Jump to content

Please help remove malware


Recommended Posts

Hi,

I believe my PC is infected with malware. All kinds of strange things are happening on it. It is running very sluggish sometimes hangs. The keyboard sometimes does not allow me to type although the mouse works. The CD drive no longer ejects. I ran DDS one time and saved the logs to the desktop to only have them disappear. I was able to save them to flash drive:

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 9.0.8112.16421

Run by Mark at 17:45:35 on 2012-10-03

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3255.2765 [GMT -7:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

.

============== Running Processes ===============

.

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"

mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{2FF4A191-1B08-43AC-A5B8-4A6C6F686024} : DhcpNameServer = 192.168.1.1 68.238.64.12

TCP: Interfaces\{69EEA09C-0A33-418A-9A80-4B6773F36C49} : DhcpNameServer = 192.168.1.1 68.238.64.12

TCP: Interfaces\{7AA9D918-AA53-4E3F-8448-B3BDC1EFD192} : DhcpNameServer = 192.168.1.1

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\44xw4471.default\

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-7 242240]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-29 2477304]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]

S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/07/10 19:55:37];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-6-11 217600]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-12-17 27648]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-15 250288]

S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-6-11 8733696]

S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-6-11 295936]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-22 106656]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-29 40776]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-5 113120]

S3 PRISM_USB;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\drivers\PRISMUSB.sys [2002-2-18 50264]

S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtTeam60.sys [2009-12-17 35840]

S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2009-12-17 19968]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-5 1343400]

.

=============== Created Last 30 ================

.

2012-10-02 00:41:06 -------- d-----w- c:\programdata\Kaspersky Lab

2012-09-30 00:49:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-09-21 23:12:41 -------- d-sh--w- C:\found.001

2012-09-21 22:51:14 9573296 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-09-15 06:09:27 490496 ----a-w- c:\windows\system32\d3d10level9.dll

.

==================== Find3M ====================

.

2012-09-23 04:28:36 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-23 04:28:36 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-07-18 17:10:29 2344448 ----a-w- c:\windows\system32\win32k.sys

2012-07-15 20:53:53 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-07-07 19:43:08 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

.

============= FINISH: 17:45:42.43 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 12/17/2009 9:34:13 AM

System Uptime: 10/3/2012 5:39:37 PM (0 hours ago)

.

Motherboard: ASRock | | P55 Deluxe

Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPUSocket | 2660/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 721.816 GiB free.

D: is CDROM (CDFS)

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP183: 7/27/2012 1:23:12 AM - Scheduled Checkpoint

RP184: 8/17/2012 5:43:07 PM - Scheduled Checkpoint

RP185: 8/18/2012 3:00:12 AM - Windows Update

RP187: 8/24/2012 2:59:28 PM - Installed EasyRecovery Professional

RP188: 9/1/2012 12:00:03 AM - Scheduled Checkpoint

RP189: 9/8/2012 7:12:50 PM - Scheduled Checkpoint

RP190: 9/14/2012 11:51:16 PM - Windows Update

RP191: 9/22/2012 12:00:03 AM - Scheduled Checkpoint

RP192: 9/22/2012 3:00:11 AM - Windows Update

RP193: 9/29/2012 7:01:00 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

ACDSee 10 Photo Manager

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

ATI Catalyst Registration

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Collectorz.com Game Collector

Collectorz.com Movie Collector

COTM Reminder by We-Care.com v4.1.17.2

CyberLink PowerDVD 10

D-Link 11Mbps Wireless LAN for Windows

DAEMON Tools Lite

EasyRecovery Professional

eReg

Google Toolbar for Internet Explorer

Google Update Helper

Java Auto Updater

JMicron JMB36X Driver

LiveUpdate 3.3 (Symantec Corporation)

Logitech SetPoint 6.32

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft .NET Framework 4 Client Profile

Microsoft Office XP Professional with FrontPage

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

Realtek Ethernet Diagnostic Utility

Realtek High Definition Audio Driver

SAMSUNG Intelli-studio

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Symantec Endpoint Protection

The Lord of the Rings FREE Trial

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VLC media player 2.0.2

Winamp

Winamp Application Detect

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

9/29/2012 5:51:50 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

9/29/2012 5:30:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

9/29/2012 5:30:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.

9/29/2012 5:30:09 PM, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/29/2012 5:25:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

10/3/2012 5:42:44 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

10/3/2012 5:40:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

10/3/2012 5:40:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

10/3/2012 5:40:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/3/2012 5:40:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/3/2012 5:40:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/3/2012 5:40:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl spldr sptd SRTSP SRTSPX Wanarpv6

10/3/2012 5:40:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/3/2012 5:39:38 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .

10/3/2012 5:33:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

10/3/2012 5:33:39 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/3/2012 5:33:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

10/3/2012 5:29:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd

.

==== End Of File ===========================

Link to post
Share on other sites

Logs in normal mode:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Mark at 15:08:31 on 2012-10-04

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3255.2131 [GMT -7:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\system32\taskhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files\CyberLink\Shared files\brs.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Windows\system32\PrintIsolationHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"

mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{2FF4A191-1B08-43AC-A5B8-4A6C6F686024} : DhcpNameServer = 192.168.1.1 68.238.64.12

TCP: Interfaces\{69EEA09C-0A33-418A-9A80-4B6773F36C49} : DhcpNameServer = 192.168.1.1 68.238.64.12

TCP: Interfaces\{7AA9D918-AA53-4E3F-8448-B3BDC1EFD192} : DhcpNameServer = 192.168.1.1

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\44xw4471.default\

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-7 242240]

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/07/10 19:55:37];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-6-11 217600]

R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-12-17 27648]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-29 2477304]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-6-11 8733696]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-6-11 295936]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-22 106656]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-15 250288]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-29 40776]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-5 113120]

S3 PRISM_USB;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\drivers\PRISMUSB.sys [2002-2-18 50264]

S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtTeam60.sys [2009-12-17 35840]

S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2009-12-17 19968]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-5 1343400]

.

=============== Created Last 30 ================

.

2012-10-02 00:41:06 -------- d-----w- c:\programdata\Kaspersky Lab

2012-09-30 00:49:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-09-21 23:12:41 -------- d-sh--w- C:\found.001

2012-09-21 22:51:14 9573296 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-09-15 06:09:27 490496 ----a-w- c:\windows\system32\d3d10level9.dll

.

==================== Find3M ====================

.

2012-09-23 04:28:36 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-23 04:28:36 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-07-18 17:10:29 2344448 ----a-w- c:\windows\system32\win32k.sys

2012-07-15 20:53:53 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-07-07 19:43:08 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

.

============= FINISH: 15:09:22.62 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 12/17/2009 9:34:13 AM

System Uptime: 10/4/2012 3:05:23 PM (0 hours ago)

.

Motherboard: ASRock | | P55 Deluxe

Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPUSocket | 2507/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 721.826 GiB free.

D: is CDROM (CDFS)

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP183: 7/27/2012 1:23:12 AM - Scheduled Checkpoint

RP184: 8/17/2012 5:43:07 PM - Scheduled Checkpoint

RP185: 8/18/2012 3:00:12 AM - Windows Update

RP187: 8/24/2012 2:59:28 PM - Installed EasyRecovery Professional

RP188: 9/1/2012 12:00:03 AM - Scheduled Checkpoint

RP189: 9/8/2012 7:12:50 PM - Scheduled Checkpoint

RP190: 9/14/2012 11:51:16 PM - Windows Update

RP191: 9/22/2012 12:00:03 AM - Scheduled Checkpoint

RP192: 9/22/2012 3:00:11 AM - Windows Update

RP193: 9/29/2012 7:01:00 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

ACDSee 10 Photo Manager

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

ATI Catalyst Registration

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Collectorz.com Game Collector

Collectorz.com Movie Collector

COTM Reminder by We-Care.com v4.1.17.2

CyberLink PowerDVD 10

D-Link 11Mbps Wireless LAN for Windows

DAEMON Tools Lite

EasyRecovery Professional

eReg

Google Toolbar for Internet Explorer

Google Update Helper

Java Auto Updater

JMicron JMB36X Driver

LiveUpdate 3.3 (Symantec Corporation)

Logitech SetPoint 6.32

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft .NET Framework 4 Client Profile

Microsoft Office XP Professional with FrontPage

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

Realtek Ethernet Diagnostic Utility

Realtek High Definition Audio Driver

SAMSUNG Intelli-studio

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Symantec Endpoint Protection

The Lord of the Rings FREE Trial

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VLC media player 2.0.2

Winamp

Winamp Application Detect

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

9/29/2012 5:51:50 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

9/29/2012 5:30:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

9/29/2012 5:30:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.

9/29/2012 5:30:09 PM, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/29/2012 5:25:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

10/4/2012 3:07:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd

10/4/2012 3:05:24 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .

10/4/2012 3:03:45 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

10/3/2012 5:40:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

10/3/2012 5:40:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

10/3/2012 5:40:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/3/2012 5:40:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/3/2012 5:40:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/3/2012 5:40:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl spldr sptd SRTSP SRTSPX Wanarpv6

10/3/2012 5:40:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/3/2012 5:33:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

10/3/2012 5:33:39 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/3/2012 5:33:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

If after ComboFix reboots you get a message about an "Invalid Option Registry Key Marked for Deletion," please reboot again and the error will go away.

-screen317

Link to post
Share on other sites

Here is the log:

ComboFix 12-10-12.01 - Mark 10/13/2012 10:37:39.1.4 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3255.1910 [GMT -7:00]

Running from: F:\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-09-13 to 2012-10-13 )))))))))))))))))))))))))))))))

.

.

2012-10-13 17:41 . 2012-10-13 17:41 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-10-13 17:41 . 2012-10-13 17:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-10 04:39 . 2012-08-24 17:10 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-10-10 04:39 . 2012-09-14 18:30 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-02 00:41 . 2012-10-02 00:41 -------- d-----w- c:\programdata\Kaspersky Lab

2012-09-30 00:49 . 2012-09-30 00:50 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-09-21 23:12 . 2012-09-21 23:12 -------- d-----w- C:\found.001

2012-09-15 06:09 . 2012-08-02 17:05 490496 ----a-w- c:\windows\system32\d3d10level9.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 03:51 . 2012-07-15 20:55 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 03:51 . 2011-07-17 03:08 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-08 00:04 . 2012-06-28 03:28 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-18 17:10 . 2012-08-18 00:20 2344448 ----a-w- c:\windows\system32\win32k.sys

2012-07-15 20:54 . 2012-07-15 20:54 53248 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-07-15 20:53 . 2012-07-15 20:53 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-09-28 03:42 . 2011-12-17 20:11 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-14 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 307200]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-29 115560]

"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]

"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 AsrCDDrv;AsrCDDrv;c:\windows\system32\Drivers\AsrCDDrv.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 PRISM_USB;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\DRIVERS\PRISMUSB.sys [x]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/07/10 19:55];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 03:51]

.

2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-17 18:27]

.

2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-17 18:27]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\44xw4471.default\

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.032"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ani"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.apd"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.arw"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.bay"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.bmp"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.bw"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.cr2"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.crw"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.cs1"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.cur"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.dcr"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.dcx"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.dib"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.djv"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.djvu"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.dng"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.emf"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.eps"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.erf"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.fff"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.fpx"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.gif"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.hdr"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.icl"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.icn"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ico"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2725046493-622747726-3050739882-1000)

"Progid"="ACDSee 10.0.iff"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ilbm"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.int"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.inta"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.iw4"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.j2c"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.j2k"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jfif"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jif"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jp2"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpc"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpe"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpeg"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpg"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpk"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpx"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.lbm"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.mef"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.mos"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.mrw"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.nef"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.orf"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pbm"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pcd"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pct"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pcx"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pef"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pgm"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pic"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pict"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pix"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.png"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ppm"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.psd"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.psp"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pspimage"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.raf"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ras"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2725046493-622747726-3050739882-1000)

"Progid"="ACDSee 10.0.raw"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.rgb"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.rgba"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.rle"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.rsb"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.sgi"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.sr2"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.srf"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.tga"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.thm"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.tif"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.tiff"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ttc"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ttf"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.v10o"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.v10p"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.v10pf"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.wbm"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.wbmp"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.wmf"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.xbm"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.xif"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.xmp"

.

[HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.xpm"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-10-13 10:44:31

ComboFix-quarantined-files.txt 2012-10-13 17:44

ComboFix2.txt 2012-07-04 16:41

.

Pre-Run: 777,377,026,048 bytes free

Post-Run: 777,675,153,408 bytes free

.

- - End Of File - - E8B13B9889C5E6CFB86D41BA8805AF2A

Link to post
Share on other sites

Not sure why font size came out so small so I will repost

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 12/17/2009 9:34:13 AM

System Uptime: 10/14/2012 3:41:12 PM (20 hours ago)

.

Motherboard: ASRock | | P55 Deluxe

Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPUSocket | 2668/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 724.745 GiB free.

D: is CDROM (UDF)

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP188: 9/1/2012 12:00:03 AM - Scheduled Checkpoint

RP189: 9/8/2012 7:12:50 PM - Scheduled Checkpoint

RP190: 9/14/2012 11:51:16 PM - Windows Update

RP191: 9/22/2012 12:00:03 AM - Scheduled Checkpoint

RP192: 9/22/2012 3:00:11 AM - Windows Update

RP193: 9/29/2012 7:01:00 PM - Scheduled Checkpoint

RP194: 10/7/2012 12:00:04 AM - Scheduled Checkpoint

RP195: 10/10/2012 3:00:12 AM - Windows Update

RP197: 10/13/2012 10:36:08 AM - ComboFix created restore point

RP198: 10/14/2012 3:00:10 AM - Windows Update

.

==== Installed Programs ======================

.

ACDSee 10 Photo Manager

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

ATI Catalyst Registration

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Collectorz.com Game Collector

Collectorz.com Movie Collector

COTM Reminder by We-Care.com v4.1.17.2

CyberLink PowerDVD 10

D-Link 11Mbps Wireless LAN for Windows

DAEMON Tools Lite

EasyRecovery Professional

eReg

Google Toolbar for Internet Explorer

Google Update Helper

Java Auto Updater

JMicron JMB36X Driver

LiveUpdate 3.3 (Symantec Corporation)

Logitech SetPoint 6.32

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft .NET Framework 4 Client Profile

Microsoft Office XP Professional with FrontPage

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

Realtek Ethernet Diagnostic Utility

Realtek High Definition Audio Driver

SAMSUNG Intelli-studio

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Symantec Endpoint Protection

The Lord of the Rings FREE Trial

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VLC media player 2.0.2

Winamp

Winamp Application Detect

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

10/14/2012 4:02:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

10/14/2012 4:02:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.

10/14/2012 4:02:43 PM, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/14/2012 3:42:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd

10/14/2012 3:41:13 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .

10/14/2012 3:40:40 PM, Error: Service Control Manager [7023] -

10/14/2012 3:38:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SmcService service.

10/14/2012 3:37:46 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

10/14/2012 3:35:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.

10/13/2012 11:07:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004004: Security Update for Windows 7 (KB2731847).

10/13/2012 10:41:49 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Mark at 11:14:31 on 2012-10-15

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3255.2263 [GMT -7:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files\CyberLink\Shared files\brs.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\mmc.exe

C:\Windows\system32\mmc.exe

C:\Windows\system32\mmc.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"

mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{2FF4A191-1B08-43AC-A5B8-4A6C6F686024} : DhcpNameServer = 192.168.1.1 68.238.64.12

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\44xw4471.default\

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-7 242240]

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/07/10 19:55:37];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-6-11 217600]

R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-12-17 27648]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-29 2477304]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-6-11 8733696]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-6-11 295936]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-22 106656]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-15 250808]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-29 40776]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-5 113120]

S3 PRISM_USB;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\drivers\PRISMUSB.sys [2002-2-18 50264]

S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtTeam60.sys [2009-12-17 35840]

S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2009-12-17 19968]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-5 1343400]

.

=============== Created Last 30 ================

.

2012-10-13 17:44:15 -------- d-sh--w- C:\$RECYCLE.BIN

2012-10-10 04:39:29 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-10-10 04:39:22 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-02 00:41:06 -------- d-----w- c:\programdata\Kaspersky Lab

2012-09-30 00:49:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-09-21 23:12:41 -------- d-----w- C:\found.001

.

==================== Find3M ====================

.

2012-10-09 03:51:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 03:51:16 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-31 17:21:56 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 17:18:33 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-30 17:18:33 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-18 11:23:05 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-08-18 11:21:20 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-18 11:18:47 271360 ----a-w- c:\windows\system32\conhost.exe

2012-08-18 09:07:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-18 09:07:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-18 09:07:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-18 09:07:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-10 23:54:04 541184 ----a-w- c:\windows\system32\kerberos.dll

2012-08-02 17:05:42 490496 ----a-w- c:\windows\system32\d3d10level9.dll

2012-07-18 17:10:29 2344448 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 11:15:13.18 ===============

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Export the threats found (if any), and post them here.

Next, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Next, download my Security Check from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Eset did not detect any threats. Stills seems to be running slugish but I am able to type now and am able to open CD tray.

13:13:12.0702 3016 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47

13:13:13.0186 3016 ============================================================

13:13:13.0186 3016 Current date / time: 2012/10/16 13:13:13.0186

13:13:13.0186 3016 SystemInfo:

13:13:13.0186 3016

13:13:13.0186 3016 OS Version: 6.1.7600 ServicePack: 0.0

13:13:13.0186 3016 Product type: Workstation

13:13:13.0186 3016 ComputerName: DSHTPC

13:13:13.0186 3016 UserName: Mark

13:13:13.0186 3016 Windows directory: C:\Windows

13:13:13.0186 3016 System windows directory: C:\Windows

13:13:13.0186 3016 Processor architecture: Intel x86

13:13:13.0186 3016 Number of processors: 4

13:13:13.0202 3016 Page size: 0x1000

13:13:13.0202 3016 Boot type: Normal boot

13:13:13.0202 3016 ============================================================

13:13:14.0514 3016 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

13:13:14.0514 3016 Drive \Device\Harddisk1\DR1 - Size: 0x7AC00000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

13:13:14.0514 3016 ============================================================

13:13:14.0514 3016 \Device\Harddisk0\DR0:

13:13:14.0514 3016 MBR partitions:

13:13:14.0514 3016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

13:13:14.0514 3016 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800

13:13:14.0514 3016 \Device\Harddisk1\DR1:

13:13:14.0514 3016 MBR partitions:

13:13:14.0514 3016 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0xF3, BlocksNum 0x3D5F0D

13:13:14.0514 3016 ============================================================

13:13:14.0545 3016 C: <-> \Device\Harddisk0\DR0\Partition2

13:13:14.0545 3016 ============================================================

13:13:14.0545 3016 Initialize success

13:13:14.0545 3016 ============================================================

13:13:54.0608 3244 ============================================================

13:13:54.0608 3244 Scan started

13:13:54.0608 3244 Mode: Manual;

13:13:54.0608 3244 ============================================================

13:13:54.0842 3244 ================ Scan system memory ========================

13:13:54.0842 3244 System memory - ok

13:13:54.0842 3244 ================ Scan services =============================

13:13:54.0967 3244 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

13:13:54.0967 3244 1394ohci - ok

13:13:54.0999 3244 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys

13:13:54.0999 3244 ACPI - ok

13:13:55.0014 3244 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys

13:13:55.0030 3244 AcpiPmi - ok

13:13:55.0108 3244 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

13:13:55.0108 3244 AdobeFlashPlayerUpdateSvc - ok

13:13:55.0139 3244 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

13:13:55.0170 3244 adp94xx - ok

13:13:55.0186 3244 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

13:13:55.0202 3244 adpahci - ok

13:13:55.0217 3244 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

13:13:55.0233 3244 adpu320 - ok

13:13:55.0249 3244 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

13:13:55.0249 3244 AeLookupSvc - ok

13:13:55.0280 3244 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys

13:13:55.0280 3244 AFD - ok

13:13:55.0280 3244 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys

13:13:55.0295 3244 agp440 - ok

13:13:55.0295 3244 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys

13:13:55.0295 3244 aic78xx - ok

13:13:55.0327 3244 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe

13:13:55.0358 3244 ALG - ok

13:13:55.0358 3244 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys

13:13:55.0374 3244 aliide - ok

13:13:55.0405 3244 [ B90A4332CF4C6580C845266A656DE4AB ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

13:13:55.0405 3244 AMD External Events Utility - ok

13:13:55.0405 3244 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys

13:13:55.0420 3244 amdagp - ok

13:13:55.0436 3244 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys

13:13:55.0452 3244 amdide - ok

13:13:55.0467 3244 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

13:13:55.0467 3244 AmdK8 - ok

13:13:55.0655 3244 [ 7844984A5E1E6F18D93AF9E9BCC65436 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

13:13:55.0795 3244 amdkmdag - ok

13:13:55.0811 3244 [ 202DEF509D76105B08741D36C3A7E4D7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

13:13:55.0811 3244 amdkmdap - ok

13:13:55.0842 3244 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

13:13:55.0842 3244 AmdPPM - ok

13:13:55.0889 3244 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys

13:13:55.0905 3244 amdsata - ok

13:13:55.0920 3244 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

13:13:55.0936 3244 amdsbs - ok

13:13:55.0952 3244 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys

13:13:55.0952 3244 amdxata - ok

13:13:55.0967 3244 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys

13:13:55.0967 3244 AppID - ok

13:13:55.0999 3244 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll

13:13:56.0014 3244 AppIDSvc - ok

13:13:56.0045 3244 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll

13:13:56.0045 3244 Appinfo - ok

13:13:56.0077 3244 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll

13:13:56.0092 3244 AppMgmt - ok

13:13:56.0108 3244 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys

13:13:56.0124 3244 arc - ok

13:13:56.0139 3244 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

13:13:56.0155 3244 arcsas - ok

13:13:56.0170 3244 AsrCDDrv - ok

13:13:56.0186 3244 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

13:13:56.0202 3244 AsyncMac - ok

13:13:56.0217 3244 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys

13:13:56.0217 3244 atapi - ok

13:13:56.0264 3244 [ 6ADC42CF4A6AB84975CA63DCCFAAF5D8 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys

13:13:56.0264 3244 AtiHDAudioService - ok

13:13:56.0280 3244 [ 36A49B49E982450AC117EDA6AB35BDF5 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys

13:13:56.0295 3244 AtiHdmiService - ok

13:13:56.0452 3244 [ 7844984A5E1E6F18D93AF9E9BCC65436 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

13:13:56.0483 3244 atikmdag - ok

13:13:56.0514 3244 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

13:13:56.0514 3244 AudioEndpointBuilder - ok

13:13:56.0514 3244 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll

13:13:56.0514 3244 Audiosrv - ok

13:13:56.0530 3244 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll

13:13:56.0530 3244 AxInstSV - ok

13:13:56.0561 3244 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys

13:13:56.0561 3244 b06bdrv - ok

13:13:56.0592 3244 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys

13:13:56.0608 3244 b57nd60x - ok

13:13:56.0639 3244 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll

13:13:56.0655 3244 BDESVC - ok

13:13:56.0670 3244 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys

13:13:56.0670 3244 Beep - ok

13:13:56.0686 3244 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll

13:13:56.0702 3244 BFE - ok

13:13:56.0733 3244 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll

13:13:56.0764 3244 BITS - ok

13:13:56.0780 3244 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

13:13:56.0780 3244 blbdrive - ok

13:13:56.0827 3244 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

13:13:56.0827 3244 bowser - ok

13:13:56.0842 3244 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:13:56.0858 3244 BrFiltLo - ok

13:13:56.0858 3244 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:13:56.0874 3244 BrFiltUp - ok

13:13:56.0920 3244 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

13:13:56.0936 3244 BridgeMP - ok

13:13:56.0983 3244 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll

13:13:56.0983 3244 Browser - ok

13:13:56.0999 3244 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys

13:13:57.0014 3244 Brserid - ok

13:13:57.0014 3244 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

13:13:57.0030 3244 BrSerWdm - ok

13:13:57.0045 3244 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

13:13:57.0045 3244 BrUsbMdm - ok

13:13:57.0061 3244 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

13:13:57.0077 3244 BrUsbSer - ok

13:13:57.0092 3244 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

13:13:57.0092 3244 BTHMODEM - ok

13:13:57.0139 3244 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll

13:13:57.0155 3244 bthserv - ok

13:13:57.0202 3244 catchme - ok

13:13:57.0264 3244 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

13:13:57.0280 3244 ccEvtMgr - ok

13:13:57.0280 3244 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

13:13:57.0280 3244 ccSetMgr - ok

13:13:57.0295 3244 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

13:13:57.0311 3244 cdfs - ok

13:13:57.0327 3244 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

13:13:57.0327 3244 cdrom - ok

13:13:57.0342 3244 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll

13:13:57.0358 3244 CertPropSvc - ok

13:13:57.0358 3244 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys

13:13:57.0374 3244 circlass - ok

13:13:57.0405 3244 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys

13:13:57.0405 3244 CLFS - ok

13:13:57.0436 3244 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:13:57.0483 3244 clr_optimization_v2.0.50727_32 - ok

13:13:57.0577 3244 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:13:57.0577 3244 clr_optimization_v4.0.30319_32 - ok

13:13:57.0592 3244 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

13:13:57.0608 3244 CmBatt - ok

13:13:57.0608 3244 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys

13:13:57.0624 3244 cmdide - ok

13:13:57.0670 3244 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys

13:13:57.0670 3244 CNG - ok

13:13:57.0670 3244 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

13:13:57.0686 3244 Compbatt - ok

13:13:57.0702 3244 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

13:13:57.0702 3244 CompositeBus - ok

13:13:57.0702 3244 COMSysApp - ok

13:13:57.0702 3244 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

13:13:57.0717 3244 crcdisk - ok

13:13:57.0764 3244 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll

13:13:57.0780 3244 CryptSvc - ok

13:13:57.0811 3244 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys

13:13:57.0811 3244 CSC - ok

13:13:57.0827 3244 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll

13:13:57.0842 3244 CscService - ok

13:13:57.0874 3244 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll

13:13:57.0889 3244 DcomLaunch - ok

13:13:57.0905 3244 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll

13:13:57.0936 3244 defragsvc - ok

13:13:57.0967 3244 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

13:13:57.0967 3244 DfsC - ok

13:13:57.0999 3244 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll

13:13:57.0999 3244 Dhcp - ok

13:13:58.0014 3244 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys

13:13:58.0014 3244 discache - ok

13:13:58.0045 3244 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys

13:13:58.0045 3244 Disk - ok

13:13:58.0061 3244 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll

13:13:58.0077 3244 Dnscache - ok

13:13:58.0077 3244 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll

13:13:58.0108 3244 dot3svc - ok

13:13:58.0124 3244 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll

13:13:58.0124 3244 DPS - ok

13:13:58.0155 3244 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

13:13:58.0186 3244 drmkaud - ok

13:13:58.0249 3244 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys

13:13:58.0249 3244 dtsoftbus01 - ok

13:13:58.0295 3244 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

13:13:58.0295 3244 DXGKrnl - ok

13:13:58.0311 3244 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll

13:13:58.0311 3244 EapHost - ok

13:13:58.0389 3244 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys

13:13:58.0545 3244 ebdrv - ok

13:13:58.0608 3244 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

13:13:58.0608 3244 eeCtrl - ok

13:13:58.0639 3244 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe

13:13:58.0639 3244 EFS - ok

13:13:58.0702 3244 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe

13:13:58.0795 3244 ehRecvr - ok

13:13:58.0827 3244 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe

13:13:58.0874 3244 ehSched - ok

13:13:58.0905 3244 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

13:13:58.0936 3244 elxstor - ok

13:13:58.0999 3244 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

13:13:58.0999 3244 EraserUtilRebootDrv - ok

13:13:59.0030 3244 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys

13:13:59.0030 3244 ErrDev - ok

13:13:59.0077 3244 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll

13:13:59.0092 3244 EventSystem - ok

13:13:59.0124 3244 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys

13:13:59.0139 3244 exfat - ok

13:13:59.0155 3244 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys

13:13:59.0155 3244 fastfat - ok

13:13:59.0170 3244 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe

13:13:59.0186 3244 Fax - ok

13:13:59.0186 3244 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

13:13:59.0202 3244 fdc - ok

13:13:59.0217 3244 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll

13:13:59.0217 3244 fdPHost - ok

13:13:59.0217 3244 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll

13:13:59.0233 3244 FDResPub - ok

13:13:59.0249 3244 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

13:13:59.0249 3244 FileInfo - ok

13:13:59.0264 3244 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

13:13:59.0280 3244 Filetrace - ok

13:13:59.0280 3244 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

13:13:59.0311 3244 flpydisk - ok

13:13:59.0327 3244 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

13:13:59.0327 3244 FltMgr - ok

13:13:59.0358 3244 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll

13:13:59.0374 3244 FontCache - ok

13:13:59.0420 3244 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

13:13:59.0420 3244 FontCache3.0.0.0 - ok

13:13:59.0436 3244 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

13:13:59.0436 3244 FsDepends - ok

13:13:59.0452 3244 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

13:13:59.0452 3244 Fs_Rec - ok

13:13:59.0483 3244 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

13:13:59.0483 3244 fvevol - ok

13:13:59.0499 3244 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

13:13:59.0514 3244 gagp30kx - ok

13:13:59.0545 3244 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll

13:13:59.0545 3244 gpsvc - ok

13:13:59.0608 3244 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

13:13:59.0608 3244 gupdate - ok

13:13:59.0624 3244 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

13:13:59.0624 3244 gupdatem - ok

13:13:59.0670 3244 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

13:13:59.0670 3244 gusvc - ok

13:13:59.0702 3244 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

13:13:59.0717 3244 hcw85cir - ok

13:13:59.0749 3244 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

13:13:59.0764 3244 HdAudAddService - ok

13:13:59.0795 3244 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

13:13:59.0795 3244 HDAudBus - ok

13:13:59.0811 3244 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

13:13:59.0827 3244 HidBatt - ok

13:13:59.0842 3244 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

13:13:59.0842 3244 HidBth - ok

13:13:59.0858 3244 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

13:13:59.0874 3244 HidIr - ok

13:13:59.0874 3244 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll

13:13:59.0889 3244 hidserv - ok

13:13:59.0889 3244 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

13:13:59.0889 3244 HidUsb - ok

13:13:59.0905 3244 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll

13:13:59.0905 3244 hkmsvc - ok

13:13:59.0936 3244 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

13:13:59.0936 3244 HomeGroupListener - ok

13:13:59.0983 3244 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

13:13:59.0983 3244 HomeGroupProvider - ok

13:13:59.0999 3244 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys

13:14:00.0014 3244 HpSAMD - ok

13:14:00.0045 3244 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys

13:14:00.0045 3244 HTTP - ok

13:14:00.0077 3244 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

13:14:00.0077 3244 hwpolicy - ok

13:14:00.0092 3244 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

13:14:00.0108 3244 i8042prt - ok

13:14:00.0139 3244 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

13:14:00.0170 3244 iaStorV - ok

13:14:00.0217 3244 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:14:00.0295 3244 idsvc - ok

13:14:00.0327 3244 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

13:14:00.0342 3244 iirsp - ok

13:14:00.0374 3244 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll

13:14:00.0374 3244 IKEEXT - ok

13:14:00.0483 3244 [ 5CEEF2CCCB4FE00D3FFBFEB12BCFA07F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

13:14:00.0514 3244 IntcAzAudAddService - ok

13:14:00.0514 3244 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys

13:14:00.0530 3244 intelide - ok

13:14:00.0545 3244 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

13:14:00.0545 3244 intelppm - ok

13:14:00.0561 3244 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

13:14:00.0577 3244 IPBusEnum - ok

13:14:00.0592 3244 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:14:00.0592 3244 IpFilterDriver - ok

13:14:00.0608 3244 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

13:14:00.0608 3244 iphlpsvc - ok

13:14:00.0624 3244 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys

13:14:00.0639 3244 IPMIDRV - ok

13:14:00.0655 3244 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys

13:14:00.0655 3244 IPNAT - ok

13:14:00.0686 3244 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys

13:14:00.0686 3244 IRENUM - ok

13:14:00.0686 3244 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys

13:14:00.0702 3244 isapnp - ok

13:14:00.0717 3244 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

13:14:00.0733 3244 iScsiPrt - ok

13:14:00.0749 3244 [ 484836413C2348244C8008C962240C8D ] JRAID C:\Windows\system32\DRIVERS\jraid.sys

13:14:00.0749 3244 JRAID - ok

13:14:00.0764 3244 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

13:14:00.0764 3244 kbdclass - ok

13:14:00.0780 3244 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

13:14:00.0780 3244 kbdhid - ok

13:14:00.0795 3244 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe

13:14:00.0795 3244 KeyIso - ok

13:14:00.0827 3244 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

13:14:00.0827 3244 KSecDD - ok

13:14:00.0874 3244 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

13:14:00.0874 3244 KSecPkg - ok

13:14:00.0920 3244 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll

13:14:00.0952 3244 KtmRm - ok

13:14:00.0999 3244 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll

13:14:00.0999 3244 LanmanServer - ok

13:14:01.0030 3244 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

13:14:01.0030 3244 LanmanWorkstation - ok

13:14:01.0124 3244 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

13:14:01.0155 3244 LBTServ - ok

13:14:01.0202 3244 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys

13:14:01.0202 3244 LHidFilt - ok

13:14:01.0295 3244 [ 010FD2B41E75A98E3A4D23F44405F5C9 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

13:14:01.0327 3244 LiveUpdate - ok

13:14:01.0342 3244 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

13:14:01.0342 3244 lltdio - ok

13:14:01.0358 3244 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll

13:14:01.0389 3244 lltdsvc - ok

13:14:01.0389 3244 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll

13:14:01.0389 3244 lmhosts - ok

13:14:01.0405 3244 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys

13:14:01.0405 3244 LMouFilt - ok

13:14:01.0452 3244 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

13:14:01.0452 3244 LSI_FC - ok

13:14:01.0467 3244 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

13:14:01.0483 3244 LSI_SAS - ok

13:14:01.0499 3244 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:14:01.0514 3244 LSI_SAS2 - ok

13:14:01.0530 3244 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:14:01.0545 3244 LSI_SCSI - ok

13:14:01.0561 3244 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys

13:14:01.0561 3244 luafv - ok

13:14:01.0608 3244 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys

13:14:01.0624 3244 MBAMSwissArmy - ok

13:14:01.0655 3244 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

13:14:01.0670 3244 Mcx2Svc - ok

13:14:01.0686 3244 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

13:14:01.0702 3244 megasas - ok

13:14:01.0717 3244 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

13:14:01.0733 3244 MegaSR - ok

13:14:01.0749 3244 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll

13:14:01.0749 3244 MMCSS - ok

13:14:01.0780 3244 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys

13:14:01.0780 3244 Modem - ok

13:14:01.0795 3244 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

13:14:01.0795 3244 monitor - ok

13:14:01.0811 3244 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

13:14:01.0811 3244 mouclass - ok

13:14:01.0827 3244 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

13:14:01.0827 3244 mouhid - ok

13:14:01.0858 3244 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

13:14:01.0858 3244 mountmgr - ok

13:14:01.0889 3244 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

13:14:01.0905 3244 Suspicious file (Forged): C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe. Real md5: 15D5398EED42C2504BB3D4FC875C15D1, Fake md5: 7BE95894F0C854C987B96F8BB6B196DA

13:14:01.0905 3244 MozillaMaintenance ( ForgedFile.Multi.Generic ) - warning

13:14:01.0905 3244 MozillaMaintenance - detected ForgedFile.Multi.Generic (1)

13:14:01.0920 3244 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys

13:14:01.0936 3244 mpio - ok

13:14:01.0952 3244 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

13:14:01.0952 3244 mpsdrv - ok

13:14:01.0983 3244 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll

13:14:01.0983 3244 MpsSvc - ok

13:14:01.0999 3244 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

13:14:02.0014 3244 MRxDAV - ok

13:14:02.0061 3244 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

13:14:02.0061 3244 mrxsmb - ok

13:14:02.0077 3244 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:14:02.0092 3244 mrxsmb10 - ok

13:14:02.0108 3244 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:14:02.0108 3244 mrxsmb20 - ok

13:14:02.0124 3244 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys

13:14:02.0139 3244 msahci - ok

13:14:02.0139 3244 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys

13:14:02.0155 3244 msdsm - ok

13:14:02.0186 3244 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe

13:14:02.0217 3244 MSDTC - ok

13:14:02.0233 3244 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys

13:14:02.0233 3244 Msfs - ok

13:14:02.0249 3244 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

13:14:02.0249 3244 mshidkmdf - ok

13:14:02.0249 3244 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys

13:14:02.0249 3244 msisadrv - ok

13:14:02.0280 3244 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

13:14:02.0295 3244 MSiSCSI - ok

13:14:02.0295 3244 msiserver - ok

13:14:02.0311 3244 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

13:14:02.0327 3244 MSKSSRV - ok

13:14:02.0342 3244 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

13:14:02.0342 3244 MSPCLOCK - ok

13:14:02.0342 3244 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

13:14:02.0358 3244 MSPQM - ok

13:14:02.0358 3244 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

13:14:02.0358 3244 MsRPC - ok

13:14:02.0374 3244 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

13:14:02.0374 3244 mssmbios - ok

13:14:02.0374 3244 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

13:14:02.0374 3244 MSTEE - ok

13:14:02.0389 3244 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

13:14:02.0389 3244 MTConfig - ok

13:14:02.0420 3244 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys

13:14:02.0420 3244 Mup - ok

13:14:02.0452 3244 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll

13:14:02.0467 3244 napagent - ok

13:14:02.0499 3244 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

13:14:02.0499 3244 NativeWifiP - ok

13:14:02.0608 3244 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121015.002\NAVENG.SYS

13:14:02.0608 3244 NAVENG - ok

13:14:02.0670 3244 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121015.002\NAVEX15.SYS

13:14:02.0686 3244 NAVEX15 - ok

13:14:02.0717 3244 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys

13:14:02.0717 3244 NDIS - ok

13:14:02.0733 3244 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

13:14:02.0749 3244 NdisCap - ok

13:14:02.0780 3244 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

13:14:02.0780 3244 NdisTapi - ok

13:14:02.0795 3244 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

13:14:02.0795 3244 Ndisuio - ok

13:14:02.0795 3244 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

13:14:02.0795 3244 NdisWan - ok

13:14:02.0811 3244 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

13:14:02.0811 3244 NDProxy - ok

13:14:02.0811 3244 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

13:14:02.0811 3244 NetBIOS - ok

13:14:02.0827 3244 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

13:14:02.0827 3244 NetBT - ok

13:14:02.0842 3244 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe

13:14:02.0842 3244 Netlogon - ok

13:14:02.0874 3244 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll

13:14:02.0889 3244 Netman - ok

13:14:02.0905 3244 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll

13:14:02.0905 3244 netprofm - ok

13:14:02.0952 3244 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:14:02.0967 3244 NetTcpPortSharing - ok

13:14:02.0967 3244 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

13:14:02.0983 3244 nfrd960 - ok

13:14:02.0999 3244 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll

13:14:03.0014 3244 NlaSvc - ok

13:14:03.0014 3244 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys

13:14:03.0030 3244 Npfs - ok

13:14:03.0030 3244 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll

13:14:03.0045 3244 nsi - ok

13:14:03.0045 3244 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

13:14:03.0045 3244 nsiproxy - ok

13:14:03.0108 3244 [ 5126C5402C730C2A953275D8497A4715 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

13:14:03.0124 3244 Ntfs - ok

13:14:03.0139 3244 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys

13:14:03.0139 3244 Null - ok

13:14:03.0155 3244 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys

13:14:03.0170 3244 nvraid - ok

13:14:03.0217 3244 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys

13:14:03.0233 3244 nvstor - ok

13:14:03.0249 3244 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys

13:14:03.0264 3244 nv_agp - ok

13:14:03.0280 3244 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

13:14:03.0280 3244 ohci1394 - ok

13:14:03.0311 3244 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

13:14:03.0311 3244 p2pimsvc - ok

13:14:03.0327 3244 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll

13:14:03.0342 3244 p2psvc - ok

13:14:03.0358 3244 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys

13:14:03.0358 3244 Parport - ok

13:14:03.0389 3244 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys

13:14:03.0389 3244 partmgr - ok

13:14:03.0405 3244 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys

13:14:03.0420 3244 Parvdm - ok

13:14:03.0436 3244 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll

13:14:03.0436 3244 PcaSvc - ok

13:14:03.0452 3244 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys

13:14:03.0467 3244 pci - ok

13:14:03.0483 3244 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys

13:14:03.0483 3244 pciide - ok

13:14:03.0499 3244 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

13:14:03.0514 3244 pcmcia - ok

13:14:03.0530 3244 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys

13:14:03.0530 3244 pcw - ok

13:14:03.0545 3244 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys

13:14:03.0561 3244 PEAUTH - ok

13:14:03.0592 3244 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

13:14:03.0639 3244 PeerDistSvc - ok

13:14:03.0686 3244 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll

13:14:03.0733 3244 pla - ok

13:14:03.0780 3244 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

13:14:03.0780 3244 PlugPlay - ok

13:14:03.0795 3244 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

13:14:03.0811 3244 PNRPAutoReg - ok

13:14:03.0811 3244 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

13:14:03.0811 3244 PNRPsvc - ok

13:14:03.0842 3244 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

13:14:03.0858 3244 PolicyAgent - ok

13:14:03.0889 3244 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll

13:14:03.0889 3244 Power - ok

13:14:03.0920 3244 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

13:14:03.0920 3244 PptpMiniport - ok

13:14:03.0967 3244 [ 46A7BB412D7F0BA1813FC191D460F991 ] PRISM_USB C:\Windows\system32\DRIVERS\PRISMUSB.sys

13:14:03.0983 3244 PRISM_USB - ok

13:14:04.0014 3244 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys

13:14:04.0030 3244 Processor - ok

13:14:04.0061 3244 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll

13:14:04.0077 3244 ProfSvc - ok

13:14:04.0077 3244 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe

13:14:04.0077 3244 ProtectedStorage - ok

13:14:04.0108 3244 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys

13:14:04.0108 3244 Psched - ok

13:14:04.0155 3244 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

13:14:04.0202 3244 ql2300 - ok

13:14:04.0217 3244 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

13:14:04.0249 3244 ql40xx - ok

13:14:04.0264 3244 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll

13:14:04.0280 3244 QWAVE - ok

13:14:04.0295 3244 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

13:14:04.0295 3244 QWAVEdrv - ok

13:14:04.0311 3244 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

13:14:04.0311 3244 RasAcd - ok

13:14:04.0327 3244 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

13:14:04.0327 3244 RasAgileVpn - ok

13:14:04.0327 3244 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll

13:14:04.0342 3244 RasAuto - ok

13:14:04.0358 3244 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

13:14:04.0358 3244 Rasl2tp - ok

13:14:04.0374 3244 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll

13:14:04.0374 3244 RasMan - ok

13:14:04.0374 3244 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

13:14:04.0374 3244 RasPppoe - ok

13:14:04.0405 3244 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

13:14:04.0405 3244 RasSstp - ok

13:14:04.0420 3244 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

13:14:04.0420 3244 rdbss - ok

13:14:04.0436 3244 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

13:14:04.0452 3244 rdpbus - ok

13:14:04.0452 3244 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

13:14:04.0452 3244 RDPCDD - ok

13:14:04.0483 3244 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

13:14:04.0499 3244 RDPDR - ok

13:14:04.0514 3244 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

13:14:04.0514 3244 RDPENCDD - ok

13:14:04.0530 3244 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

13:14:04.0530 3244 RDPREFMP - ok

13:14:04.0561 3244 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

13:14:04.0577 3244 RDPWD - ok

13:14:04.0608 3244 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

13:14:04.0608 3244 rdyboost - ok

13:14:04.0639 3244 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll

13:14:04.0639 3244 RemoteAccess - ok

13:14:04.0655 3244 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll

13:14:04.0655 3244 RemoteRegistry - ok

13:14:04.0670 3244 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

13:14:04.0670 3244 RpcEptMapper - ok

13:14:04.0686 3244 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe

13:14:04.0717 3244 RpcLocator - ok

13:14:04.0764 3244 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll

13:14:04.0764 3244 RpcSs - ok

13:14:04.0780 3244 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

13:14:04.0780 3244 rspndr - ok

13:14:04.0780 3244 RTHDMIAzAudService - ok

13:14:04.0827 3244 [ 3983CEA05BB855351D75F5482B6C42CE ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys

13:14:04.0827 3244 RTL8167 - ok

13:14:04.0858 3244 [ F2FEC929E9FA9902F0BB52A4522068D4 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys

13:14:04.0858 3244 RtNdPt60 - ok

13:14:04.0874 3244 [ 2E87C315ACC3F60905BC3F24288F53D6 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys

13:14:04.0889 3244 RTTEAMPT - ok

13:14:04.0905 3244 [ E6472A4007FB17D27D4091ABD657A291 ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan60.sys

13:14:04.0920 3244 RTVLANPT - ok

13:14:04.0936 3244 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys

13:14:04.0936 3244 s3cap - ok

13:14:04.0936 3244 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe

13:14:04.0936 3244 SamSs - ok

13:14:04.0967 3244 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys

13:14:04.0983 3244 sbp2port - ok

13:14:04.0999 3244 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll

13:14:05.0014 3244 SCardSvr - ok

13:14:05.0014 3244 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

13:14:05.0030 3244 scfilter - ok

13:14:05.0077 3244 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll

13:14:05.0077 3244 Schedule - ok

13:14:05.0092 3244 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll

13:14:05.0092 3244 SCPolicySvc - ok

13:14:05.0108 3244 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll

13:14:05.0124 3244 SDRSVC - ok

13:14:05.0139 3244 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

13:14:05.0139 3244 secdrv - ok

13:14:05.0155 3244 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll

13:14:05.0155 3244 seclogon - ok

13:14:05.0170 3244 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll

13:14:05.0170 3244 SENS - ok

13:14:05.0202 3244 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll

13:14:05.0217 3244 SensrSvc - ok

13:14:05.0217 3244 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

13:14:05.0217 3244 Serenum - ok

13:14:05.0249 3244 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys

13:14:05.0249 3244 Serial - ok

13:14:05.0264 3244 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

13:14:05.0280 3244 sermouse - ok

13:14:05.0295 3244 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll

13:14:05.0311 3244 SessionEnv - ok

13:14:05.0327 3244 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

13:14:05.0327 3244 sffdisk - ok

13:14:05.0358 3244 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys

13:14:05.0374 3244 sffp_mmc - ok

13:14:05.0374 3244 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

13:14:05.0389 3244 sffp_sd - ok

13:14:05.0405 3244 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

13:14:05.0420 3244 sfloppy - ok

13:14:05.0452 3244 [ ABD45D0857BBBB12075F53243DA2AA41 ] SGHIDI C:\Windows\system32\drivers\TG_iMON.sys

13:14:05.0467 3244 SGHIDI - ok

13:14:05.0483 3244 [ 532F78BA55B3C8556C8998CB59A00471 ] SGIR C:\Windows\system32\drivers\iMON_PAD.sys

13:14:05.0499 3244 SGIR - ok

13:14:05.0514 3244 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll

13:14:05.0514 3244 SharedAccess - ok

13:14:05.0530 3244 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

13:14:05.0530 3244 ShellHWDetection - ok

13:14:05.0545 3244 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys

13:14:05.0561 3244 sisagp - ok

13:14:05.0577 3244 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:14:05.0592 3244 SiSRaid2 - ok

13:14:05.0608 3244 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

13:14:05.0624 3244 SiSRaid4 - ok

13:14:05.0655 3244 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys

13:14:05.0670 3244 Smb - ok

13:14:05.0749 3244 [ A58C1A086D9C09C6572C948F22CC0E94 ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

13:14:05.0795 3244 SmcService - ok

13:14:05.0842 3244 [ D2C222441255131E29DE351475F98F6D ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE

13:14:05.0905 3244 SNAC - ok

13:14:05.0952 3244 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

13:14:05.0952 3244 SNMPTRAP - ok

13:14:05.0999 3244 [ E621BB5839CF45FA477F48092EDD2B40 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

13:14:06.0030 3244 SPBBCDrv - ok

13:14:06.0061 3244 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys

13:14:06.0061 3244 spldr - ok

13:14:06.0108 3244 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe

13:14:06.0108 3244 Spooler - ok

13:14:06.0186 3244 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe

13:14:06.0249 3244 sppsvc - ok

13:14:06.0264 3244 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll

13:14:06.0280 3244 sppuinotify - ok

13:14:06.0295 3244 [ D390675B8CE45E5FB359338E5E649329 ] sptd C:\Windows\system32\Drivers\sptd.sys

13:14:06.0311 3244 sptd - ok

13:14:06.0311 3244 [ 2ABF82C8452AB0B9FFC74A2D5DA91989 ] SRTSP C:\Windows\system32\Drivers\SRTSP.SYS

13:14:06.0327 3244 SRTSP - ok

13:14:06.0327 3244 [ E2F9E5887BEA5BD8784D337E06EDA31B ] SRTSPL C:\Windows\system32\Drivers\SRTSPL.SYS

13:14:06.0342 3244 SRTSPL - ok

13:14:06.0342 3244 [ 3B974C158FABD910186F98DF8D3E23F3 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX.SYS

13:14:06.0358 3244 SRTSPX - ok

13:14:06.0389 3244 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys

13:14:06.0389 3244 srv - ok

13:14:06.0405 3244 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

13:14:06.0405 3244 srv2 - ok

13:14:06.0436 3244 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

13:14:06.0436 3244 srvnet - ok

13:14:06.0452 3244 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

13:14:06.0467 3244 SSDPSRV - ok

13:14:06.0467 3244 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll

13:14:06.0483 3244 SstpSvc - ok

13:14:06.0499 3244 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

13:14:06.0514 3244 stexstor - ok

13:14:06.0545 3244 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll

13:14:06.0561 3244 StiSvc - ok

13:14:06.0592 3244 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys

13:14:06.0592 3244 storflt - ok

13:14:06.0608 3244 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys

13:14:06.0624 3244 storvsc - ok

13:14:06.0655 3244 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

13:14:06.0655 3244 swenum - ok

13:14:06.0670 3244 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll

13:14:06.0670 3244 swprv - ok

13:14:06.0733 3244 [ BA2FB8F8AB24D0279CAA98A4C118150E ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

13:14:06.0749 3244 Symantec AntiVirus - ok

13:14:06.0749 3244 [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS

13:14:06.0764 3244 SymEvent - ok

13:14:06.0780 3244 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll

13:14:06.0795 3244 SysMain - ok

13:14:06.0795 3244 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll

13:14:06.0811 3244 TabletInputService - ok

13:14:06.0811 3244 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll

13:14:06.0827 3244 TapiSrv - ok

13:14:06.0842 3244 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll

13:14:06.0842 3244 TBS - ok

13:14:06.0889 3244 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys

13:14:06.0905 3244 Tcpip - ok

13:14:06.0936 3244 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

13:14:06.0952 3244 TCPIP6 - ok

13:14:06.0967 3244 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

13:14:06.0967 3244 tcpipreg - ok

13:14:06.0983 3244 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

13:14:06.0999 3244 TDPIPE - ok

13:14:07.0045 3244 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

13:14:07.0061 3244 TDTCP - ok

13:14:07.0077 3244 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

13:14:07.0077 3244 tdx - ok

13:14:07.0077 3244 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

13:14:07.0077 3244 TermDD - ok

13:14:07.0108 3244 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll

13:14:07.0139 3244 TermService - ok

13:14:07.0155 3244 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll

13:14:07.0155 3244 Themes - ok

13:14:07.0155 3244 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll

13:14:07.0155 3244 THREADORDER - ok

13:14:07.0170 3244 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll

13:14:07.0170 3244 TrkWks - ok

13:14:07.0202 3244 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

13:14:07.0217 3244 TrustedInstaller - ok

13:14:07.0217 3244 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

13:14:07.0233 3244 tssecsrv - ok

13:14:07.0249 3244 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

13:14:07.0249 3244 tunnel - ok

13:14:07.0264 3244 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

13:14:07.0280 3244 uagp35 - ok

13:14:07.0295 3244 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys

13:14:07.0295 3244 udfs - ok

13:14:07.0311 3244 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

13:14:07.0342 3244 UI0Detect - ok

13:14:07.0374 3244 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys

13:14:07.0389 3244 uliagpkx - ok

13:14:07.0405 3244 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys

13:14:07.0405 3244 umbus - ok

13:14:07.0436 3244 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

13:14:07.0436 3244 UmPass - ok

13:14:07.0467 3244 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll

13:14:07.0499 3244 UmRdpService - ok

13:14:07.0514 3244 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll

13:14:07.0530 3244 upnphost - ok

13:14:07.0561 3244 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

13:14:07.0561 3244 usbccgp - ok

13:14:07.0577 3244 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys

13:14:07.0592 3244 usbcir - ok

13:14:07.0608 3244 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\drivers\usbehci.sys

13:14:07.0608 3244 usbehci - ok

13:14:07.0639 3244 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

13:14:07.0655 3244 usbhub - ok

13:14:07.0686 3244 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys

13:14:07.0702 3244 usbohci - ok

13:14:07.0717 3244 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

13:14:07.0717 3244 usbprint - ok

13:14:07.0733 3244 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:14:07.0733 3244 USBSTOR - ok

13:14:07.0749 3244 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

13:14:07.0749 3244 usbuhci - ok

13:14:07.0764 3244 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll

13:14:07.0764 3244 UxSms - ok

13:14:07.0780 3244 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe

13:14:07.0780 3244 VaultSvc - ok

13:14:07.0795 3244 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys

13:14:07.0795 3244 vdrvroot - ok

13:14:07.0811 3244 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe

13:14:07.0858 3244 vds - ok

13:14:07.0874 3244 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

13:14:07.0874 3244 vga - ok

13:14:07.0889 3244 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys

13:14:07.0889 3244 VgaSave - ok

13:14:07.0905 3244 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys

13:14:07.0920 3244 vhdmp - ok

13:14:07.0952 3244 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys

13:14:07.0967 3244 viaagp - ok

13:14:07.0983 3244 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys

13:14:07.0999 3244 ViaC7 - ok

13:14:08.0014 3244 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys

13:14:08.0014 3244 viaide - ok

13:14:08.0045 3244 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys

13:14:08.0061 3244 vmbus - ok

13:14:08.0077 3244 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys

13:14:08.0092 3244 VMBusHID - ok

13:14:08.0092 3244 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys

13:14:08.0092 3244 volmgr - ok

13:14:08.0108 3244 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

13:14:08.0108 3244 volmgrx - ok

13:14:08.0124 3244 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys

13:14:08.0124 3244 volsnap - ok

13:14:08.0139 3244 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

13:14:08.0155 3244 vsmraid - ok

13:14:08.0186 3244 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe

13:14:08.0202 3244 VSS - ok

13:14:08.0202 3244 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

13:14:08.0217 3244 vwifibus - ok

13:14:08.0233 3244 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll

13:14:08.0249 3244 W32Time - ok

13:14:08.0249 3244 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

13:14:08.0264 3244 WacomPen - ok

13:14:08.0280 3244 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

13:14:08.0280 3244 WANARP - ok

13:14:08.0280 3244 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

13:14:08.0280 3244 Wanarpv6 - ok

13:14:08.0358 3244 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

13:14:08.0405 3244 WatAdminSvc - ok

13:14:08.0436 3244 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe

13:14:08.0467 3244 wbengine - ok

13:14:08.0483 3244 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

13:14:08.0499 3244 WbioSrvc - ok

13:14:08.0530 3244 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll

13:14:08.0530 3244 wcncsvc - ok

13:14:08.0545 3244 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

13:14:08.0561 3244 WcsPlugInService - ok

13:14:08.0577 3244 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys

13:14:08.0592 3244 Wd - ok

13:14:08.0608 3244 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

13:14:08.0624 3244 Wdf01000 - ok

13:14:08.0624 3244 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll

13:14:08.0624 3244 WdiServiceHost - ok

13:14:08.0639 3244 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll

13:14:08.0639 3244 WdiSystemHost - ok

13:14:08.0686 3244 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll

13:14:08.0702 3244 WebClient - ok

13:14:08.0717 3244 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll

13:14:08.0733 3244 Wecsvc - ok

13:14:08.0749 3244 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll

13:14:08.0749 3244 wercplsupport - ok

13:14:08.0764 3244 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll

13:14:08.0780 3244 WerSvc - ok

13:14:08.0795 3244 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

13:14:08.0795 3244 WfpLwf - ok

13:14:08.0795 3244 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys

13:14:08.0811 3244 WIMMount - ok

13:14:08.0858 3244 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

13:14:08.0889 3244 WinDefend - ok

13:14:08.0905 3244 WinHttpAutoProxySvc - ok

13:14:08.0983 3244 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

13:14:08.0983 3244 Winmgmt - ok

13:14:09.0014 3244 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll

13:14:09.0061 3244 WinRM - ok

13:14:09.0092 3244 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll

13:14:09.0108 3244 Wlansvc - ok

13:14:09.0139 3244 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

13:14:09.0139 3244 WmiAcpi - ok

13:14:09.0155 3244 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

13:14:09.0202 3244 wmiApSrv - ok

13:14:09.0233 3244 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

13:14:09.0233 3244 WMPNetworkSvc - ok

13:14:09.0249 3244 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll

13:14:09.0249 3244 WPCSvc - ok

13:14:09.0264 3244 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

13:14:09.0280 3244 WPDBusEnum - ok

13:14:09.0280 3244 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

13:14:09.0295 3244 ws2ifsl - ok

13:14:09.0327 3244 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\system32\wscsvc.dll

13:14:09.0342 3244 wscsvc - ok

13:14:09.0342 3244 WSearch - ok

13:14:09.0420 3244 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

13:14:09.0467 3244 wuauserv - ok

13:14:09.0483 3244 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

13:14:09.0483 3244 WudfPf - ok

13:14:09.0499 3244 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

13:14:09.0499 3244 WUDFRd - ok

13:14:09.0514 3244 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

13:14:09.0514 3244 wudfsvc - ok

13:14:09.0530 3244 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll

13:14:09.0545 3244 WwanSvc - ok

13:14:09.0608 3244 [ 74EC37B9EAF9FCA015B933A526825C7A ] {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl

13:14:09.0608 3244 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok

13:14:09.0624 3244 ================ Scan global ===============================

13:14:09.0639 3244 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll

13:14:09.0670 3244 [ 43B34CADB516800794BDF486E493ED32 ] C:\Windows\system32\winsrv.dll

13:14:09.0670 3244 [ 43B34CADB516800794BDF486E493ED32 ] C:\Windows\system32\winsrv.dll

13:14:09.0686 3244 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

13:14:09.0717 3244 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

13:14:09.0717 3244 [Global] - ok

13:14:09.0717 3244 ================ Scan MBR ==================================

13:14:09.0733 3244 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

13:14:10.0045 3244 \Device\Harddisk0\DR0 - ok

13:14:10.0045 3244 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1

13:14:10.0061 3244 \Device\Harddisk1\DR1 - ok

13:14:10.0061 3244 ================ Scan VBR ==================================

13:14:10.0061 3244 [ 39B9B1441D7DDBA758DD1855A5BE2AEF ] \Device\Harddisk0\DR0\Partition1

13:14:10.0061 3244 \Device\Harddisk0\DR0\Partition1 - ok

13:14:10.0077 3244 [ E6CF5A395C8335ABB12B2100B2151427 ] \Device\Harddisk0\DR0\Partition2

13:14:10.0077 3244 \Device\Harddisk0\DR0\Partition2 - ok

13:14:10.0077 3244 [ 6DC014BEEB54F979753F812F6B4BFEA9 ] \Device\Harddisk1\DR1\Partition1

13:14:10.0077 3244 \Device\Harddisk1\DR1\Partition1 - ok

13:14:10.0077 3244 ============================================================

13:14:10.0077 3244 Scan finished

13:14:10.0077 3244 ============================================================

13:14:10.0092 2972 Detected object count: 1

13:14:10.0092 2972 Actual detected object count: 1

13:18:05.0202 2972 MozillaMaintenance ( ForgedFile.Multi.Generic ) - skipped by user

13:18:05.0202 2972 MozillaMaintenance ( ForgedFile.Multi.Generic ) - User select action: Skip

13:18:10.0483 3080 Deinitialize success

# AdwCleaner v2.005 - Logfile created 10/16/2012 at 14:34:29

# Updated 14/10/2012 by Xplode

# Operating system : Windows 7 Ultimate (32 bits)

# User : Mark - DSHTPC

# Boot Mode : Normal

# Running from : C:\Users\Mark\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\ProgramData\WeCareReminder

Folder Found : C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\44xw4471.default\extensions\wecarereminder@bryan

Folder Found : C:\Users\Mark\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Found : HKCU\Software\wecarereminder

Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}

Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}

Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder

Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1

Key Found : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Found : HKU\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default

File : C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\44xw4471.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2368 octets] - [16/10/2012 14:34:29]

########## EOF - C:\AdwCleaner[R1].txt - [2428 octets] ##########

Health Results of screen317's Security Check version 0.99.51

Windows 7 x86 (UAC is enabled)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Symantec Endpoint Protection

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.0.1400

Java version out of Date!

Adobe Flash Player 11.4.402.287

Mozilla Firefox 13.0.1 Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Open TFC.exe if you already have it. If not, please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck and TDSSKiller.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java (any versions listed)

Restart your computer.

Open Firefox, click Help --> About, and ensure that it updates to version 16.

Get the latest version of Java.

Click Start, type in Windows Update, and click Windows Update when it appears. Download and install all available updates, including Service Pack 1.

Reboot.

Let me know what issues remain.

Link to post
Share on other sites

  • 1 month later...
  • 3 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.