
13:13:56.0780 3244 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:13:56.0780 3244 blbdrive - ok
13:13:56.0827 3244 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:13:56.0827 3244 bowser - ok
13:13:56.0842 3244 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:13:56.0858 3244 BrFiltLo - ok
13:13:56.0858 3244 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:13:56.0874 3244 BrFiltUp - ok
13:13:56.0920 3244 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:13:56.0936 3244 BridgeMP - ok
13:13:56.0983 3244 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
13:13:56.0983 3244 Browser - ok
13:13:56.0999 3244 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:13:57.0014 3244 Brserid - ok
13:13:57.0014 3244 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:13:57.0030 3244 BrSerWdm - ok
13:13:57.0045 3244 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:13:57.0045 3244 BrUsbMdm - ok
13:13:57.0061 3244 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:13:57.0077 3244 BrUsbSer - ok
13:13:57.0092 3244 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:13:57.0092 3244 BTHMODEM - ok
13:13:57.0139 3244 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
13:13:57.0155 3244 bthserv - ok
13:13:57.0202 3244 catchme - ok
13:13:57.0264 3244 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
13:13:57.0280 3244 ccEvtMgr - ok
13:13:57.0280 3244 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
13:13:57.0280 3244 ccSetMgr - ok
13:13:57.0295 3244 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:13:57.0311 3244 cdfs - ok
13:13:57.0327 3244 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:13:57.0327 3244 cdrom - ok
13:13:57.0342 3244 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
13:13:57.0358 3244 CertPropSvc - ok
13:13:57.0358 3244 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:13:57.0374 3244 circlass - ok
13:13:57.0405 3244 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
13:13:57.0405 3244 CLFS - ok
13:13:57.0436 3244 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:13:57.0483 3244 clr_optimization_v2.0.50727_32 - ok
13:13:57.0577 3244 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:13:57.0577 3244 clr_optimization_v4.0.30319_32 - ok
13:13:57.0592 3244 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:13:57.0608 3244 CmBatt - ok
13:13:57.0608 3244 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
13:13:57.0624 3244 cmdide - ok
13:13:57.0670 3244 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
13:13:57.0670 3244 CNG - ok
13:13:57.0670 3244 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:13:57.0686 3244 Compbatt - ok
13:13:57.0702 3244 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:13:57.0702 3244 CompositeBus - ok
13:13:57.0702 3244 COMSysApp - ok
13:13:57.0702 3244 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:13:57.0717 3244 crcdisk - ok
13:13:57.0764 3244 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:13:57.0780 3244 CryptSvc - ok
13:13:57.0811 3244 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
13:13:57.0811 3244 CSC - ok
13:13:57.0827 3244 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
13:13:57.0842 3244 CscService - ok
13:13:57.0874 3244 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
13:13:57.0889 3244 DcomLaunch - ok
13:13:57.0905 3244 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
13:13:57.0936 3244 defragsvc - ok
13:13:57.0967 3244 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:13:57.0967 3244 DfsC - ok
13:13:57.0999 3244 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:13:57.0999 3244 Dhcp - ok
13:13:58.0014 3244 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
13:13:58.0014 3244 discache - ok
13:13:58.0045 3244 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:13:58.0045 3244 Disk - ok
13:13:58.0061 3244 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:13:58.0077 3244 Dnscache - ok
13:13:58.0077 3244 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
13:13:58.0108 3244 dot3svc - ok
13:13:58.0124 3244 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
13:13:58.0124 3244 DPS - ok
13:13:58.0155 3244 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:13:58.0186 3244 drmkaud - ok
13:13:58.0249 3244 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:13:58.0249 3244 dtsoftbus01 - ok
13:13:58.0295 3244 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:13:58.0295 3244 DXGKrnl - ok
13:13:58.0311 3244 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
13:13:58.0311 3244 EapHost - ok
13:13:58.0389 3244 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
13:13:58.0545 3244 ebdrv - ok
13:13:58.0608 3244 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:13:58.0608 3244 eeCtrl - ok
13:13:58.0639 3244 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
13:13:58.0639 3244 EFS - ok
13:13:58.0702 3244 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:13:58.0795 3244 ehRecvr - ok
13:13:58.0827 3244 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
13:13:58.0874 3244 ehSched - ok
13:13:58.0905 3244 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:13:58.0936 3244 elxstor - ok
13:13:58.0999 3244 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:13:58.0999 3244 EraserUtilRebootDrv - ok
13:13:59.0030 3244 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
13:13:59.0030 3244 ErrDev - ok
13:13:59.0077 3244 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
13:13:59.0092 3244 EventSystem - ok
13:13:59.0124 3244 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
13:13:59.0139 3244 exfat - ok
13:13:59.0155 3244 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:13:59.0155 3244 fastfat - ok
13:13:59.0170 3244 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
13:13:59.0186 3244 Fax - ok
13:13:59.0186 3244 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:13:59.0202 3244 fdc - ok
13:13:59.0217 3244 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
13:13:59.0217 3244 fdPHost - ok
13:13:59.0217 3244 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
13:13:59.0233 3244 FDResPub - ok
13:13:59.0249 3244 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:13:59.0249 3244 FileInfo - ok
13:13:59.0264 3244 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:13:59.0280 3244 Filetrace - ok
13:13:59.0280 3244 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:13:59.0311 3244 flpydisk - ok
13:13:59.0327 3244 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:13:59.0327 3244 FltMgr - ok
13:13:59.0358 3244 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
13:13:59.0374 3244 FontCache - ok
13:13:59.0420 3244 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:13:59.0420 3244 FontCache3.0.0.0 - ok
13:13:59.0436 3244 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:13:59.0436 3244 FsDepends - ok
13:13:59.0452 3244 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:13:59.0452 3244 Fs_Rec - ok
13:13:59.0483 3244 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:13:59.0483 3244 fvevol - ok
13:13:59.0499 3244 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:13:59.0514 3244 gagp30kx - ok
13:13:59.0545 3244 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
13:13:59.0545 3244 gpsvc - ok
13:13:59.0608 3244 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:13:59.0608 3244 gupdate - ok
13:13:59.0624 3244 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:13:59.0624 3244 gupdatem - ok
13:13:59.0670 3244 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:13:59.0670 3244 gusvc - ok
13:13:59.0702 3244 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:13:59.0717 3244 hcw85cir - ok
13:13:59.0749 3244 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:13:59.0764 3244 HdAudAddService - ok
13:13:59.0795 3244 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:13:59.0795 3244 HDAudBus - ok
13:13:59.0811 3244 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:13:59.0827 3244 HidBatt - ok
13:13:59.0842 3244 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:13:59.0842 3244 HidBth - ok
13:13:59.0858 3244 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:13:59.0874 3244 HidIr - ok
13:13:59.0874 3244 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
13:13:59.0889 3244 hidserv - ok
13:13:59.0889 3244 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:13:59.0889 3244 HidUsb - ok
13:13:59.0905 3244 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:13:59.0905 3244 hkmsvc - ok
13:13:59.0936 3244 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:13:59.0936 3244 HomeGroupListener - ok
13:13:59.0983 3244 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:13:59.0983 3244 HomeGroupProvider - ok
13:13:59.0999 3244 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
13:14:00.0014 3244 HpSAMD - ok
13:14:00.0045 3244 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:14:00.0045 3244 HTTP - ok
13:14:00.0077 3244 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:14:00.0077 3244 hwpolicy - ok
13:14:00.0092 3244 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:14:00.0108 3244 i8042prt - ok
13:14:00.0139 3244 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:14:00.0170 3244 iaStorV - ok
13:14:00.0217 3244 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:14:00.0295 3244 idsvc - ok
13:14:00.0327 3244 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:14:00.0342 3244 iirsp - ok
13:14:00.0374 3244 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
13:14:00.0374 3244 IKEEXT - ok
13:14:00.0483 3244 [ 5CEEF2CCCB4FE00D3FFBFEB12BCFA07F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:14:00.0514 3244 IntcAzAudAddService - ok
13:14:00.0514 3244 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
13:14:00.0530 3244 intelide - ok
13:14:00.0545 3244 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:14:00.0545 3244 intelppm - ok
13:14:00.0561 3244 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:14:00.0577 3244 IPBusEnum - ok
13:14:00.0592 3244 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:14:00.0592 3244 IpFilterDriver - ok
13:14:00.0608 3244 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:14:00.0608 3244 iphlpsvc - ok
13:14:00.0624 3244 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:14:00.0639 3244 IPMIDRV - ok
13:14:00.0655 3244 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:14:00.0655 3244 IPNAT - ok
13:14:00.0686 3244 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:14:00.0686 3244 IRENUM - ok
13:14:00.0686 3244 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
13:14:00.0702 3244 isapnp - ok
13:14:00.0717 3244 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:14:00.0733 3244 iScsiPrt - ok
13:14:00.0749 3244 [ 484836413C2348244C8008C962240C8D ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
13:14:00.0749 3244 JRAID - ok
13:14:00.0764 3244 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:14:00.0764 3244 kbdclass - ok
13:14:00.0780 3244 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:14:00.0780 3244 kbdhid - ok
13:14:00.0795 3244 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
13:14:00.0795 3244 KeyIso - ok
13:14:00.0827 3244 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:14:00.0827 3244 KSecDD - ok
13:14:00.0874 3244 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:14:00.0874 3244 KSecPkg - ok
13:14:00.0920 3244 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
13:14:00.0952 3244 KtmRm - ok
13:14:00.0999 3244 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll
13:14:00.0999 3244 LanmanServer - ok
13:14:01.0030 3244 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:14:01.0030 3244 LanmanWorkstation - ok
13:14:01.0124 3244 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
13:14:01.0155 3244 LBTServ - ok
13:14:01.0202 3244 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:14:01.0202 3244 LHidFilt - ok
13:14:01.0295 3244 [ 010FD2B41E75A98E3A4D23F44405F5C9 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
13:14:01.0327 3244 LiveUpdate - ok
13:14:01.0342 3244 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:14:01.0342 3244 lltdio - ok
13:14:01.0358 3244 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:14:01.0389 3244 lltdsvc - ok
13:14:01.0389 3244 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
13:14:01.0389 3244 lmhosts - ok
13:14:01.0405 3244 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:14:01.0405 3244 LMouFilt - ok
13:14:01.0452 3244 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:14:01.0452 3244 LSI_FC - ok
13:14:01.0467 3244 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:14:01.0483 3244 LSI_SAS - ok
13:14:01.0499 3244 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:14:01.0514 3244 LSI_SAS2 - ok
13:14:01.0530 3244 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:14:01.0545 3244 LSI_SCSI - ok
13:14:01.0561 3244 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
13:14:01.0561 3244 luafv - ok
13:14:01.0608 3244 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
13:14:01.0624 3244 MBAMSwissArmy - ok
13:14:01.0655 3244 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:14:01.0670 3244 Mcx2Svc - ok
13:14:01.0686 3244 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:14:01.0702 3244 megasas - ok
13:14:01.0717 3244 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:14:01.0733 3244 MegaSR - ok
13:14:01.0749 3244 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
13:14:01.0749 3244 MMCSS - ok
13:14:01.0780 3244 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
13:14:01.0780 3244 Modem - ok
13:14:01.0795 3244 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:14:01.0795 3244 monitor - ok
13:14:01.0811 3244 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:14:01.0811 3244 mouclass - ok
13:14:01.0827 3244 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:14:01.0827 3244 mouhid - ok
13:14:01.0858 3244 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:14:01.0858 3244 mountmgr - ok
13:14:01.0889 3244 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:14:01.0905 3244 Suspicious file (Forged): C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe. Real md5: 15D5398EED42C2504BB3D4FC875C15D1, Fake md5: 7BE95894F0C854C987B96F8BB6B196DA
13:14:01.0905 3244 MozillaMaintenance ( ForgedFile.Multi.Generic ) - warning
13:14:01.0905 3244 MozillaMaintenance - detected ForgedFile.Multi.Generic (1)
13:14:01.0920 3244 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
13:14:01.0936 3244 mpio - ok
13:14:01.0952 3244 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:14:01.0952 3244 mpsdrv - ok
13:14:01.0983 3244 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
13:14:01.0983 3244 MpsSvc - ok
13:14:01.0999 3244 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:14:02.0014 3244 MRxDAV - ok
13:14:02.0061 3244 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:14:02.0061 3244 mrxsmb - ok
13:14:02.0077 3244 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:14:02.0092 3244 mrxsmb10 - ok
13:14:02.0108 3244 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:14:02.0108 3244 mrxsmb20 - ok
13:14:02.0124 3244 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
13:14:02.0139 3244 msahci - ok
13:14:02.0139 3244 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
13:14:02.0155 3244 msdsm - ok
13:14:02.0186 3244 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
13:14:02.0217 3244 MSDTC - ok
13:14:02.0233 3244 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:14:02.0233 3244 Msfs - ok
13:14:02.0249 3244 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:14:02.0249 3244 mshidkmdf - ok
13:14:02.0249 3244 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
13:14:02.0249 3244 msisadrv - ok
13:14:02.0280 3244 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:14:02.0295 3244 MSiSCSI - ok
13:14:02.0295 3244 msiserver - ok
13:14:02.0311 3244 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:14:02.0327 3244 MSKSSRV - ok
13:14:02.0342 3244 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:14:02.0342 3244 MSPCLOCK - ok
13:14:02.0342 3244 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:14:02.0358 3244 MSPQM - ok
13:14:02.0358 3244 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:14:02.0358 3244 MsRPC - ok
13:14:02.0374 3244 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:14:02.0374 3244 mssmbios - ok
13:14:02.0374 3244 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:14:02.0374 3244 MSTEE - ok
13:14:02.0389 3244 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:14:02.0389 3244 MTConfig - ok
13:14:02.0420 3244 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
13:14:02.0420 3244 Mup - ok
13:14:02.0452 3244 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
13:14:02.0467 3244 napagent - ok
13:14:02.0499 3244 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:14:02.0499 3244 NativeWifiP - ok
13:14:02.0608 3244 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121015.002\NAVENG.SYS
13:14:02.0608 3244 NAVENG - ok
13:14:02.0670 3244 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121015.002\NAVEX15.SYS
13:14:02.0686 3244 NAVEX15 - ok
13:14:02.0717 3244 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:14:02.0717 3244 NDIS - ok
13:14:02.0733 3244 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:14:02.0749 3244 NdisCap - ok
13:14:02.0780 3244 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:14:02.0780 3244 NdisTapi - ok
13:14:02.0795 3244 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:14:02.0795 3244 Ndisuio - ok
13:14:02.0795 3244 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:14:02.0795 3244 NdisWan - ok
13:14:02.0811 3244 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:14:02.0811 3244 NDProxy - ok
13:14:02.0811 3244 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:14:02.0811 3244 NetBIOS - ok
13:14:02.0827 3244 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:14:02.0827 3244 NetBT - ok
13:14:02.0842 3244 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
13:14:02.0842 3244 Netlogon - ok
13:14:02.0874 3244 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
13:14:02.0889 3244 Netman - ok
13:14:02.0905 3244 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
13:14:02.0905 3244 netprofm - ok
13:14:02.0952 3244 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:14:02.0967 3244 NetTcpPortSharing - ok
13:14:02.0967 3244 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:14:02.0983 3244 nfrd960 - ok
13:14:02.0999 3244 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
13:14:03.0014 3244 NlaSvc - ok
13:14:03.0014 3244 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:14:03.0030 3244 Npfs - ok
13:14:03.0030 3244 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
13:14:03.0045 3244 nsi - ok
13:14:03.0045 3244 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:14:03.0045 3244 nsiproxy - ok
13:14:03.0108 3244 [ 5126C5402C730C2A953275D8497A4715 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:14:03.0124 3244 Ntfs - ok
13:14:03.0139 3244 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
13:14:03.0139 3244 Null - ok
13:14:03.0155 3244 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:14:03.0170 3244 nvraid - ok
13:14:03.0217 3244 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:14:03.0233 3244 nvstor - ok
13:14:03.0249 3244 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
13:14:03.0264 3244 nv_agp - ok
13:14:03.0280 3244 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:14:03.0280 3244 ohci1394 - ok
13:14:03.0311 3244 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:14:03.0311 3244 p2pimsvc - ok
13:14:03.0327 3244 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
13:14:03.0342 3244 p2psvc - ok
13:14:03.0358 3244 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:14:03.0358 3244 Parport - ok
13:14:03.0389 3244 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:14:03.0389 3244 partmgr - ok
13:14:03.0405 3244 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:14:03.0420 3244 Parvdm - ok
13:14:03.0436 3244 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:14:03.0436 3244 PcaSvc - ok
13:14:03.0452 3244 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
13:14:03.0467 3244 pci - ok
13:14:03.0483 3244 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
13:14:03.0483 3244 pciide - ok
13:14:03.0499 3244 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:14:03.0514 3244 pcmcia - ok
13:14:03.0530 3244 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
13:14:03.0530 3244 pcw - ok
13:14:03.0545 3244 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:14:03.0561 3244 PEAUTH - ok
13:14:03.0592 3244 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:14:03.0639 3244 PeerDistSvc - ok
13:14:03.0686 3244 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
13:14:03.0733 3244 pla - ok
13:14:03.0780 3244 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:14:03.0780 3244 PlugPlay - ok
13:14:03.0795 3244 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:14:03.0811 3244 PNRPAutoReg - ok
13:14:03.0811 3244 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:14:03.0811 3244 PNRPsvc - ok
13:14:03.0842 3244 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:14:03.0858 3244 PolicyAgent - ok
13:14:03.0889 3244 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
13:14:03.0889 3244 Power - ok
13:14:03.0920 3244 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:14:03.0920 3244 PptpMiniport - ok
13:14:03.0967 3244 [ 46A7BB412D7F0BA1813FC191D460F991 ] PRISM_USB C:\Windows\system32\DRIVERS\PRISMUSB.sys
13:14:03.0983 3244 PRISM_USB - ok
13:14:04.0014 3244 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:14:04.0030 3244 Processor - ok
13:14:04.0061 3244 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
13:14:04.0077 3244 ProfSvc - ok
13:14:04.0077 3244 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:14:04.0077 3244 ProtectedStorage - ok
13:14:04.0108 3244 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:14:04.0108 3244 Psched - ok
13:14:04.0155 3244 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:14:04.0202 3244 ql2300 - ok
13:14:04.0217 3244 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:14:04.0249 3244 ql40xx - ok
13:14:04.0264 3244 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
13:14:04.0280 3244 QWAVE - ok
13:14:04.0295 3244 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:14:04.0295 3244 QWAVEdrv - ok
13:14:04.0311 3244 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:14:04.0311 3244 RasAcd - ok
13:14:04.0327 3244 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:14:04.0327 3244 RasAgileVpn - ok
13:14:04.0327 3244 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
13:14:04.0342 3244 RasAuto - ok
13:14:04.0358 3244 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:14:04.0358 3244 Rasl2tp - ok
13:14:04.0374 3244 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
13:14:04.0374 3244 RasMan - ok
13:14:04.0374 3244 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:14:04.0374 3244 RasPppoe - ok
13:14:04.0405 3244 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:14:04.0405 3244 RasSstp - ok
13:14:04.0420 3244 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:14:04.0420 3244 rdbss - ok
13:14:04.0436 3244 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:14:04.0452 3244 rdpbus - ok
13:14:04.0452 3244 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:14:04.0452 3244 RDPCDD - ok
13:14:04.0483 3244 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:14:04.0499 3244 RDPDR - ok
13:14:04.0514 3244 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:14:04.0514 3244 RDPENCDD - ok
13:14:04.0530 3244 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:14:04.0530 3244 RDPREFMP - ok
13:14:04.0561 3244 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:14:04.0577 3244 RDPWD - ok
13:14:04.0608 3244 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:14:04.0608 3244 rdyboost - ok
13:14:04.0639 3244 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
13:14:04.0639 3244 RemoteAccess - ok
13:14:04.0655 3244 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:14:04.0655 3244 RemoteRegistry - ok
13:14:04.0670 3244 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:14:04.0670 3244 RpcEptMapper - ok
13:14:04.0686 3244 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
13:14:04.0717 3244 RpcLocator - ok
13:14:04.0764 3244 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
13:14:04.0764 3244 RpcSs - ok
13:14:04.0780 3244 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:14:04.0780 3244 rspndr - ok
13:14:04.0780 3244 RTHDMIAzAudService - ok
13:14:04.0827 3244 [ 3983CEA05BB855351D75F5482B6C42CE ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
13:14:04.0827 3244 RTL8167 - ok
13:14:04.0858 3244 [ F2FEC929E9FA9902F0BB52A4522068D4 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
13:14:04.0858 3244 RtNdPt60 - ok
13:14:04.0874 3244 [ 2E87C315ACC3F60905BC3F24288F53D6 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys
13:14:04.0889 3244 RTTEAMPT - ok
13:14:04.0905 3244 [ E6472A4007FB17D27D4091ABD657A291 ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan60.sys
13:14:04.0920 3244 RTVLANPT - ok
13:14:04.0936 3244 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
13:14:04.0936 3244 s3cap - ok
13:14:04.0936 3244 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
13:14:04.0936 3244 SamSs - ok
13:14:04.0967 3244 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
13:14:04.0983 3244 sbp2port - ok
13:14:04.0999 3244 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:14:05.0014 3244 SCardSvr - ok
13:14:05.0014 3244 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:14:05.0030 3244 scfilter - ok
13:14:05.0077 3244 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
13:14:05.0077 3244 Schedule - ok
13:14:05.0092 3244 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:14:05.0092 3244 SCPolicySvc - ok
13:14:05.0108 3244 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:14:05.0124 3244 SDRSVC - ok
13:14:05.0139 3244 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:14:05.0139 3244 secdrv - ok
13:14:05.0155 3244 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
13:14:05.0155 3244 seclogon - ok
13:14:05.0170 3244 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
13:14:05.0170 3244 SENS - ok
13:14:05.0202 3244 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:14:05.0217 3244 SensrSvc - ok
13:14:05.0217 3244 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:14:05.0217 3244 Serenum - ok
13:14:05.0249 3244 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:14:05.0249 3244 Serial - ok
13:14:05.0264 3244 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:14:05.0280 3244 sermouse - ok
13:14:05.0295 3244 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
13:14:05.0311 3244 SessionEnv - ok
13:14:05.0327 3244 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
13:14:05.0327 3244 sffdisk - ok
13:14:05.0358 3244 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:14:05.0374 3244 sffp_mmc - ok
13:14:05.0374 3244 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
13:14:05.0389 3244 sffp_sd - ok
13:14:05.0405 3244 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:14:05.0420 3244 sfloppy - ok
13:14:05.0452 3244 [ ABD45D0857BBBB12075F53243DA2AA41 ] SGHIDI C:\Windows\system32\drivers\TG_iMON.sys
13:14:05.0467 3244 SGHIDI - ok
13:14:05.0483 3244 [ 532F78BA55B3C8556C8998CB59A00471 ] SGIR C:\Windows\system32\drivers\iMON_PAD.sys
13:14:05.0499 3244 SGIR - ok
13:14:05.0514 3244 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:14:05.0514 3244 SharedAccess - ok
13:14:05.0530 3244 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:14:05.0530 3244 ShellHWDetection - ok
13:14:05.0545 3244 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
13:14:05.0561 3244 sisagp - ok
13:14:05.0577 3244 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:14:05.0592 3244 SiSRaid2 - ok
13:14:05.0608 3244 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:14:05.0624 3244 SiSRaid4 - ok
13:14:05.0655 3244 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:14:05.0670 3244 Smb - ok
13:14:05.0749 3244 [ A58C1A086D9C09C6572C948F22CC0E94 ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
13:14:05.0795 3244 SmcService - ok
13:14:05.0842 3244 [ D2C222441255131E29DE351475F98F6D ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
13:14:05.0905 3244 SNAC - ok
13:14:05.0952 3244 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:14:05.0952 3244 SNMPTRAP - ok
13:14:05.0999 3244 [ E621BB5839CF45FA477F48092EDD2B40 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
13:14:06.0030 3244 SPBBCDrv - ok
13:14:06.0061 3244 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
13:14:06.0061 3244 spldr - ok
13:14:06.0108 3244 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
13:14:06.0108 3244 Spooler - ok
13:14:06.0186 3244 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
13:14:06.0249 3244 sppsvc - ok
13:14:06.0264 3244 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:14:06.0280 3244 sppuinotify - ok
13:14:06.0295 3244 [ D390675B8CE45E5FB359338E5E649329 ] sptd C:\Windows\system32\Drivers\sptd.sys
13:14:06.0311 3244 sptd - ok
13:14:06.0311 3244 [ 2ABF82C8452AB0B9FFC74A2D5DA91989 ] SRTSP C:\Windows\system32\Drivers\SRTSP.SYS
13:14:06.0327 3244 SRTSP - ok
13:14:06.0327 3244 [ E2F9E5887BEA5BD8784D337E06EDA31B ] SRTSPL C:\Windows\system32\Drivers\SRTSPL.SYS
13:14:06.0342 3244 SRTSPL - ok
13:14:06.0342 3244 [ 3B974C158FABD910186F98DF8D3E23F3 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX.SYS
13:14:06.0358 3244 SRTSPX - ok
13:14:06.0389 3244 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:14:06.0389 3244 srv - ok
13:14:06.0405 3244 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:14:06.0405 3244 srv2 - ok
13:14:06.0436 3244 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:14:06.0436 3244 srvnet - ok
13:14:06.0452 3244 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:14:06.0467 3244 SSDPSRV - ok
13:14:06.0467 3244 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:14:06.0483 3244 SstpSvc - ok
13:14:06.0499 3244 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:14:06.0514 3244 stexstor - ok
13:14:06.0545 3244 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
13:14:06.0561 3244 StiSvc - ok
13:14:06.0592 3244 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
13:14:06.0592 3244 storflt - ok
13:14:06.0608 3244 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
13:14:06.0624 3244 storvsc - ok
13:14:06.0655 3244 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:14:06.0655 3244 swenum - ok
13:14:06.0670 3244 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
13:14:06.0670 3244 swprv - ok
13:14:06.0733 3244 [ BA2FB8F8AB24D0279CAA98A4C118150E ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
13:14:06.0749 3244 Symantec AntiVirus - ok
13:14:06.0749 3244 [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
13:14:06.0764 3244 SymEvent - ok
13:14:06.0780 3244 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
13:14:06.0795 3244 SysMain - ok
13:14:06.0795 3244 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:14:06.0811 3244 TabletInputService - ok
13:14:06.0811 3244 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
13:14:06.0827 3244 TapiSrv - ok
13:14:06.0842 3244 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
13:14:06.0842 3244 TBS - ok
13:14:06.0889 3244 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:14:06.0905 3244 Tcpip - ok
13:14:06.0936 3244 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:14:06.0952 3244 TCPIP6 - ok
13:14:06.0967 3244 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:14:06.0967 3244 tcpipreg - ok
13:14:06.0983 3244 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:14:06.0999 3244 TDPIPE - ok
13:14:07.0045 3244 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:14:07.0061 3244 TDTCP - ok
13:14:07.0077 3244 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:14:07.0077 3244 tdx - ok
13:14:07.0077 3244 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:14:07.0077 3244 TermDD - ok
13:14:07.0108 3244 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
13:14:07.0139 3244 TermService - ok
13:14:07.0155 3244 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
13:14:07.0155 3244 Themes - ok
13:14:07.0155 3244 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
13:14:07.0155 3244 THREADORDER - ok
13:14:07.0170 3244 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
13:14:07.0170 3244 TrkWks - ok
13:14:07.0202 3244 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:14:07.0217 3244 TrustedInstaller - ok
13:14:07.0217 3244 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:14:07.0233 3244 tssecsrv - ok
13:14:07.0249 3244 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:14:07.0249 3244 tunnel - ok
13:14:07.0264 3244 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:14:07.0280 3244 uagp35 - ok
13:14:07.0295 3244 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:14:07.0295 3244 udfs - ok
13:14:07.0311 3244 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:14:07.0342 3244 UI0Detect - ok
13:14:07.0374 3244 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
13:14:07.0389 3244 uliagpkx - ok
13:14:07.0405 3244 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:14:07.0405 3244 umbus - ok
13:14:07.0436 3244 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:14:07.0436 3244 UmPass - ok
13:14:07.0467 3244 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
13:14:07.0499 3244 UmRdpService - ok
13:14:07.0514 3244 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
13:14:07.0530 3244 upnphost - ok
13:14:07.0561 3244 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:14:07.0561 3244 usbccgp - ok
13:14:07.0577 3244 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
13:14:07.0592 3244 usbcir - ok
13:14:07.0608 3244 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:14:07.0608 3244 usbehci - ok
13:14:07.0639 3244 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:14:07.0655 3244 usbhub - ok
13:14:07.0686 3244 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:14:07.0702 3244 usbohci - ok
13:14:07.0717 3244 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:14:07.0717 3244 usbprint - ok
13:14:07.0733 3244 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:14:07.0733 3244 USBSTOR - ok
13:14:07.0749 3244 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:14:07.0749 3244 usbuhci - ok
13:14:07.0764 3244 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
13:14:07.0764 3244 UxSms - ok
13:14:07.0780 3244 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
13:14:07.0780 3244 VaultSvc - ok
13:14:07.0795 3244 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
13:14:07.0795 3244 vdrvroot - ok
13:14:07.0811 3244 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
13:14:07.0858 3244 vds - ok
13:14:07.0874 3244 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:14:07.0874 3244 vga - ok
13:14:07.0889 3244 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:14:07.0889 3244 VgaSave - ok
13:14:07.0905 3244 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
13:14:07.0920 3244 vhdmp - ok
13:14:07.0952 3244 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
13:14:07.0967 3244 viaagp - ok
13:14:07.0983 3244 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
13:14:07.0999 3244 ViaC7 - ok
13:14:08.0014 3244 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
13:14:08.0014 3244 viaide - ok
13:14:08.0045 3244 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
13:14:08.0061 3244 vmbus - ok
13:14:08.0077 3244 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
13:14:08.0092 3244 VMBusHID - ok
13:14:08.0092 3244 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
13:14:08.0092 3244 volmgr - ok
13:14:08.0108 3244 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:14:08.0108 3244 volmgrx - ok
13:14:08.0124 3244 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
13:14:08.0124 3244 volsnap - ok
13:14:08.0139 3244 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:14:08.0155 3244 vsmraid - ok
13:14:08.0186 3244 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
13:14:08.0202 3244 VSS - ok
13:14:08.0202 3244 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:14:08.0217 3244 vwifibus - ok
13:14:08.0233 3244 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
13:14:08.0249 3244 W32Time - ok
13:14:08.0249 3244 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:14:08.0264 3244 WacomPen - ok
13:14:08.0280 3244 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:14:08.0280 3244 WANARP - ok
13:14:08.0280 3244 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:14:08.0280 3244 Wanarpv6 - ok
13:14:08.0358 3244 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:14:08.0405 3244 WatAdminSvc - ok
13:14:08.0436 3244 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
13:14:08.0467 3244 wbengine - ok
13:14:08.0483 3244 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:14:08.0499 3244 WbioSrvc - ok
13:14:08.0530 3244 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:14:08.0530 3244 wcncsvc - ok
13:14:08.0545 3244 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:14:08.0561 3244 WcsPlugInService - ok
13:14:08.0577 3244 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:14:08.0592 3244 Wd - ok
13:14:08.0608 3244 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:14:08.0624 3244 Wdf01000 - ok
13:14:08.0624 3244 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:14:08.0624 3244 WdiServiceHost - ok
13:14:08.0639 3244 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:14:08.0639 3244 WdiSystemHost - ok
13:14:08.0686 3244 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
13:14:08.0702 3244 WebClient - ok
13:14:08.0717 3244 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:14:08.0733 3244 Wecsvc - ok
13:14:08.0749 3244 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:14:08.0749 3244 wercplsupport - ok
13:14:08.0764 3244 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
13:14:08.0780 3244 WerSvc - ok
13:14:08.0795 3244 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:14:08.0795 3244 WfpLwf - ok
13:14:08.0795 3244 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:14:08.0811 3244 WIMMount - ok
13:14:08.0858 3244 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:14:08.0889 3244 WinDefend - ok
13:14:08.0905 3244 WinHttpAutoProxySvc - ok
13:14:08.0983 3244 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:14:08.0983 3244 Winmgmt - ok
13:14:09.0014 3244 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
13:14:09.0061 3244 WinRM - ok
13:14:09.0092 3244 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:14:09.0108 3244 Wlansvc - ok
13:14:09.0139 3244 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:14:09.0139 3244 WmiAcpi - ok
13:14:09.0155 3244 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:14:09.0202 3244 wmiApSrv - ok
13:14:09.0233 3244 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:14:09.0233 3244 WMPNetworkSvc - ok
13:14:09.0249 3244 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:14:09.0249 3244 WPCSvc - ok
13:14:09.0264 3244 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:14:09.0280 3244 WPDBusEnum - ok
13:14:09.0280 3244 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:14:09.0295 3244 ws2ifsl - ok
13:14:09.0327 3244 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\system32\wscsvc.dll
13:14:09.0342 3244 wscsvc - ok
13:14:09.0342 3244 WSearch - ok
13:14:09.0420 3244 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
13:14:09.0467 3244 wuauserv - ok
13:14:09.0483 3244 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:14:09.0483 3244 WudfPf - ok
13:14:09.0499 3244 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:14:09.0499 3244 WUDFRd - ok
13:14:09.0514 3244 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:14:09.0514 3244 wudfsvc - ok
13:14:09.0530 3244 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
13:14:09.0545 3244 WwanSvc - ok
13:14:09.0608 3244 [ 74EC37B9EAF9FCA015B933A526825C7A ] {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
13:14:09.0608 3244 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
13:14:09.0624 3244 ================ Scan global ===============================
13:14:09.0639 3244 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
13:14:09.0670 3244 [ 43B34CADB516800794BDF486E493ED32 ] C:\Windows\system32\winsrv.dll
13:14:09.0670 3244 [ 43B34CADB516800794BDF486E493ED32 ] C:\Windows\system32\winsrv.dll
13:14:09.0686 3244 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
13:14:09.0717 3244 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
13:14:09.0717 3244 [Global] - ok
13:14:09.0717 3244 ================ Scan MBR ==================================
13:14:09.0733 3244 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:14:10.0045 3244 \Device\Harddisk0\DR0 - ok
13:14:10.0045 3244 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
13:14:10.0061 3244 \Device\Harddisk1\DR1 - ok
13:14:10.0061 3244 ================ Scan VBR ==================================
13:14:10.0061 3244 [ 39B9B1441D7DDBA758DD1855A5BE2AEF ] \Device\Harddisk0\DR0\Partition1
13:14:10.0061 3244 \Device\Harddisk0\DR0\Partition1 - ok
13:14:10.0077 3244 [ E6CF5A395C8335ABB12B2100B2151427 ] \Device\Harddisk0\DR0\Partition2
13:14:10.0077 3244 \Device\Harddisk0\DR0\Partition2 - ok
13:14:10.0077 3244 [ 6DC014BEEB54F979753F812F6B4BFEA9 ] \Device\Harddisk1\DR1\Partition1
13:14:10.0077 3244 \Device\Harddisk1\DR1\Partition1 - ok
13:14:10.0077 3244 ============================================================
13:14:10.0077 3244 Scan finished
13:14:10.0077 3244 ============================================================
13:14:10.0092 2972 Detected object count: 1
13:14:10.0092 2972 Actual detected object count: 1
13:18:05.0202 2972 MozillaMaintenance ( ForgedFile.Multi.Generic ) - skipped by user
13:18:05.0202 2972 MozillaMaintenance ( ForgedFile.Multi.Generic ) - User select action: Skip
13:18:10.0483 3080 Deinitialize success

# AdwCleaner v2.005 - Logfile created 10/16/2012 at 14:34:29
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : Mark - DSHTPC
# Boot Mode : Normal
# Running from : C:\Users\Mark\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****
Folder Found : C:\ProgramData\WeCareReminder
Folder Found : C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\44xw4471.default\extensions\wecarereminder@bryan
Folder Found : C:\Users\Mark\AppData\Roaming\OpenCandy
***** [Registry] *****
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\wecarereminder
Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKU\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v13.0.1 (en-US)
Profile name : default
File : C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\44xw4471.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2368 octets] - [16/10/2012 14:34:29]
########## EOF - C:\AdwCleaner[R1].txt - [2428 octets] ##########

Health Results of screen317's Security Check version 0.99.51
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java version out of Date!
Adobe Flash Player 11.4.402.287
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#14 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 17 October 2012 - 05:56 PM

Hi,



Run TFC by OldTimer to clear temporary files:
  • Open TFC.exe if you already have it. If not, please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.


  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number



Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck and TDSSKiller.



After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java (any versions listed)


Restart your computer.

Open Firefox, click Help --> About, and ensure that it updates to version 16.


Get the latest version of Java.

Click Start, type in Windows Update, and click Windows Update when it appears. Download and install all available updates, including Service Pack 1.

Reboot.


Let me know what issues remain.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#15 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 27 November 2012 - 09:25 PM

Are you still with us? This topic will be closed in a few days if we do not hear back from you.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#16 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 19 December 2012 - 11:01 AM

<kibbitz>
o.p. has not been back since 17 October. This is either abandoned, or, previously resolved. I'm closing this thread.
Cheers.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users