anikanch

Trojan in file (svchost.exe) and memeory process

38 posts in this topic

Hello,

Malwarebytes says that I have 2 Trojan.Agents:

1 in memory process svchost.exe and

1 in file svchost.exe

Below is log from running dds.scr.

Thanks,

Ani

dds.txt

-------

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.13.2

Run by saiabhi at 17:53:33 on 2013-02-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.1582 [GMT -5:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files (x86)\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

\\.\globalroot\systemroot\svchost.exe -netsvcs

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\WindowsMobile\wmdcBase.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mWinlogon: Userinit = userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - <orphaned>

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\saiabhi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/62.06/uploader2.cab

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} - hxxps://lojackforlaptops.absolute.com/ctmweb/testoc.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://na.connect.aig.com/dana-cached/sc/JuniperSetupClient.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=972

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{2FC625F2-9D04-46C5-9D33-6B0BEC2E7C8D} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{2FC625F2-9D04-46C5-9D33-6B0BEC2E7C8D}\B6F6D6D6964696 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{2FC625F2-9D04-46C5-9D33-6B0BEC2E7C8D}\E4544574541425 : DHCPNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe

x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [KeyAccess] kass.exe

x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\saiabhi\AppData\Roaming\Mozilla\Firefox\Profiles\fsf2xuls.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\npjpi170_09.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\System32\TVUAx\npTVUAx.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.brc - BRI/1

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-1 55280]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0502020.003\symds64.sys [2012-7-16 450680]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0502020.003\symefa64.sys [2012-7-16 912504]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-1-15 1388120]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130207.002\IDSviA64.sys [2013-2-7 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0502020.003\ironx64.sys [2012-7-16 171128]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0502020.003\symnets.sys [2012-7-16 386168]

R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-5-18 48488]

R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-12-1 172704]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-18 138912]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-12-1 215552]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-12-1 393728]

S2 0078191265676442mcinstcleanup;McAfee Application Installer Cleanup (0078191265676442);C:\Users\saiabhi\AppData\Local\Temp\007819~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Users\saiabhi\AppData\Local\Temp\007819~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-6 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-6 57856]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-18 1255736]

S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-3-15 428384]

S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-12-1 656624]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-02-08 17:37:16 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-02-08 17:37:16 367616 ----a-w- C:\Windows\System32\atmfd.dll

2013-02-08 17:37:16 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-02-08 17:37:16 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-02-08 17:28:56 3149824 ----a-w- C:\Windows\System32\win32k.sys

2013-02-08 17:14:55 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-02-08 17:14:20 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-08 16:50:31 -------- d-----w- C:\Users\saiabhi\AppData\Roaming\SpeedyPC Software

2013-02-08 16:50:31 -------- d-----w- C:\Users\saiabhi\AppData\Roaming\DriverCure

2013-02-08 16:49:59 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software

2013-02-08 16:49:56 -------- d-----w- C:\ProgramData\SpeedyPC Software

2013-02-08 16:49:56 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software

2013-02-04 16:27:49 20480 ----a-w- C:\Windows\svchost.exe

2013-02-04 16:02:21 -------- d-----w- C:\Users\saiabhi\AppData\Roaming\Malwarebytes

2013-02-04 16:02:04 -------- d-----w- C:\ProgramData\Malwarebytes

2013-02-04 16:02:02 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-02-04 16:02:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-04 16:01:38 -------- d-----w- C:\Users\saiabhi\AppData\Local\Programs

2013-01-13 17:29:41 -------- d-----w- C:\Users\saiabhi\AppData\Local\{2700B9D7-E890-4BFA-9436-58D0173EB1F6}

.

==================== Find3M ====================

.

2013-02-08 17:15:20 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-08 17:15:20 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-08 17:13:50 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe

2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll

2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 17:54:57.83 ===============

attach.txt

-----------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/8/2009 7:00:43 PM

System Uptime: 2/8/2013 1:36:27 PM (4 hours ago)

.

Motherboard: Dell Inc. | | 0G848F

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | Microprocessor | 1197/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 218 GiB total, 125.133 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP528: 1/10/2013 8:40:47 AM - Installed RSA SecurID Software Token with Automation.

RP529: 1/17/2013 1:46:31 PM - Scheduled Checkpoint

RP530: 1/30/2013 2:40:30 PM - Scheduled Checkpoint

RP531: 2/4/2013 11:48:01 AM - Before_Malware_fix

RP532: 2/8/2013 11:35:30 AM - Norton Security Suite Registry

RP533: 2/8/2013 12:12:48 PM - Installed Java 7 Update 13

RP534: 2/8/2013 12:31:32 PM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

"Nero SoundTrax Help

5600

5600_Help

5600Trb

64 Bit HP CIO Components Installer

Adobe Flash Player 11 ActiveX

Adobe Reader XI

Advanced Audio FX Engine

Advertising Center

AIO_CDB_ProductContext

AIO_CDB_Software

AIO_Scan

Apple Application Support

Apple Software Update

Banctec Service Agreement

Bing Bar

Bing Rewards Client Installer

BufferChm

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Compatibility Pack for the 2007 Office system

Copy

D3DX10

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Edoc Viewer

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Touchpad

Dell Webcam Central

Dell Wireless WLAN Card Utility

Destinations

DeviceDiscovery

DolbyFiles

Fax

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

HP Customer Participation Program 13.0

HP Imaging Device Functions 13.0

HP Photosmart Essential 3.5

HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B

HP Smart Web Printing 4.51

HP Solution Center 13.0

HP Update

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

ImagXpress

Intel® Graphics Media Accelerator Driver

Intel® Rapid Storage Technology

Intel® Matrix Storage Manager

Internet TV for Windows Media Center

Java 7 Update 13

Java Auto Updater

Java 6 Update 14 (64-bit)

Java 6 Update 31

Juniper Networks Host Checker

Juniper Networks, Inc. Setup Client

Junk Mail filter update

Malwarebytes Anti-Malware version 1.70.0.1100

MarketResearch

Menu Templates - Starter Kit

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Movie Templates - Starter Kit

Mozilla Firefox (3.6.6)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

Nero 9

Nero Burning ROM Help

Nero BurnRights

Nero BurnRights Help

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero Disc Copy Gadget

Nero Disc Copy Gadget Help

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Live

Nero Live Help

Nero PhotoSnap

Nero PhotoSnap Help

Nero Recode

Nero Recode Help

Nero Rescue Agent

Nero RescueAgent Help

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero Vision Help

Nero WaveEditor

NeroBurningROM

NeroExpress

NeroLiveGadget

NeroLiveGadget Help

neroxml

Network64

NirSoft BlueScreenView

Norton Security Suite

PMB

PMB Updater

PowerDVD DX

Quickset64

QuickTime

Roxio Burn

Roxio Update Manager

Scan

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

SmartWebPrinting

SolutionCenter

SoundTrax

SpeedyPC Pro

Status

TextPad 5

Toolbox

TrayApp

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Veoh Web Player

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Mobile Device Updater Component

WinX DVD Author 5.5.8

WinX DVD Ripper Platinum 6.0.0

Zune

Zune Language Pack (CHS)

Zune Language Pack (CHT)

Zune Language Pack (CSY)

Zune Language Pack (DAN)

Zune Language Pack (DEU)

Zune Language Pack (ELL)

Zune Language Pack (ESP)

Zune Language Pack (FIN)

Zune Language Pack (FRA)

Zune Language Pack (HUN)

Zune Language Pack (IND)

Zune Language Pack (ITA)

Zune Language Pack (JPN)

Zune Language Pack (KOR)

Zune Language Pack (MSL)

Zune Language Pack (NLD)

Zune Language Pack (NOR)

Zune Language Pack (PLK)

Zune Language Pack (PTB)

Zune Language Pack (PTG)

Zune Language Pack (RUS)

Zune Language Pack (SVE)

.

==== Event Viewer Messages From Past Week ========

.

2/8/2013 9:23:47 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP

2/8/2013 9:22:07 AM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.

2/8/2013 9:22:07 AM, Error: SRTSP [4] - Error loading virus definitions.

2/8/2013 5:30:38 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

2/8/2013 4:31:45 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer REGATTEPC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2FC625F2-9D04-46C5-9D33-6B0BEC2E7C8D}. The master browser is stopping or an election is being forced.

2/8/2013 1:05:50 PM, Error: Service Control Manager [7000] - The Dock Login Service service failed to start due to the following error: The system cannot find the file specified.

2/8/2013 1:02:55 PM, Error: Service Control Manager [7031] - The Norton Security Suite service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/8/2013 1:02:53 PM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.

2/7/2013 8:53:25 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2/7/2013 8:45:41 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

2/7/2013 8:44:10 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

2/7/2013 8:44:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/7/2013 8:44:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/7/2013 8:44:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/7/2013 8:44:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2/7/2013 8:43:55 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21

2/7/2013 8:43:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

2/7/2013 8:43:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ctxusbm discache eeCtrl IDSVia64 spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6

2/7/2013 8:43:38 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

2/7/2013 8:43:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00009088 (0xfffff880068d9880, 0xfffff880068d9884, 0xfffff880068d9888, 0xfffff880068d988c). A dump was saved in: C:\Windows\Minidump\020713-26036-01.dmp. Report Id: 020713-26036-01.

2/4/2013 10:35:15 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

2/4/2013 10:35:15 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

2/2/2013 8:42:20 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address A8-26-D9-5C-BB-91. Network operations on this system may be disrupted as a result.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there

[*]Press Scan button.

[*]type exit and reboot the computer normally

[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites

Topic re-opened per request.

Share this post


Link to post
Share on other sites

Thank you very much. FRST log text is below.

==============================================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-02-2013 01

Ran by SYSTEM at 19-02-2013 21:02:02

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)

HKLM\...\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)

HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)

HKLM\...\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)

HKLM\...\Run: [KeyAccess] kass.exe [x]

HKLM\...\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)

HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [650080 2011-03-15] (Sony Corporation)

HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)

HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()

HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)

HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-18] ()

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)

HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [103768 2009-09-12] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKU\abhijeet\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)

HKU\abhijeet\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime [421888 2011-11-01] (Apple Inc.)

HKU\abhijeet\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe -update activex [x]

HKU\abhijeet\...\Policies\system: [LogonHoursAction] 2

HKU\abhijeet\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\madhu\...\Run: [Octoshape Streaming Services] "C:\Users\madhu\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun [70936 2009-01-08] (Octoshape ApS)

HKU\madhu\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe -update activex [x]

HKU\madhu\...\Policies\system: [LogonHoursAction] 2

HKU\madhu\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Mcx1-SAIABHI-PC\...\Policies\system: [LogonHoursAction] 2

HKU\Mcx1-SAIABHI-PC\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Mcx1-SAIABHI-PC\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)

HKU\saiabhi\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-02-08] (Google Inc.)

HKU\saiabhi\...\Policies\system: [LogonHoursAction] 2

HKU\saiabhi\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

AppInit_DLLs:

Startup: C:\Users\abhijeet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> X:\Program Files\Dell\DellDock\DellDock.exe (No File)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> X:\Program Files\Dell\DellDock\DellDock.exe (No File)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> X:\Program Files\Dell\DellDock\DellDock.exe (No File)

Startup: C:\Users\madhu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> X:\Program Files\Dell\DellDock\DellDock.exe (No File)

Startup: C:\Users\Mcx1-SAIABHI-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> X:\Program Files\Dell\DellDock\DellDock.exe (No File)

Startup: C:\Users\saiabhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> X:\Program Files\Dell\DellDock\DellDock.exe (No File)

Startup: C:\Users\sairegatte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> X:\Program Files\Dell\DellDock\DellDock.exe (No File)

==================== Services (Whitelisted) ===================

2 0078191265676442mcinstcleanup; C:\Users\saiabhi\AppData\Local\Temp\007819~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [1609 2010-02-08] ()

2 N360; "C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\diMaster.dll" /prefetch:1 [535416 2012-10-11] (Symantec Corporation)

2 NMSAccessU; C:\Program Files (x86)\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe [71096 2008-05-03] ()

2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)

2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [x]

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [1388120 2013-02-07] (Symantec Corporation)

1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1402000.013\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-11-09] (Symantec Corporation)

1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130216.001\IDSvia64.sys [513184 2013-02-15] (Symantec Corporation)

3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2012-03-28] (MediaMall Technologies, Inc.)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130219.017\ENG64.SYS [126192 2013-02-17] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130219.017\EX64.SYS [2087664 2013-02-17] (Symantec Corporation)

1 SRTSP; C:\Windows\System32\Drivers\N360x64\1402000.013\SRTSP64.SYS [776864 2012-10-08] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\N360x64\1402000.013\SRTSPX64.SYS [37496 2012-05-24] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\N360x64\1402000.013\SYMDS64.SYS [493216 2012-10-03] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\N360x64\1402000.013\SYMEFA64.SYS [1133216 2012-10-03] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-02-14] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\N360x64\1402000.013\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)

1 SymNetS; C:\Windows\System32\Drivers\N360x64\1402000.013\SYMNETS.SYS [432800 2012-07-22] (Symantec Corporation)

3 SYMFW; C:\Windows\System32\Drivers\N360x64\0308000.029\SYMFW.SYS [x]

3 SYMNDISV; C:\Windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-02-14 13:22 - 2013-02-14 13:22 - 00002593 ____A C:\Users\saiabhi\Desktop\mathwizardenglish_text.txt

2013-02-14 12:22 - 2010-02-08 19:24 - 00126312 ___RA (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll

2013-02-14 12:22 - 2010-02-08 19:24 - 00107368 ___RA (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll

2013-02-14 10:07 - 2013-02-14 10:07 - 00000000 ____D C:\Users\Public\Downloads\Norton

2013-02-08 16:55 - 2013-02-08 16:59 - 00023681 ____A C:\Users\saiabhi\Desktop\dds.txt

2013-02-08 16:55 - 2013-02-08 16:59 - 00016394 ____A C:\Users\saiabhi\Desktop\attach.txt

2013-02-08 16:54 - 2013-02-08 16:53 - 00688992 ___RA (Swearware) C:\Users\saiabhi\Desktop\dds.scr

2013-02-08 11:37 - 2012-12-16 11:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

2013-02-08 11:37 - 2012-12-16 08:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2013-02-08 11:37 - 2012-12-16 08:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2013-02-08 11:37 - 2012-12-16 08:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2013-02-08 11:35 - 2013-02-08 11:35 - 00260892 ____A C:\Windows\msxml4-KB2758694-enu.LOG

2013-02-08 11:30 - 2013-01-04 09:53 - 09060864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-02-08 11:30 - 2012-12-07 07:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll

2013-02-08 11:30 - 2012-12-07 07:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll

2013-02-08 11:30 - 2012-12-07 06:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll

2013-02-08 11:30 - 2012-12-07 06:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll

2013-02-08 11:30 - 2012-12-07 05:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs

2013-02-08 11:30 - 2012-12-07 05:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs

2013-02-08 11:30 - 2012-12-07 05:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs

2013-02-08 11:30 - 2012-12-07 05:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs

2013-02-08 11:30 - 2012-12-07 05:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs

2013-02-08 11:30 - 2012-12-07 05:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs

2013-02-08 11:30 - 2012-12-07 05:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs

2013-02-08 11:30 - 2012-12-07 05:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs

2013-02-08 11:30 - 2012-12-07 05:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs

2013-02-08 11:30 - 2012-12-07 05:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs

2013-02-08 11:30 - 2012-12-07 05:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs

2013-02-08 11:30 - 2012-12-07 05:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs

2013-02-08 11:30 - 2012-12-07 05:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs

2013-02-08 11:30 - 2012-12-07 05:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs

2013-02-08 11:30 - 2012-12-07 04:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs

2013-02-08 11:30 - 2012-12-07 04:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs

2013-02-08 11:30 - 2012-12-07 04:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs

2013-02-08 11:30 - 2012-12-07 04:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs

2013-02-08 11:30 - 2012-12-07 04:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs

2013-02-08 11:30 - 2012-12-07 04:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs

2013-02-08 11:30 - 2012-12-07 04:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs

2013-02-08 11:30 - 2012-12-07 04:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs

2013-02-08 11:30 - 2012-12-07 04:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs

2013-02-08 11:30 - 2012-12-07 04:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs

2013-02-08 11:30 - 2012-12-07 04:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs

2013-02-08 11:30 - 2012-12-07 04:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs

2013-02-08 11:30 - 2012-12-07 04:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs

2013-02-08 11:30 - 2012-12-07 04:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs

2013-02-08 11:30 - 2012-11-21 23:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll

2013-02-08 11:30 - 2012-11-21 22:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2013-02-08 11:30 - 2012-11-08 23:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-02-08 11:30 - 2012-11-08 23:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

2013-02-08 11:30 - 2012-11-08 22:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2013-02-08 11:30 - 2012-11-08 22:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-02-08 11:30 - 2012-10-31 23:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2013-02-08 11:30 - 2012-10-31 23:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2013-02-08 11:30 - 2012-10-31 22:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2013-02-08 11:30 - 2012-10-31 22:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2013-02-08 11:29 - 2013-01-04 09:32 - 06029824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-02-08 11:29 - 2012-11-12 06:28 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-02-08 11:29 - 2012-11-12 05:52 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-02-08 11:29 - 2012-10-27 00:26 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-02-08 11:29 - 2012-10-27 00:26 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-02-08 11:29 - 2012-10-27 00:26 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-02-08 11:29 - 2012-10-27 00:24 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-02-08 11:29 - 2012-10-27 00:24 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-02-08 11:29 - 2012-10-27 00:23 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-02-08 11:29 - 2012-10-27 00:23 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-02-08 11:29 - 2012-10-27 00:23 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-02-08 11:29 - 2012-10-27 00:23 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-02-08 11:29 - 2012-10-26 23:51 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-02-08 11:29 - 2012-10-26 23:51 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-02-08 11:29 - 2012-10-26 23:51 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-02-08 11:29 - 2012-10-26 23:49 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-02-08 11:29 - 2012-10-26 23:49 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-02-08 11:29 - 2012-10-26 23:49 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-02-08 11:29 - 2012-10-26 23:49 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-02-08 11:29 - 2012-10-26 23:49 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-02-08 11:29 - 2012-10-26 23:49 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-02-08 11:28 - 2012-11-29 23:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2013-02-08 11:28 - 2012-11-29 23:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2013-02-08 11:28 - 2012-11-29 23:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2013-02-08 11:28 - 2012-11-29 23:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2013-02-08 11:28 - 2012-11-29 23:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2013-02-08 11:28 - 2012-11-29 23:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2013-02-08 11:28 - 2012-11-29 23:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-02-08 11:28 - 2012-11-29 22:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-02-08 11:28 - 2012-11-29 22:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 21:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2013-02-08 11:28 - 2012-11-29 20:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-02-08 11:28 - 2012-11-29 20:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-02-08 11:28 - 2012-11-29 20:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-02-08 11:28 - 2012-11-29 20:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-02-08 11:28 - 2012-11-29 20:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 20:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 20:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 20:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-02-08 11:28 - 2012-11-29 17:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls

2013-02-08 11:28 - 2012-11-29 17:15 - 00420064 ____A C:\Windows\System32\locale.nls

2013-02-08 11:28 - 2012-11-22 21:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-02-08 11:28 - 2012-11-22 21:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe

2013-02-08 11:28 - 2012-11-19 23:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2013-02-08 11:28 - 2012-11-19 22:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-02-08 11:28 - 2012-11-01 23:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll

2013-02-08 11:28 - 2012-11-01 23:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll

2013-02-08 11:16 - 2013-02-08 11:16 - 00000000 ____D C:\Users\saiabhi\Application Data\Google

2013-02-08 11:16 - 2013-02-08 11:16 - 00000000 ____D C:\Users\saiabhi\AppData\Roaming\Google

2013-02-08 11:15 - 2013-02-08 11:15 - 00000000 ____D C:\ProgramData\Google

2013-02-08 11:15 - 2013-02-08 11:15 - 00000000 ____D C:\ProgramData\Application Data\Google

2013-02-08 11:14 - 2013-02-08 11:13 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-02-08 11:14 - 2013-02-08 11:13 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-02-08 11:14 - 2013-02-08 11:13 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-02-08 11:14 - 2013-02-08 11:13 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-02-08 11:14 - 2013-02-08 11:13 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-02-08 10:50 - 2013-02-08 10:50 - 00000000 ____D C:\Users\saiabhi\Application Data\SpeedyPC Software

2013-02-08 10:50 - 2013-02-08 10:50 - 00000000 ____D C:\Users\saiabhi\Application Data\DriverCure

2013-02-08 10:50 - 2013-02-08 10:50 - 00000000 ____D C:\Users\saiabhi\AppData\Roaming\SpeedyPC Software

2013-02-08 10:50 - 2013-02-08 10:50 - 00000000 ____D C:\Users\saiabhi\AppData\Roaming\DriverCure

2013-02-08 10:49 - 2013-02-12 20:36 - 00000000 ____D C:\ProgramData\SpeedyPC Software

2013-02-08 10:49 - 2013-02-12 20:36 - 00000000 ____D C:\ProgramData\Application Data\SpeedyPC Software

2013-02-04 10:27 - 2009-07-13 19:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

2013-02-04 10:02 - 2013-02-04 10:02 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-02-04 10:02 - 2013-02-04 10:02 - 00001111 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk

2013-02-04 10:02 - 2013-02-04 10:02 - 00000000 ____D C:\Users\saiabhi\Application Data\Malwarebytes

2013-02-04 10:02 - 2013-02-04 10:02 - 00000000 ____D C:\Users\saiabhi\AppData\Roaming\Malwarebytes

2013-02-04 10:02 - 2013-02-04 10:02 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-02-04 10:02 - 2013-02-04 10:02 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes

2013-02-04 10:02 - 2013-02-04 10:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-04 10:02 - 2012-12-14 15:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

==================== One Month Modified Files and Folders =======

2013-02-19 21:01 - 2013-02-19 21:01 - 00000000 ____D C:\FRST

2013-02-19 19:55 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-02-19 19:55 - 2009-07-13 22:51 - 00154132 ____A C:\Windows\setupact.log

2013-02-19 19:50 - 2009-12-01 16:16 - 00721218 ____A C:\Windows\PFRO.log

2013-02-19 19:45 - 2009-07-13 23:10 - 01676619 ____A C:\Windows\WindowsUpdate.log

2013-02-19 19:45 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-02-19 19:45 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-02-19 19:35 - 2009-07-13 23:13 - 00005168 ____A C:\Windows\System32\PerfStringBackup.INI

2013-02-19 19:27 - 2011-07-06 17:58 - 00000632 _RASH C:\Users\saiabhi\ntuser.pol

2013-02-19 19:27 - 2009-12-08 18:00 - 00000000 ____D C:\users\saiabhi

2013-02-19 19:25 - 2012-11-26 20:39 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-02-19 11:52 - 2012-11-26 20:39 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-02-18 16:35 - 2010-02-08 19:24 - 00000000 ____D C:\Windows\System32\Drivers\N360x64

2013-02-18 15:00 - 2010-02-17 18:21 - 00000000 ____D C:\Windows\Minidump

2013-02-18 15:00 - 2009-12-01 15:50 - 00318499 ____N C:\Windows\Minidump\021813-28282-01.dmp

2013-02-17 20:12 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\NDF

2013-02-17 12:29 - 2010-02-08 19:24 - 00000000 ____D C:\ProgramData\Norton

2013-02-17 12:29 - 2010-02-08 19:24 - 00000000 ____D C:\ProgramData\Application Data\Norton

2013-02-14 13:23 - 2011-09-18 15:46 - 00000000 ____D C:\Abhijeet

2013-02-14 13:22 - 2013-02-14 13:22 - 00002593 ____A C:\Users\saiabhi\Desktop\mathwizardenglish_text.txt

2013-02-14 12:22 - 2010-02-08 19:25 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS

2013-02-14 12:22 - 2010-02-08 19:25 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT

2013-02-14 12:22 - 2010-02-08 19:25 - 00000000 ____D C:\Program Files\Symantec

2013-02-14 10:07 - 2013-02-14 10:07 - 00000000 ____D C:\Users\Public\Downloads\Norton

2013-02-12 20:36 - 2013-02-08 10:49 - 00000000 ____D C:\ProgramData\SpeedyPC Software

2013-02-12 20:36 - 2013-02-08 10:49 - 00000000 ____D C:\ProgramData\Application Data\SpeedyPC Software

2013-02-08 16:59 - 2013-02-08 16:55 - 00023681 ____A C:\Users\saiabhi\Desktop\dds.txt

2013-02-08 16:59 - 2013-02-08 16:55 - 00016394 ____A C:\Users\saiabhi\Desktop\attach.txt

2013-02-08 16:53 - 2013-02-08 16:54 - 00688992 ___RA (Swearware) C:\Users\saiabhi\Desktop\dds.scr

2013-02-08 15:53 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache

2013-02-08 12:58 - 2012-11-26 20:39 - 00000000 ____D C:\Users\saiabhi\Local Settings\Google

2013-02-08 12:58 - 2012-11-26 20:39 - 00000000 ____D C:\Users\saiabhi\Local Settings\Application Data\Google

2013-02-08 12:58 - 2012-11-26 20:39 - 00000000 ____D C:\Users\saiabhi\AppData\Local\Google

2013-02-08 12:05 - 2009-07-13 22:45 - 00426848 ____A C:\Windows\System32\FNTCACHE.DAT

2013-02-08 11:59 - 2009-12-01 14:30 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-02-08 11:59 - 2009-12-01 14:30 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help

2013-02-08 11:43 - 2012-11-14 20:39 - 00000129 ____A C:\Windows\System32\MRT.INI

2013-02-08 11:35 - 2013-02-08 11:35 - 00260892 ____A C:\Windows\msxml4-KB2758694-enu.LOG

2013-02-08 11:16 - 2013-02-08 11:16 - 00000000 ____D C:\Users\saiabhi\Application Data\Google

2013-02-08 11:16 - 2013-02-08 11:16 - 00000000 ____D C:\Users\saiabhi\AppData\Roaming\Google

2013-02-08 11:16 - 2009-12-01 14:26 - 00000000 ____D C:\ProgramData\Application Data\Adobe

2013-02-08 11:16 - 2009-12-01 14:26 - 00000000 ____D C:\ProgramData\Adobe

2013-02-08 11:15 - 2013-02-08 11:15 - 00000000 ____D C:\ProgramData\Google

2013-02-08 11:15 - 2013-02-08 11:15 - 00000000 ____D C:\ProgramData\Application Data\Google

2013-02-08 11:15 - 2012-11-27 19:19 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-02-08 11:15 - 2012-11-27 19:19 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-02-08 11:15 - 2012-11-26 20:40 - 00000000 ____D C:\Program Files\Google

2013-02-08 11:15 - 2012-11-26 20:39 - 00000000 ____D C:\Program Files (x86)\Google

2013-02-08 11:13 - 2013-02-08 11:14 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-02-08 11:13 - 2013-02-08 11:14 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-02-08 11:13 - 2013-02-08 11:14 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-02-08 11:13 - 2013-02-08 11:14 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-02-08 11:13 - 2013-02-08 11:14 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-02-08 11:13 - 2012-12-14 17:44 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-02-08 10:50 - 2013-02-08 10:50 - 00000000 ____D C:\Users\saiabhi\Application Data\SpeedyPC Software

2013-02-08 10:50 - 2013-02-08 10:50 - 00000000 ____D C:\Users\saiabhi\Application Data\DriverCure

2013-02-08 10:50 - 2013-02-08 10:50 - 00000000 ____D C:\Users\saiabhi\AppData\Roaming\SpeedyPC Software

2013-02-08 10:50 - 2013-02-08 10:50 - 00000000 ____D C:\Users\saiabhi\AppData\Roaming\DriverCure

2013-02-08 10:50 - 2009-12-08 18:01 - 00111192 ____A C:\Users\saiabhi\Local Settings\GDIPFONTCACHEV1.DAT

2013-02-08 10:50 - 2009-12-08 18:01 - 00111192 ____A C:\Users\saiabhi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2013-02-08 10:50 - 2009-12-08 18:01 - 00111192 ____A C:\Users\saiabhi\AppData\Local\GDIPFONTCACHEV1.DAT

2013-02-08 09:01 - 2011-12-03 18:04 - 00000000 ____D C:\users\Mcx1-SAIABHI-PC

2013-02-08 09:01 - 2011-04-11 20:20 - 00000000 ____D C:\users\madhu

2013-02-08 09:01 - 2011-03-06 09:57 - 00000000 ____D C:\users\sairegatte

2013-02-08 09:01 - 2010-02-05 20:31 - 00000000 ____D C:\users\abhijeet

2013-02-08 09:01 - 2009-07-13 21:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy

2013-02-08 09:01 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration

2013-02-08 09:01 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat

2013-02-04 10:02 - 2013-02-04 10:02 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-02-04 10:02 - 2013-02-04 10:02 - 00001111 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk

2013-02-04 10:02 - 2013-02-04 10:02 - 00000000 ____D C:\Users\saiabhi\Application Data\Malwarebytes

2013-02-04 10:02 - 2013-02-04 10:02 - 00000000 ____D C:\Users\saiabhi\AppData\Roaming\Malwarebytes

2013-02-04 10:02 - 2013-02-04 10:02 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-02-04 10:02 - 2013-02-04 10:02 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes

2013-02-04 10:02 - 2013-02-04 10:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

ZeroAccess:

C:\Windows\Installer\{22490271-46a9-cce7-3c0c-eb5e153f8e40}

C:\Windows\Installer\{22490271-46a9-cce7-3c0c-eb5e153f8e40}\L

ZeroAccess:

C:\Users\saiabhi\AppData\Local\{22490271-46a9-cce7-3c0c-eb5e153f8e40}

C:\Users\saiabhi\AppData\Local\{22490271-46a9-cce7-3c0c-eb5e153f8e40}\@

C:\Users\saiabhi\AppData\Local\{22490271-46a9-cce7-3c0c-eb5e153f8e40}\L

C:\Users\saiabhi\AppData\Local\{22490271-46a9-cce7-3c0c-eb5e153f8e40}\U

ATTENTION: ========> Check for possible partition/boot infection:

C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-02-04 10:48:32

Restore point made on: 2013-02-08 10:35:56

Restore point made on: 2013-02-08 11:13:11

Restore point made on: 2013-02-08 11:32:30

Restore point made on: 2013-02-14 10:12:10

Restore point made on: 2013-02-15 19:18:25

==================== Memory info ===========================

Percentage of memory in use: 15%

Total physical RAM: 4056.36 MB

Available physical RAM: 3445.44 MB

Total Pagefile: 4054.51 MB

Available Pagefile: 3436.33 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:128.99 GB) NTFS

2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.61 GB) NTFS ==>[system with boot components (obtained from reading drive)]

ATTENTION: Malware custom entry on BCD on drive d: detected. Check for MBR/Partition infection.

5 Drive g: () (Removable) (Total:1.93 GB) (Free:1.36 GB) FAT

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 232 GB 0 B

Disk 1 No Media 0 B 0 B

Disk 2 Online 1984 MB 0 B

Partitions of Disk 0:

===============

Disk ID: 75349890

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 31 KB

Partition 2 Primary 14 GB 40 MB

Partition 3 Primary 218 GB 14 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 D RECOVERY NTFS Partition 14 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 218 GB Healthy

=========================================================

Partitions of Disk 2:

===============

Disk ID: 005FD8FC

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1971 MB 16 KB

==================================================================================

Disk: 2

Partition 1

Type : 06

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G FAT Removable 1971 MB Healthy

=========================================================

Last Boot: 2013-02-14 20:34

==================== End Of Log =============================

Share this post


Link to post
Share on other sites

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2013-02-04 10:27 - 2009-07-13 19:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
C:\Windows\Installer\{22490271-46a9-cce7-3c0c-eb5e153f8e40}
C:\Users\saiabhi\AppData\Local\{22490271-46a9-cce7-3c0c-eb5e153f8e40}
TDL4: custom:26000022 <===== ATTENTION!
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

NEXT

Please download TDSSKiller.zip

  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
    • Then click Continue > Reboot now

    [*]Copy and paste the log in your next reply

    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Share this post


Link to post
Share on other sites

fixlog.txt

-----------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-02-2013 01

Ran by SYSTEM at 2013-02-19 21:57:14 Run:1

Running from E:\

==============================================

C:\Windows\svchost.exe moved successfully.

C:\Windows\Installer\{22490271-46a9-cce7-3c0c-eb5e153f8e40} moved successfully.

C:\Users\saiabhi\AppData\Local\{22490271-46a9-cce7-3c0c-eb5e153f8e40} moved successfully.

The operation completed successfully.

The operation completed successfully.

==== End of Fixlog ====

Share this post


Link to post
Share on other sites

TDSSKILLER LOG

----------------------------

22:02:05.0685 0252 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

22:02:07.0697 0252 ============================================================

22:02:07.0697 0252 Current date / time: 2013/02/19 22:02:07.0697

22:02:07.0697 0252 SystemInfo:

22:02:07.0697 0252

22:02:07.0697 0252 OS Version: 6.1.7601 ServicePack: 1.0

22:02:07.0697 0252 Product type: Workstation

22:02:07.0697 0252 ComputerName: SAIABHI-PC

22:02:07.0697 0252 UserName: saiabhi

22:02:07.0697 0252 Windows directory: C:\Windows

22:02:07.0697 0252 System windows directory: C:\Windows

22:02:07.0697 0252 Running under WOW64

22:02:07.0697 0252 Processor architecture: Intel x64

22:02:07.0697 0252 Number of processors: 2

22:02:07.0697 0252 Page size: 0x1000

22:02:07.0697 0252 Boot type: Normal boot

22:02:07.0697 0252 ============================================================

22:02:08.0508 0252 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:02:08.0508 0252 ============================================================

22:02:08.0508 0252 \Device\Harddisk0\DR0:

22:02:08.0508 0252 MBR partitions:

22:02:08.0508 0252 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

22:02:08.0508 0252 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170

22:02:08.0508 0252 ============================================================

22:02:08.0571 0252 C: <-> \Device\Harddisk0\DR0\Partition2

22:02:08.0571 0252 ============================================================

22:02:08.0571 0252 Initialize success

22:02:08.0571 0252 ============================================================

22:02:36.0345 4080 ============================================================

22:02:36.0345 4080 Scan started

22:02:36.0345 4080 Mode: Manual; TDLFS;

22:02:36.0345 4080 ============================================================

22:02:37.0219 4080 ================ Scan system memory ========================

22:02:37.0219 4080 System memory - ok

22:02:37.0219 4080 ================ Scan services =============================

22:02:37.0640 4080 0078191265676442mcinstcleanup - ok

22:02:37.0827 4080 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

22:02:37.0874 4080 1394ohci - ok

22:02:37.0921 4080 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

22:02:37.0921 4080 ACPI - ok

22:02:37.0983 4080 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

22:02:37.0983 4080 AcpiPmi - ok

22:02:38.0077 4080 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

22:02:38.0077 4080 AdobeARMservice - ok

22:02:38.0171 4080 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

22:02:38.0202 4080 adp94xx - ok

22:02:38.0264 4080 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

22:02:38.0264 4080 adpahci - ok

22:02:38.0311 4080 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

22:02:38.0311 4080 adpu320 - ok

22:02:38.0358 4080 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

22:02:38.0373 4080 AeLookupSvc - ok

22:02:38.0436 4080 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

22:02:38.0451 4080 AFD - ok

22:02:38.0483 4080 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

22:02:38.0514 4080 agp440 - ok

22:02:38.0561 4080 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

22:02:38.0561 4080 ALG - ok

22:02:38.0607 4080 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

22:02:38.0607 4080 aliide - ok

22:02:38.0639 4080 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

22:02:38.0639 4080 amdide - ok

22:02:38.0701 4080 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

22:02:38.0701 4080 AmdK8 - ok

22:02:38.0732 4080 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

22:02:38.0732 4080 AmdPPM - ok

22:02:38.0779 4080 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

22:02:38.0779 4080 amdsata - ok

22:02:38.0841 4080 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

22:02:38.0841 4080 amdsbs - ok

22:02:38.0857 4080 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

22:02:38.0857 4080 amdxata - ok

22:02:38.0904 4080 [ 1412E9A88FE1F7E35CE6058A2EF03664 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys

22:02:38.0904 4080 ApfiltrService - ok

22:02:38.0966 4080 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

22:02:38.0966 4080 AppID - ok

22:02:38.0997 4080 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

22:02:39.0013 4080 AppIDSvc - ok

22:02:39.0044 4080 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

22:02:39.0060 4080 Appinfo - ok

22:02:39.0107 4080 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

22:02:39.0107 4080 arc - ok

22:02:39.0122 4080 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

22:02:39.0122 4080 arcsas - ok

22:02:39.0169 4080 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

22:02:39.0185 4080 AsyncMac - ok

22:02:39.0216 4080 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

22:02:39.0216 4080 atapi - ok

22:02:39.0278 4080 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

22:02:39.0294 4080 AudioEndpointBuilder - ok

22:02:39.0309 4080 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

22:02:39.0309 4080 AudioSrv - ok

22:02:39.0372 4080 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

22:02:39.0372 4080 AxInstSV - ok

22:02:39.0434 4080 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

22:02:39.0434 4080 b06bdrv - ok

22:02:39.0512 4080 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

22:02:39.0512 4080 b57nd60a - ok

22:02:39.0637 4080 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

22:02:39.0637 4080 BBSvc - ok

22:02:39.0699 4080 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys

22:02:39.0699 4080 BCM42RLY - ok

22:02:39.0840 4080 [ 37394D3553E220FB732C21E217E1BD8B ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

22:02:39.0855 4080 BCM43XX - ok

22:02:39.0902 4080 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

22:02:39.0902 4080 BDESVC - ok

22:02:39.0933 4080 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

22:02:39.0933 4080 Beep - ok

22:02:39.0996 4080 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

22:02:40.0011 4080 BFE - ok

22:02:40.0651 4080 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys

22:02:40.0667 4080 BHDrvx64 - ok

22:02:40.0776 4080 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

22:02:40.0807 4080 BITS - ok

22:02:40.0869 4080 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

22:02:40.0869 4080 blbdrive - ok

22:02:40.0916 4080 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

22:02:40.0916 4080 bowser - ok

22:02:40.0947 4080 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:02:40.0947 4080 BrFiltLo - ok

22:02:40.0994 4080 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:02:40.0994 4080 BrFiltUp - ok

22:02:41.0025 4080 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

22:02:41.0025 4080 Browser - ok

22:02:41.0057 4080 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

22:02:41.0072 4080 Brserid - ok

22:02:41.0103 4080 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

22:02:41.0103 4080 BrSerWdm - ok

22:02:41.0166 4080 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

22:02:41.0166 4080 BrUsbMdm - ok

22:02:41.0181 4080 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

22:02:41.0181 4080 BrUsbSer - ok

22:02:41.0228 4080 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

22:02:41.0228 4080 BTHMODEM - ok

22:02:41.0275 4080 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

22:02:41.0275 4080 bthserv - ok

22:02:41.0369 4080 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1402000.013\ccSetx64.sys

22:02:41.0384 4080 ccSet_N360 - ok

22:02:41.0400 4080 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

22:02:41.0400 4080 cdfs - ok

22:02:41.0462 4080 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

22:02:41.0462 4080 cdrom - ok

22:02:41.0634 4080 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

22:02:41.0634 4080 CertPropSvc - ok

22:02:41.0681 4080 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

22:02:41.0681 4080 circlass - ok

22:02:41.0727 4080 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

22:02:41.0727 4080 CLFS - ok

22:02:41.0868 4080 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:02:41.0868 4080 clr_optimization_v2.0.50727_32 - ok

22:02:41.0961 4080 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:02:41.0961 4080 clr_optimization_v2.0.50727_64 - ok

22:02:42.0039 4080 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:02:42.0071 4080 clr_optimization_v4.0.30319_32 - ok

22:02:42.0149 4080 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:02:42.0149 4080 clr_optimization_v4.0.30319_64 - ok

22:02:42.0180 4080 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

22:02:42.0180 4080 CmBatt - ok

22:02:42.0195 4080 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

22:02:42.0211 4080 cmdide - ok

22:02:42.0273 4080 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys

22:02:42.0273 4080 CNG - ok

22:02:42.0351 4080 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

22:02:42.0351 4080 Compbatt - ok

22:02:42.0383 4080 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

22:02:42.0383 4080 CompositeBus - ok

22:02:42.0414 4080 COMSysApp - ok

22:02:42.0429 4080 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

22:02:42.0429 4080 crcdisk - ok

22:02:42.0492 4080 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

22:02:42.0492 4080 CryptSvc - ok

22:02:42.0539 4080 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys

22:02:42.0539 4080 CtClsFlt - ok

22:02:42.0617 4080 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys

22:02:42.0617 4080 ctxusbm - ok

22:02:42.0663 4080 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

22:02:42.0679 4080 DcomLaunch - ok

22:02:42.0726 4080 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

22:02:42.0741 4080 defragsvc - ok

22:02:42.0773 4080 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

22:02:42.0773 4080 DfsC - ok

22:02:42.0819 4080 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

22:02:42.0819 4080 Dhcp - ok

22:02:42.0851 4080 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

22:02:42.0851 4080 discache - ok

22:02:42.0882 4080 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

22:02:42.0882 4080 Disk - ok

22:02:42.0913 4080 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

22:02:42.0913 4080 Dnscache - ok

22:02:42.0991 4080 DockLoginService - ok

22:02:43.0038 4080 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

22:02:43.0038 4080 dot3svc - ok

22:02:43.0131 4080 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

22:02:43.0131 4080 Dot4 - ok

22:02:43.0178 4080 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

22:02:43.0178 4080 Dot4Print - ok

22:02:43.0209 4080 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

22:02:43.0209 4080 dot4usb - ok

22:02:43.0241 4080 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

22:02:43.0241 4080 DPS - ok

22:02:43.0287 4080 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

22:02:43.0287 4080 drmkaud - ok

22:02:43.0350 4080 [ 3EEF0B3489EDBF725564E17C77CABAFD ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys

22:02:43.0350 4080 dsNcAdpt - ok

22:02:43.0428 4080 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

22:02:43.0443 4080 DXGKrnl - ok

22:02:43.0490 4080 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

22:02:43.0506 4080 EapHost - ok

22:02:43.0615 4080 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

22:02:43.0724 4080 ebdrv - ok

22:02:43.0833 4080 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

22:02:43.0833 4080 eeCtrl - ok

22:02:43.0865 4080 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

22:02:43.0880 4080 EFS - ok

22:02:43.0943 4080 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

22:02:43.0958 4080 ehRecvr - ok

22:02:43.0989 4080 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

22:02:44.0005 4080 ehSched - ok

22:02:44.0052 4080 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

22:02:44.0052 4080 elxstor - ok

22:02:44.0130 4080 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

22:02:44.0130 4080 EraserUtilRebootDrv - ok

22:02:44.0161 4080 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

22:02:44.0161 4080 ErrDev - ok

22:02:44.0239 4080 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

22:02:44.0239 4080 EventSystem - ok

22:02:44.0270 4080 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

22:02:44.0270 4080 exfat - ok

22:02:44.0317 4080 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

22:02:44.0317 4080 fastfat - ok

22:02:44.0364 4080 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

22:02:44.0379 4080 Fax - ok

22:02:44.0411 4080 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

22:02:44.0426 4080 fdc - ok

22:02:44.0457 4080 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

22:02:44.0457 4080 fdPHost - ok

22:02:44.0504 4080 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

22:02:44.0504 4080 FDResPub - ok

22:02:44.0535 4080 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

22:02:44.0535 4080 FileInfo - ok

22:02:44.0551 4080 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

22:02:44.0551 4080 Filetrace - ok

22:02:44.0582 4080 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

22:02:44.0582 4080 flpydisk - ok

22:02:44.0629 4080 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

22:02:44.0629 4080 FltMgr - ok

22:02:44.0676 4080 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

22:02:44.0691 4080 FontCache - ok

22:02:44.0754 4080 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:02:44.0754 4080 FontCache3.0.0.0 - ok

22:02:44.0785 4080 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

22:02:44.0785 4080 FsDepends - ok

22:02:44.0832 4080 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

22:02:44.0832 4080 fssfltr - ok

22:02:44.0972 4080 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

22:02:44.0988 4080 fsssvc - ok

22:02:45.0035 4080 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

22:02:45.0035 4080 Fs_Rec - ok

22:02:45.0066 4080 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

22:02:45.0066 4080 fvevol - ok

22:02:45.0113 4080 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

22:02:45.0113 4080 gagp30kx - ok

22:02:45.0159 4080 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

22:02:45.0175 4080 gpsvc - ok

22:02:45.0284 4080 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:02:45.0284 4080 gupdate - ok

22:02:45.0315 4080 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:02:45.0315 4080 gupdatem - ok

22:02:45.0378 4080 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

22:02:45.0378 4080 gusvc - ok

22:02:45.0440 4080 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

22:02:45.0440 4080 hcw85cir - ok

22:02:45.0503 4080 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

22:02:45.0518 4080 HDAudBus - ok

22:02:45.0549 4080 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

22:02:45.0549 4080 HidBatt - ok

22:02:45.0581 4080 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

22:02:45.0581 4080 HidBth - ok

22:02:45.0612 4080 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

22:02:45.0612 4080 HidIr - ok

22:02:45.0643 4080 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

22:02:45.0643 4080 hidserv - ok

22:02:45.0674 4080 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

22:02:45.0674 4080 HidUsb - ok

22:02:45.0705 4080 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

22:02:45.0721 4080 hkmsvc - ok

22:02:45.0752 4080 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

22:02:45.0768 4080 HomeGroupListener - ok

22:02:45.0799 4080 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

22:02:45.0815 4080 HomeGroupProvider - ok

22:02:45.0908 4080 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

22:02:45.0908 4080 hpqcxs08 - ok

22:02:45.0924 4080 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

22:02:45.0939 4080 hpqddsvc - ok

22:02:45.0971 4080 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

22:02:45.0971 4080 HpSAMD - ok

22:02:46.0033 4080 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

22:02:46.0049 4080 HPSLPSVC - ok

22:02:46.0095 4080 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

22:02:46.0111 4080 HTTP - ok

22:02:46.0142 4080 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

22:02:46.0142 4080 hwpolicy - ok

22:02:46.0173 4080 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

22:02:46.0173 4080 i8042prt - ok

22:02:46.0267 4080 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

22:02:46.0267 4080 IAANTMON - ok

22:02:46.0329 4080 [ 4F6FB2CDBDEEFC47E7D2066E78254580 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

22:02:46.0345 4080 iaStor - ok

22:02:46.0376 4080 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

22:02:46.0392 4080 iaStorV - ok

22:02:46.0454 4080 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:02:46.0470 4080 idsvc - ok

22:02:46.0610 4080 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130216.001\IDSvia64.sys

22:02:46.0626 4080 IDSVia64 - ok

22:02:46.0844 4080 [ BABD5F9B2BCC82CE556A0BAF1AE208A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

22:02:47.0031 4080 igfx - ok

22:02:47.0078 4080 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

22:02:47.0078 4080 iirsp - ok

22:02:47.0141 4080 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

22:02:47.0156 4080 IKEEXT - ok

22:02:47.0187 4080 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

22:02:47.0219 4080 intelide - ok

22:02:47.0265 4080 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

22:02:47.0265 4080 intelppm - ok

22:02:47.0312 4080 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

22:02:47.0328 4080 IPBusEnum - ok

22:02:47.0421 4080 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:02:47.0421 4080 IpFilterDriver - ok

22:02:47.0484 4080 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

22:02:47.0499 4080 iphlpsvc - ok

22:02:47.0531 4080 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

22:02:47.0562 4080 IPMIDRV - ok

22:02:47.0655 4080 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

22:02:47.0749 4080 IPNAT - ok

22:02:47.0889 4080 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

22:02:47.0889 4080 IRENUM - ok

22:02:47.0936 4080 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

22:02:47.0936 4080 isapnp - ok

22:02:48.0014 4080 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

22:02:48.0014 4080 iScsiPrt - ok

22:02:48.0045 4080 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

22:02:48.0045 4080 kbdclass - ok

22:02:48.0123 4080 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

22:02:48.0123 4080 kbdhid - ok

22:02:48.0201 4080 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

22:02:48.0201 4080 KeyIso - ok

22:02:48.0279 4080 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

22:02:48.0279 4080 KSecDD - ok

22:02:48.0373 4080 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

22:02:48.0373 4080 KSecPkg - ok

22:02:48.0451 4080 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

22:02:48.0451 4080 ksthunk - ok

22:02:48.0560 4080 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

22:02:48.0576 4080 KtmRm - ok

22:02:48.0779 4080 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

22:02:48.0794 4080 LanmanServer - ok

22:02:48.0919 4080 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

22:02:48.0935 4080 LanmanWorkstation - ok

22:02:49.0059 4080 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

22:02:49.0059 4080 lltdio - ok

22:02:49.0153 4080 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

22:02:49.0153 4080 lltdsvc - ok

22:02:49.0184 4080 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

22:02:49.0184 4080 lmhosts - ok

22:02:49.0356 4080 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

22:02:49.0371 4080 LSI_FC - ok

22:02:49.0449 4080 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

22:02:49.0449 4080 LSI_SAS - ok

22:02:49.0559 4080 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:02:49.0559 4080 LSI_SAS2 - ok

22:02:49.0668 4080 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:02:49.0839 4080 LSI_SCSI - ok

22:02:49.0917 4080 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

22:02:49.0917 4080 luafv - ok

22:02:49.0980 4080 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

22:02:49.0980 4080 Mcx2Svc - ok

22:02:50.0011 4080 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

22:02:50.0011 4080 megasas - ok

22:02:50.0167 4080 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

22:02:50.0167 4080 MegaSR - ok

22:02:50.0245 4080 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

22:02:50.0245 4080 MMCSS - ok

22:02:50.0276 4080 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

22:02:50.0292 4080 Modem - ok

22:02:50.0354 4080 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

22:02:50.0354 4080 monitor - ok

22:02:50.0448 4080 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

22:02:50.0448 4080 mouclass - ok

22:02:50.0541 4080 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

22:02:50.0541 4080 mouhid - ok

22:02:50.0635 4080 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

22:02:50.0635 4080 mountmgr - ok

22:02:50.0791 4080 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

22:02:50.0807 4080 mpio - ok

22:02:50.0947 4080 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

22:02:50.0947 4080 mpsdrv - ok

22:02:51.0134 4080 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

22:02:51.0134 4080 MpsSvc - ok

22:02:51.0212 4080 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

22:02:51.0212 4080 MRxDAV - ok

22:02:51.0368 4080 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

22:02:51.0368 4080 mrxsmb - ok

22:02:51.0493 4080 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:02:51.0493 4080 mrxsmb10 - ok

22:02:51.0555 4080 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:02:51.0555 4080 mrxsmb20 - ok

22:02:51.0571 4080 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

22:02:51.0587 4080 msahci - ok

22:02:51.0711 4080 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

22:02:51.0711 4080 msdsm - ok

22:02:51.0758 4080 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

22:02:51.0758 4080 MSDTC - ok

22:02:51.0836 4080 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

22:02:51.0836 4080 Msfs - ok

22:02:51.0867 4080 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

22:02:51.0867 4080 mshidkmdf - ok

22:02:51.0899 4080 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

22:02:51.0899 4080 msisadrv - ok

22:02:51.0930 4080 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

22:02:51.0945 4080 MSiSCSI - ok

22:02:51.0945 4080 msiserver - ok

22:02:52.0039 4080 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

22:02:52.0039 4080 MSKSSRV - ok

22:02:52.0039 4080 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

22:02:52.0039 4080 MSPCLOCK - ok

22:02:52.0070 4080 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

22:02:52.0070 4080 MSPQM - ok

22:02:52.0133 4080 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

22:02:52.0148 4080 MsRPC - ok

22:02:52.0195 4080 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

22:02:52.0195 4080 mssmbios - ok

22:02:52.0273 4080 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

22:02:52.0273 4080 MSTEE - ok

22:02:52.0413 4080 [ C83829C280F0207677B7AAA151EF9C4D ] msvad_simple C:\Windows\system32\drivers\povrtdev.sys

22:02:52.0413 4080 msvad_simple - ok

22:02:52.0460 4080 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

22:02:52.0460 4080 MTConfig - ok

22:02:52.0538 4080 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

22:02:52.0538 4080 Mup - ok

22:02:53.0474 4080 [ 4A9258B9597A31DB68EC9740F3A8A70B ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe

22:02:53.0474 4080 N360 - ok

22:02:53.0630 4080 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

22:02:53.0646 4080 napagent - ok

22:02:53.0771 4080 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

22:02:53.0771 4080 NativeWifiP - ok

22:02:53.0942 4080 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130219.017\ENG64.SYS

22:02:53.0942 4080 NAVENG - ok

22:02:54.0176 4080 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130219.017\EX64.SYS

22:02:54.0207 4080 NAVEX15 - ok

22:02:54.0285 4080 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

22:02:54.0363 4080 NDIS - ok

22:02:54.0410 4080 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

22:02:54.0410 4080 NdisCap - ok

22:02:54.0473 4080 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

22:02:54.0473 4080 NdisTapi - ok

22:02:54.0551 4080 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

22:02:54.0551 4080 Ndisuio - ok

22:02:54.0582 4080 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

22:02:54.0582 4080 NdisWan - ok

22:02:54.0629 4080 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

22:02:54.0629 4080 NDProxy - ok

22:02:54.0800 4080 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

22:02:54.0816 4080 Nero BackItUp Scheduler 4.0 - ok

22:02:55.0175 4080 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

22:02:55.0175 4080 Net Driver HPZ12 - ok

22:02:55.0253 4080 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

22:02:55.0253 4080 NetBIOS - ok

22:02:55.0346 4080 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

22:02:55.0346 4080 NetBT - ok

22:02:55.0377 4080 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

22:02:55.0377 4080 Netlogon - ok

22:02:55.0440 4080 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

22:02:55.0440 4080 Netman - ok

22:02:55.0487 4080 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

22:02:55.0502 4080 netprofm - ok

22:02:55.0533 4080 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:02:55.0580 4080 NetTcpPortSharing - ok

22:02:55.0658 4080 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

22:02:55.0705 4080 nfrd960 - ok

22:02:55.0783 4080 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

22:02:55.0783 4080 NlaSvc - ok

22:02:55.0939 4080 [ B400ED9FA710F2E5FC3C1CB14D7947B0 ] NMSAccessU C:\Program Files (x86)\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe

22:02:55.0939 4080 NMSAccessU - ok

22:02:55.0986 4080 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

22:02:55.0986 4080 Npfs - ok

22:02:56.0033 4080 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

22:02:56.0048 4080 nsi - ok

22:02:56.0064 4080 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

22:02:56.0064 4080 nsiproxy - ok

22:02:56.0173 4080 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

22:02:56.0189 4080 Ntfs - ok

22:02:56.0204 4080 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

22:02:56.0220 4080 Null - ok

22:02:56.0282 4080 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

22:02:56.0298 4080 nvraid - ok

22:02:56.0313 4080 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

22:02:56.0376 4080 nvstor - ok

22:02:56.0407 4080 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

22:02:56.0423 4080 nv_agp - ok

22:02:56.0891 4080 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

22:02:56.0906 4080 odserv - ok

22:02:56.0953 4080 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

22:02:56.0969 4080 ohci1394 - ok

22:02:57.0015 4080 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:02:57.0031 4080 ose - ok

22:02:57.0062 4080 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

22:02:57.0078 4080 p2pimsvc - ok

22:02:57.0125 4080 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

22:02:57.0140 4080 p2psvc - ok

22:02:57.0203 4080 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

22:02:57.0203 4080 Parport - ok

22:02:57.0234 4080 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

22:02:57.0234 4080 partmgr - ok

22:02:57.0312 4080 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

22:02:57.0312 4080 PcaSvc - ok

22:02:57.0359 4080 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

22:02:57.0359 4080 pci - ok

22:02:57.0390 4080 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

22:02:57.0390 4080 pciide - ok

22:02:57.0437 4080 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

22:02:57.0437 4080 pcmcia - ok

22:02:57.0452 4080 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

22:02:57.0452 4080 pcw - ok

22:02:57.0530 4080 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

22:02:57.0546 4080 PEAUTH - ok

22:02:57.0639 4080 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

22:02:57.0639 4080 PerfHost - ok

22:02:57.0764 4080 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

22:02:57.0811 4080 pla - ok

22:02:57.0889 4080 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

22:02:57.0905 4080 PlugPlay - ok

22:02:58.0045 4080 [ E9605A180001A6B5551112D91DE92CA1 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

22:02:58.0045 4080 PMBDeviceInfoProvider - ok

22:02:58.0154 4080 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

22:02:58.0154 4080 Pml Driver HPZ12 - ok

22:02:58.0185 4080 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

22:02:58.0185 4080 PNRPAutoReg - ok

22:02:58.0217 4080 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

22:02:58.0217 4080 PNRPsvc - ok

22:02:58.0341 4080 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

22:02:58.0341 4080 PolicyAgent - ok

22:02:58.0404 4080 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

22:02:58.0404 4080 Power - ok

22:02:58.0482 4080 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

22:02:58.0497 4080 PptpMiniport - ok

22:02:58.0622 4080 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

22:02:58.0622 4080 Processor - ok

22:02:58.0700 4080 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

22:02:58.0700 4080 ProfSvc - ok

22:02:58.0763 4080 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

22:02:58.0763 4080 ProtectedStorage - ok

22:02:58.0825 4080 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

22:02:58.0825 4080 Psched - ok

22:02:58.0919 4080 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

22:02:58.0919 4080 PxHlpa64 - ok

22:02:59.0106 4080 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

22:02:59.0231 4080 ql2300 - ok

22:02:59.0246 4080 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

22:02:59.0246 4080 ql40xx - ok

22:02:59.0293 4080 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

22:02:59.0371 4080 QWAVE - ok

22:02:59.0402 4080 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

22:02:59.0449 4080 QWAVEdrv - ok

22:02:59.0636 4080 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll

22:02:59.0636 4080 RapiMgr - ok

22:02:59.0683 4080 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

22:02:59.0745 4080 RasAcd - ok

22:02:59.0823 4080 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

22:02:59.0823 4080 RasAgileVpn - ok

22:02:59.0870 4080 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

22:02:59.0870 4080 RasAuto - ok

22:02:59.0917 4080 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

22:02:59.0917 4080 Rasl2tp - ok

22:03:00.0026 4080 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

22:03:00.0042 4080 RasMan - ok

22:03:00.0089 4080 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

22:03:00.0089 4080 RasPppoe - ok

22:03:00.0104 4080 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

22:03:00.0120 4080 RasSstp - ok

22:03:00.0167 4080 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

22:03:00.0167 4080 rdbss - ok

22:03:00.0213 4080 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

22:03:00.0213 4080 rdpbus - ok

22:03:00.0245 4080 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

22:03:00.0245 4080 RDPCDD - ok

22:03:00.0276 4080 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

22:03:00.0276 4080 RDPENCDD - ok

22:03:00.0307 4080 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

22:03:00.0307 4080 RDPREFMP - ok

22:03:00.0432 4080 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

22:03:00.0432 4080 RdpVideoMiniport - ok

22:03:00.0494 4080 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

22:03:00.0494 4080 RDPWD - ok

22:03:00.0557 4080 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

22:03:00.0557 4080 rdyboost - ok

22:03:00.0603 4080 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

22:03:00.0603 4080 RemoteAccess - ok

22:03:00.0666 4080 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

22:03:00.0681 4080 RemoteRegistry - ok

22:03:00.0728 4080 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

22:03:00.0728 4080 RpcEptMapper - ok

22:03:00.0759 4080 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

22:03:00.0759 4080 RpcLocator - ok

22:03:00.0791 4080 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

22:03:00.0791 4080 RpcSs - ok

22:03:00.0869 4080 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

22:03:00.0869 4080 rspndr - ok

22:03:00.0915 4080 [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

22:03:00.0915 4080 RSUSBSTOR - ok

22:03:00.0947 4080 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

22:03:00.0947 4080 SamSs - ok

22:03:00.0993 4080 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

22:03:00.0993 4080 sbp2port - ok

22:03:01.0040 4080 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

22:03:01.0040 4080 SCardSvr - ok

22:03:01.0087 4080 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

22:03:01.0087 4080 scfilter - ok

22:03:01.0212 4080 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

22:03:01.0243 4080 Schedule - ok

22:03:01.0274 4080 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

22:03:01.0274 4080 SCPolicySvc - ok

22:03:01.0321 4080 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

22:03:01.0321 4080 SDRSVC - ok

22:03:01.0446 4080 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

22:03:01.0446 4080 SeaPort - ok

22:03:01.0539 4080 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

22:03:01.0555 4080 secdrv - ok

22:03:01.0602 4080 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

22:03:01.0617 4080 seclogon - ok

22:03:01.0664 4080 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

22:03:01.0664 4080 SENS - ok

22:03:01.0695 4080 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

22:03:01.0695 4080 SensrSvc - ok

22:03:01.0789 4080 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

22:03:01.0789 4080 Serenum - ok

22:03:01.0836 4080 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

22:03:01.0836 4080 Serial - ok

22:03:01.0898 4080 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

22:03:01.0898 4080 sermouse - ok

22:03:01.0961 4080 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

22:03:01.0961 4080 SessionEnv - ok

22:03:02.0039 4080 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

22:03:02.0039 4080 sffdisk - ok

22:03:02.0070 4080 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

22:03:02.0070 4080 sffp_mmc - ok

22:03:02.0101 4080 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

22:03:02.0101 4080 sffp_sd - ok

22:03:02.0148 4080 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

22:03:02.0148 4080 sfloppy - ok

22:03:02.0429 4080 [ 7F475425582163602EF1589C0071E521 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

22:03:02.0429 4080 SftService - ok

22:03:02.0475 4080 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

22:03:02.0475 4080 SharedAccess - ok

22:03:02.0538 4080 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

22:03:02.0538 4080 ShellHWDetection - ok

22:03:02.0600 4080 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:03:02.0600 4080 SiSRaid2 - ok

22:03:02.0663 4080 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

22:03:02.0678 4080 SiSRaid4 - ok

22:03:02.0694 4080 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

22:03:02.0694 4080 Smb - ok

22:03:02.0741 4080 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

22:03:02.0756 4080 SNMPTRAP - ok

22:03:02.0803 4080 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

22:03:02.0803 4080 spldr - ok

22:03:02.0865 4080 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

22:03:02.0881 4080 Spooler - ok

22:03:03.0131 4080 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

22:03:03.0224 4080 sppsvc - ok

22:03:03.0271 4080 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

22:03:03.0271 4080 sppuinotify - ok

22:03:03.0365 4080 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

22:03:03.0380 4080 sprtsvc_DellSupportCenter - ok

22:03:03.0614 4080 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\Windows\System32\Drivers\N360x64\1402000.013\SRTSP64.SYS

22:03:03.0614 4080 SRTSP - ok

22:03:03.0692 4080 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\N360x64\1402000.013\SRTSPX64.SYS

22:03:03.0692 4080 SRTSPX - ok

22:03:03.0739 4080 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

22:03:03.0739 4080 srv - ok

22:03:03.0817 4080 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

22:03:03.0817 4080 srv2 - ok

22:03:03.0833 4080 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

22:03:03.0833 4080 srvnet - ok

22:03:03.0879 4080 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

22:03:03.0879 4080 SSDPSRV - ok

22:03:03.0895 4080 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

22:03:03.0895 4080 SstpSvc - ok

22:03:04.0129 4080 [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

22:03:04.0145 4080 STacSV - ok

22:03:04.0223 4080 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

22:03:04.0223 4080 stexstor - ok

22:03:04.0659 4080 [ 02E784FA49032F84964DB90A3ED81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

22:03:04.0659 4080 STHDA - ok

22:03:04.0737 4080 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

22:03:04.0737 4080 stisvc - ok

22:03:04.0769 4080 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

22:03:04.0769 4080 swenum - ok

22:03:04.0987 4080 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

22:03:05.0003 4080 swprv - ok

22:03:05.0065 4080 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\Windows\system32\drivers\N360x64\1402000.013\SYMDS64.SYS

22:03:05.0065 4080 SymDS - ok

22:03:05.0283 4080 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\Windows\system32\drivers\N360x64\1402000.013\SYMEFA64.SYS

22:03:05.0377 4080 SymEFA - ok

22:03:05.0533 4080 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

22:03:05.0564 4080 SymEvent - ok

22:03:05.0595 4080 SYMFW - ok

22:03:05.0689 4080 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1402000.013\Ironx64.SYS

22:03:05.0720 4080 SymIRON - ok

22:03:05.0736 4080 SYMNDISV - ok

22:03:05.0829 4080 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\N360x64\1402000.013\SYMNETS.SYS

22:03:05.0829 4080 SymNetS - ok

22:03:06.0017 4080 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

22:03:06.0063 4080 SysMain - ok

22:03:06.0110 4080 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

22:03:06.0375 4080 TabletInputService - ok

22:03:06.0531 4080 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

22:03:06.0609 4080 TapiSrv - ok

22:03:06.0734 4080 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

22:03:06.0734 4080 TBS - ok

22:03:06.0984 4080 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

22:03:07.0031 4080 Tcpip - ok

22:03:07.0140 4080 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

22:03:07.0140 4080 TCPIP6 - ok

22:03:07.0218 4080 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

22:03:07.0218 4080 tcpipreg - ok

22:03:07.0265 4080 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

22:03:07.0296 4080 TDPIPE - ok

22:03:07.0327 4080 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

22:03:07.0327 4080 TDTCP - ok

22:03:07.0374 4080 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

22:03:07.0374 4080 tdx - ok

22:03:07.0421 4080 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

22:03:07.0421 4080 TermDD - ok

22:03:07.0467 4080 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

22:03:07.0483 4080 TermService - ok

22:03:07.0530 4080 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

22:03:07.0530 4080 Themes - ok

22:03:07.0561 4080 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

22:03:07.0561 4080 THREADORDER - ok

22:03:07.0608 4080 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

22:03:07.0608 4080 TrkWks - ok

22:03:07.0670 4080 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

22:03:07.0670 4080 TrustedInstaller - ok

22:03:07.0733 4080 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

22:03:07.0733 4080 tssecsrv - ok

22:03:07.0779 4080 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

22:03:07.0920 4080 TsUsbFlt - ok

22:03:08.0294 4080 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

22:03:08.0294 4080 tunnel - ok

22:03:08.0341 4080 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

22:03:08.0372 4080 uagp35 - ok

22:03:08.0450 4080 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

22:03:08.0481 4080 udfs - ok

22:03:08.0528 4080 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

22:03:08.0528 4080 UI0Detect - ok

22:03:08.0544 4080 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

22:03:08.0559 4080 uliagpkx - ok

22:03:08.0637 4080 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

22:03:08.0637 4080 umbus - ok

22:03:08.0700 4080 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

22:03:08.0731 4080 UmPass - ok

22:03:08.0809 4080 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

22:03:08.0825 4080 upnphost - ok

22:03:08.0871 4080 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

22:03:08.0949 4080 usbaudio - ok

22:03:09.0027 4080 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

22:03:09.0043 4080 usbccgp - ok

22:03:09.0168 4080 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

22:03:09.0183 4080 usbcir - ok

22:03:09.0308 4080 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

22:03:09.0308 4080 usbehci - ok

22:03:09.0542 4080 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

22:03:09.0605 4080 usbhub - ok

22:03:09.0683 4080 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

22:03:09.0714 4080 usbohci - ok

22:03:09.0854 4080 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

22:03:09.0854 4080 usbprint - ok

22:03:09.0995 4080 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

22:03:10.0151 4080 usbscan - ok

22:03:10.0244 4080 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:03:10.0291 4080 USBSTOR - ok

22:03:10.0431 4080 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

22:03:10.0431 4080 usbuhci - ok

22:03:10.0541 4080 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

22:03:10.0541 4080 usbvideo - ok

22:03:10.0619 4080 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

22:03:10.0619 4080 UxSms - ok

22:03:10.0681 4080 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

22:03:10.0681 4080 VaultSvc - ok

22:03:10.0743 4080 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

22:03:10.0743 4080 vdrvroot - ok

22:03:10.0821 4080 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

22:03:10.0853 4080 vds - ok

22:03:10.0931 4080 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

22:03:10.0962 4080 vga - ok

22:03:10.0993 4080 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

22:03:10.0993 4080 VgaSave - ok

22:03:11.0071 4080 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

22:03:11.0102 4080 vhdmp - ok

22:03:11.0165 4080 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

22:03:11.0180 4080 viaide - ok

22:03:11.0211 4080 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

22:03:11.0211 4080 volmgr - ok

22:03:11.0305 4080 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

22:03:11.0305 4080 volmgrx - ok

22:03:11.0336 4080 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

22:03:11.0352 4080 volsnap - ok

22:03:11.0399 4080 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

22:03:11.0445 4080 vsmraid - ok

22:03:11.0601 4080 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

22:03:12.0085 4080 VSS - ok

22:03:12.0132 4080 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

22:03:12.0132 4080 vwifibus - ok

22:03:12.0210 4080 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

22:03:12.0210 4080 vwififlt - ok

22:03:12.0335 4080 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

22:03:12.0350 4080 W32Time - ok

22:03:12.0381 4080 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

22:03:12.0381 4080 WacomPen - ok

22:03:12.0600 4080 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

22:03:12.0600 4080 WANARP - ok

22:03:12.0678 4080 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

22:03:12.0678 4080 Wanarpv6 - ok

22:03:12.0865 4080 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

22:03:12.0974 4080 WatAdminSvc - ok

22:03:13.0083 4080 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

22:03:13.0115 4080 wbengine - ok

22:03:13.0193 4080 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

22:03:13.0271 4080 WbioSrvc - ok

22:03:13.0395 4080 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll

22:03:13.0395 4080 WcesComm - ok

22:03:13.0520 4080 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

22:03:13.0598 4080 wcncsvc - ok

22:03:13.0629 4080 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

22:03:13.0629 4080 WcsPlugInService - ok

22:03:13.0692 4080 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

22:03:13.0692 4080 Wd - ok

22:03:13.0817 4080 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

22:03:13.0863 4080 Wdf01000 - ok

22:03:13.0910 4080 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

22:03:13.0926 4080 WdiServiceHost - ok

22:03:13.0926 4080 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

22:03:13.0926 4080 WdiSystemHost - ok

22:03:14.0019 4080 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

22:03:14.0019 4080 WebClient - ok

22:03:14.0129 4080 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

22:03:14.0144 4080 Wecsvc - ok

22:03:14.0160 4080 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

22:03:14.0160 4080 wercplsupport - ok

22:03:14.0285 4080 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

22:03:14.0300 4080 WerSvc - ok

22:03:14.0425 4080 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

22:03:14.0441 4080 WfpLwf - ok

22:03:14.0799 4080 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

22:03:14.0799 4080 WimFltr - ok

22:03:14.0846 4080 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

22:03:14.0846 4080 WIMMount - ok

22:03:14.0877 4080 WinDefend - ok

22:03:14.0893 4080 WinHttpAutoProxySvc - ok

22:03:15.0033 4080 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

22:03:15.0049 4080 Winmgmt - ok

22:03:15.0564 4080 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

22:03:15.0626 4080 WinRM - ok

22:03:16.0125 4080 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

22:03:16.0157 4080 WinUsb - ok

22:03:16.0469 4080 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

22:03:16.0500 4080 Wlansvc - ok

22:03:16.0999 4080 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

22:03:16.0999 4080 wlcrasvc - ok

22:03:17.0576 4080 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

22:03:17.0608 4080 wlidsvc - ok

22:03:17.0701 4080 [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

22:03:17.0701 4080 wltrysvc - ok

22:03:17.0748 4080 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

22:03:17.0764 4080 WmiAcpi - ok

22:03:17.0795 4080 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

22:03:17.0888 4080 wmiApSrv - ok

22:03:18.0403 4080 WMPNetworkSvc - ok

22:03:18.0684 4080 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe

22:03:18.0715 4080 WMZuneComm - ok

22:03:18.0778 4080 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

22:03:18.0809 4080 WPCSvc - ok

22:03:18.0871 4080 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

22:03:18.0871 4080 WPDBusEnum - ok

22:03:18.0934 4080 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

22:03:18.0965 4080 ws2ifsl - ok

22:03:19.0012 4080 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

22:03:19.0027 4080 wscsvc - ok

22:03:19.0027 4080 WSearch - ok

22:03:19.0183 4080 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

22:03:19.0230 4080 wuauserv - ok

22:03:19.0261 4080 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

22:03:19.0261 4080 WudfPf - ok

22:03:19.0448 4080 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

22:03:19.0448 4080 WUDFRd - ok

22:03:19.0651 4080 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

22:03:19.0651 4080 wudfsvc - ok

22:03:19.0698 4080 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

22:03:19.0760 4080 WwanSvc - ok

22:03:19.0979 4080 [ 79D9CE9614C955DD31AA2556B4014662 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys

22:03:19.0979 4080 yukonw7 - ok

22:03:20.0650 4080 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe

22:03:20.0837 4080 ZuneNetworkSvc - ok

22:03:20.0946 4080 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe

22:03:20.0962 4080 ZuneWlanCfgSvc - ok

22:03:20.0977 4080 ================ Scan global ===============================

22:03:21.0008 4080 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

22:03:21.0086 4080 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll

22:03:21.0102 4080 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll

22:03:21.0164 4080 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

22:03:21.0211 4080 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

22:03:21.0211 4080 [Global] - ok

22:03:21.0211 4080 ================ Scan MBR ==================================

22:03:21.0242 4080 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0

22:03:21.0242 4080 Suspicious mbr (Forged): \Device\Harddisk0\DR0

22:03:21.0320 4080 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

22:03:21.0320 4080 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

22:03:22.0178 4080 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

22:03:22.0178 4080 \Device\Harddisk0\DR0 - detected TDSS File System (1)

22:03:22.0178 4080 ================ Scan VBR ==================================

22:03:22.0210 4080 [ CE1660B4A78827026EAB557BE1BFE095 ] \Device\Harddisk0\DR0\Partition1

22:03:22.0210 4080 \Device\Harddisk0\DR0\Partition1 - ok

22:03:22.0225 4080 [ 3F759E083DAA0BFC53855744E15A6D5A ] \Device\Harddisk0\DR0\Partition2

22:03:22.0225 4080 \Device\Harddisk0\DR0\Partition2 - ok

22:03:22.0225 4080 ============================================================

22:03:22.0225 4080 Scan finished

22:03:22.0225 4080 ============================================================

22:03:22.0428 2424 Detected object count: 2

22:03:22.0428 2424 Actual detected object count: 2

22:03:43.0626 2424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user

22:03:43.0626 2424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip

22:03:43.0636 2424 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

22:03:43.0636 2424 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

22:04:17.0134 1068 Deinitialize success

Share this post


Link to post
Share on other sites

please re-run TDSSKiller and "cure" these items

22:03:43.0626 2424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user

22:03:43.0626 2424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip

then run the following:

Refer to the ComboFix User's Guide

  1. Download ComboFix from the following location:
    Link
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Share this post


Link to post
Share on other sites

Thank you very much for all your help. Below is the combo log

===============================

ComboFix 13-02-18.02 - saiabhi 02/19/2013 22:44:27.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2608 [GMT -5:00]

Running from: c:\users\saiabhi\Desktop\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\data

c:\data\a0d270h0_o\us_sres.data

c:\users\saiabhi\AppData\Local\common_functions.dll

c:\users\saiabhi\AppData\Local\ie_runner_app.exe

c:\users\saiabhi\AppData\Roaming\Install.dat

c:\users\saiabhi\g2mdlhlpx.exe

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-01-20 to 2013-02-20 )))))))))))))))))))))))))))))))

.

.

2013-02-20 04:00 . 2013-02-20 04:00 -------- d-----w- c:\users\sairegatte\AppData\Local\temp

2013-02-20 04:00 . 2013-02-20 04:00 -------- d-----w- c:\users\Mcx1-SAIABHI-PC\AppData\Local\temp

2013-02-20 04:00 . 2013-02-20 04:00 -------- d-----w- c:\users\madhu\AppData\Local\temp

2013-02-20 04:00 . 2013-02-20 04:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-02-20 04:00 . 2013-02-20 04:00 -------- d-----w- c:\users\abhijeet\AppData\Local\temp

2013-02-20 03:01 . 2013-02-20 03:01 -------- d-----w- C:\FRST

2013-02-18 02:20 . 2013-02-18 22:32 -------- d-----w- c:\windows\system32\drivers\N360x64\1402000.013

2013-02-14 18:22 . 2010-02-09 01:24 126312 ----a-r- c:\windows\system32\GEARAspi64.dll

2013-02-14 18:22 . 2010-02-09 01:24 107368 ----a-r- c:\windows\SysWow64\GEARAspi.dll

2013-02-08 17:37 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2013-02-08 17:37 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2013-02-08 17:37 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2013-02-08 17:37 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2013-02-08 17:28 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2013-02-08 17:15 . 2013-02-08 17:15 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-02-08 17:14 . 2013-02-08 17:13 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-02-08 17:14 . 2013-02-08 17:13 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-08 16:50 . 2013-02-08 16:50 -------- d-----w- c:\users\saiabhi\AppData\Roaming\SpeedyPC Software

2013-02-08 16:50 . 2013-02-08 16:50 -------- d-----w- c:\users\saiabhi\AppData\Roaming\DriverCure

2013-02-08 16:49 . 2013-02-13 02:36 -------- d-----w- c:\programdata\SpeedyPC Software

2013-02-04 16:02 . 2013-02-04 16:02 -------- d-----w- c:\users\saiabhi\AppData\Roaming\Malwarebytes

2013-02-04 16:02 . 2013-02-04 16:02 -------- d-----w- c:\programdata\Malwarebytes

2013-02-04 16:02 . 2013-02-04 16:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-02-04 16:02 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-02-04 16:01 . 2013-02-04 16:01 -------- d-----w- c:\users\saiabhi\AppData\Local\Programs

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-14 18:22 . 2010-02-09 01:25 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2013-02-08 17:15 . 2012-11-28 01:19 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-08 17:15 . 2012-11-28 01:19 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-02-08 17:13 . 2012-12-14 23:44 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-12-16 22:31 . 2009-12-12 18:58 67599240 ----a-w- c:\windows\system32\MRT.exe

2012-11-30 04:45 . 2013-02-08 17:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-02-08 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\users\abhijeet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]

.

c:\users\madhu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]

.

c:\users\sairegatte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]

.

c:\users\saiabhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 0078191265676442mcinstcleanup;McAfee Application Installer Cleanup (0078191265676442);c:\users\saiabhi\AppData\Local\Temp\007819~1.EXE [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]

R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]

R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1402000.013\SYMDS64.SYS [2012-10-04 493216]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-02-08 1388120]

S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\1402000.013\ccSetx64.sys [2012-10-04 168096]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130216.001\IDSvia64.sys [2013-02-15 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1402000.013\Ironx64.SYS [2012-07-28 224416]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1402000.013\SYMNETS.SYS [2012-07-23 432800]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-10 138912]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-02-02 13:43 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27 02:39]

.

2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27 02:39]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: aig.com\na.connect

Trusted Zone: aig.net\insidevdi

Trusted Zone: k12.nj.us.\mymonroe.monroe

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

FF - ProfilePath - c:\users\saiabhi\AppData\Roaming\Mozilla\Firefox\Profiles\fsf2xuls.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - user.js: general.useragent.extra.brc - BRI/1

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

Toolbar-Locked - (no file)

Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

Toolbar-10 - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

HKLM-Run-KeyAccess - kass.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3288041227-348510219-4174135839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3288041227-348510219-4174135839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-02-19 23:07:23

ComboFix-quarantined-files.txt 2013-02-20 04:07

.

Pre-Run: 138,209,341,440 bytes free

Post-Run: 138,243,928,064 bytes free

.

- - End Of File - - F8437728E0ECD9388C7FD34BC8A3A97E

Share this post


Link to post
Share on other sites

very good, looks much better, do you have the new log from TDSSKiller after curing those pihar entries?

Please run the following:

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Share this post


Link to post
Share on other sites

I only run the TDSSKiller once and I had posted that. Will follow the next steps in couple minutes and update you. Thanks.

Share this post


Link to post
Share on other sites

JRT.txt

-------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.5 (02.18.2013:1)

OS: Windows 7 Home Premium x64

Ran by saiabhi on Wed 02/20/2013 at 19:15:03.34

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\ilivid

Successfully deleted: [Registry Key] hkey_local_machine\software\ilivid

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\competeinc

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\searchqutoolbar

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasmancs

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{99079a25-328f-4bd4-be04-00955acaa0a7}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afbcb7e0-f91a-4951-9f31-58fee57a25c4}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afbcb7e0-f91a-4951-9f31-58fee57a25c4}

~~~ Files

Failed to delete [File] C:\Windows\svchost.exe [Check for TDL4 Rootkit!]

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"

Successfully deleted: [Folder] "C:\Users\saiabhi\AppData\Roaming\drivercure"

Successfully deleted: [Folder] "C:\Users\saiabhi\AppData\Roaming\speedypc software"

Successfully deleted: [Folder] "C:\Users\saiabhi\appdata\local\ilivid player"

Successfully deleted: [Folder] "C:\Users\saiabhi\appdata\locallow\datamngr"

Successfully deleted: [Folder] "C:\Users\saiabhi\appdata\locallow\searchquband"

~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"

Successfully deleted: [File] C:\Users\saiabhi\AppData\Roaming\mozilla\firefox\profiles\fsf2xuls.default\user.js

Successfully deleted: [File] C:\Users\saiabhi\AppData\Roaming\mozilla\firefox\profiles\fsf2xuls.default\searchplugins\search_results.xml

Failed to delete: [Folder] C:\Users\saiabhi\AppData\Roaming\mozilla\firefox\profiles\fsf2xuls.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 02/20/2013 at 19:35:06.38

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Share this post


Link to post
Share on other sites

AdwCleaner.txt

------------------------

# AdwCleaner v2.112 - Logfile created 02/20/2013 at 19:37:59

# Updated 10/02/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : saiabhi - SAIABHI-PC

# Boot Mode : Normal

# Running from : C:\Users\saiabhi\Desktop\adwcleaner0.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Users\saiabhi\AppData\Roaming\Mozilla\Firefox\Profiles\fsf2xuls.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

Folder Deleted : C:\Program Files (x86)\AVG Secure Search

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\Users\saiabhi\AppData\Local\AVG Secure Search

Folder Deleted : C:\Users\saiabhi\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{06E58E5E-F8CB-4049-991E-A41C03BD419E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06E58E5E-F8CB-4049-991E-A41C03BD419E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}

Key Deleted : HKLM\SOFTWARE\Classes\ilivid

Key Deleted : HKLM\Software\CompeteInc

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{06E58E5E-F8CB-4049-991E-A41C03BD419E}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.6 (en-US)

File : C:\Users\saiabhi\AppData\Roaming\Mozilla\Firefox\Profiles\fsf2xuls.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\saiabhi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [2797 octets] - [20/02/2013 19:37:59]

########## EOF - C:\AdwCleaner[s1].txt - [2857 octets] ##########

Share this post


Link to post
Share on other sites

MBAM LOG

------------------

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.20.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

saiabhi :: SAIABHI-PC [administrator]

2/20/2013 7:44:32 PM

mbam-log-2013-02-20 (19-44-32).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 304936

Time elapsed: 8 minute(s), 30 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 1260 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Share this post


Link to post
Share on other sites

It took lot of time finally it is completed, below is the log from ESERSCAN

================

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

Share this post


Link to post
Share on other sites

do you have the log from the second run of TDSSKiller where it was requested you "Cure" those Pihar entries?

Share this post


Link to post
Share on other sites

I thought I was supposed to run TDSSkiller only once, do you want me to run TDSSkiller now? Thanks.

Share this post


Link to post
Share on other sites

yes, after you ran the initial scan, the log showed two bad entries:

22:03:43.0626 2424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user

22:03:43.0626 2424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip

TDSSKiller needs to be run again, and this time choose "cure" rather than skip, so TDSSKiller will fix those entries, or the infection will regenerate

Share this post


Link to post
Share on other sites

I run the TDSSkiller again. I choose cure for one error and skip for the other error(TDSS File System) as I only see delete/skip/copy to quaratine but not cure. I then run MBAM and still see one error (Trojan.Agent). Please advise. Thank You.

Share this post


Link to post
Share on other sites

Please run the following:

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

Share this post


Link to post
Share on other sites

system-log.txt

---------------------

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

Java version: 1.6.0_31

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.094000 GHz

Memory total: 4253405184, free: 2424131584

------------ Kernel report ------------

02/22/2013 22:03:48

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\85892088.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\N360x64\1402000.013\SYMDS64.SYS

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\N360x64\1402000.013\SYMEFA64.SYS

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\system32\drivers\N360x64\1402000.013\ccSetx64.sys

\SystemRoot\System32\Drivers\N360x64\1402000.013\SRTSP64.SYS

\SystemRoot\system32\drivers\N360x64\1402000.013\SRTSPX64.SYS

\SystemRoot\system32\drivers\N360x64\1402000.013\Ironx64.SYS

\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130222.003\EX64.SYS

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130222.003\ENG64.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\System32\Drivers\N360x64\1402000.013\SYMNETS.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130221.001\IDSvia64.sys

\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\ctxusbm.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\yk62x64.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\Apfiltr.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\drivers\povrtdev.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\stwrt64.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\Drivers\RtsUStor.sys

\SystemRoot\System32\Drivers\USBD.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\CtClsFlt.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\fssfltr.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\drivers\tdtcp.sys

\SystemRoot\System32\DRIVERS\tssecsrv.sys

\SystemRoot\System32\Drivers\RDPWD.SYS

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\BCM42RLY.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\system32\drivers\spsys.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\setupapi.dll

\Windows\System32\gdi32.dll

\Windows\System32\difxapi.dll

\Windows\System32\oleaut32.dll

\Windows\System32\user32.dll

\Windows\System32\clbcatq.dll

\Windows\System32\ws2_32.dll

\Windows\System32\urlmon.dll

\Windows\System32\imagehlp.dll

\Windows\System32\normaliz.dll

\Windows\System32\lpk.dll

\Windows\System32\advapi32.dll

\Windows\System32\shell32.dll

\Windows\System32\psapi.dll

\Windows\System32\nsi.dll

\Windows\System32\Wldap32.dll

\Windows\System32\msctf.dll

\Windows\System32\imm32.dll

\Windows\System32\wininet.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8004547060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa80040af050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

Initialization returned 0x0

Load Function returned 0x0

Downloaded database version: v2013.02.23.02

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8004547060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004547b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004547060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80040af050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a0112a1010, 0xfffffa8004547060, 0xfffffa8003f6c790

Lower DeviceData: 0xfffff8a017966980, 0xfffffa80040af050, 0xfffffa8004820090

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 75349890

Partition information:

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 81920 Numsec = 30720000

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 30801920 Numsec = 457593200

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...

Done!

Performing system, memory and registry scan...

Infected: c:\Windows\svchost.exe --> [Trojan.Agent]

Done!

Scan finished

Creating System Restore point...

Scheduling clean up...

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

Java version: 1.6.0_31

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.094000 GHz

Memory total: 4253405184, free: 3123572736

Removal queue found; removal started

Removing c:\Windows\svchost.exe...

Removal finished

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

Java version: 1.6.0_31

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.094000 GHz

Memory total: 4253405184, free: 2894938112

------------ Kernel report ------------

02/22/2013 22:30:43

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\N360x64\1402000.013\SYMDS64.SYS

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\N360x64\1402000.013\SYMEFA64.SYS

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\system32\drivers\N360x64\1402000.013\ccSetx64.sys

\SystemRoot\System32\Drivers\N360x64\1402000.013\SRTSP64.SYS

\SystemRoot\system32\drivers\N360x64\1402000.013\SRTSPX64.SYS

\SystemRoot\system32\drivers\N360x64\1402000.013\Ironx64.SYS

\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130222.003\EX64.SYS

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130222.003\ENG64.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\System32\Drivers\N360x64\1402000.013\SYMNETS.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130221.001\IDSvia64.sys

\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\ctxusbm.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\yk62x64.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\Apfiltr.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\drivers\povrtdev.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\stwrt64.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\Drivers\RtsUStor.sys

\SystemRoot\System32\Drivers\USBD.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\CtClsFlt.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\fssfltr.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\drivers\tdtcp.sys

\SystemRoot\System32\DRIVERS\tssecsrv.sys

\SystemRoot\System32\Drivers\RDPWD.SYS

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\BCM42RLY.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\rpcrt4.dll

\Windows\System32\oleaut32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\setupapi.dll

\Windows\System32\advapi32.dll

\Windows\System32\wininet.dll

\Windows\System32\normaliz.dll

\Windows\System32\comdlg32.dll

\Windows\System32\user32.dll

\Windows\System32\kernel32.dll

\Windows\System32\usp10.dll

\Windows\System32\clbcatq.dll

\Windows\System32\ole32.dll

\Windows\System32\msctf.dll

\Windows\System32\sechost.dll

\Windows\System32\nsi.dll

\Windows\System32\psapi.dll

\Windows\System32\gdi32.dll

\Windows\System32\imm32.dll

\Windows\System32\lpk.dll

\Windows\System32\Wldap32.dll

\Windows\System32\iertutil.dll

\Windows\System32\difxapi.dll

\Windows\System32\shell32.dll

\Windows\System32\imagehlp.dll

\Windows\System32\urlmon.dll

\Windows\System32\ws2_32.dll

\Windows\System32\shlwapi.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\devobj.dll

\Windows\System32\wintrust.dll

\Windows\System32\comctl32.dll

\Windows\System32\crypt32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\msasn1.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8004521060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa800413e050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

Initialization returned 0x0

Load Function returned 0x0

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8004521060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004521b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004521060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800413e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a00a48e4e0, 0xfffffa8004521060, 0xfffffa8003f54790

Lower DeviceData: 0xfffff8a00a31d620, 0xfffffa800413e050, 0xfffffa800446fdc0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 75349890

Partition information:

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 81920 Numsec = 30720000

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 30801920 Numsec = 457593200

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

Share this post


Link to post
Share on other sites

mbar.log for the 1st run

---------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1020

www.malwarebytes.org

Database version: v2013.02.23.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

saiabhi :: SAIABHI-PC [administrator]

2/22/2013 10:25:57 PM

mbar-log-2013-02-22 (22-25-57).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 29878

Time elapsed: 21 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

c:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.