needhelp1

Honorary Members

View Profile See their activity

Posts
84
Joined
April 18, 2012
Last visited
September 18, 2018

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by needhelp1

Possible redirect infection

needhelp1 replied to needhelp1's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool Version: 19-04-2012 Ran by SYSTEM at 21-04-2012 00:04:45 Running from J:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [166936 2010-10-06] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2010-10-06] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416792 2010-10-06] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11545192 2010-11-02] (Realtek Semiconductor) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [296056 2011-12-18] (RealNetworks, Inc.) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.) HKU\PWS\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [455968 2007-08-23] (Hewlett-Packard Company) HKU\PWS\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [152872 2007-06-27] (Nero AG) Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1 ==================== Services (Whitelisted) ====== 3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-14] (Adobe Systems Incorporated) 2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] () 2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe [915072 2010-11-19] () 2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [586880 2010-10-21] () 2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.) 2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [203392 2009-12-23] (ASUSTeK Computer Inc.) 2 N360; "C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation) 3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [800040 2007-06-29] (Nero AG) 3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [279848 2007-06-27] (Nero AG) 2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2011-02-01] (Intel Corporation) ========================== Drivers (Whitelisted) ============= 2 ASInsHelp; \??\C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] () 1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2010-08-23] () 3 asmthub3; C:\Windows\System32\Drivers\asmthub3.sys [126952 2011-02-23] (ASMedia Technology Inc) 3 asmtxhci; C:\Windows\System32\Drivers\asmtxhci.sys [389608 2011-02-23] (ASMedia Technology Inc) 1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [14464 2010-08-02] () 1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [1160824 2012-04-02] (Symantec Corporation) 3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation) 1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-03] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-03] (Symantec Corporation) 1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120420.001\IDSvia64.sys [488568 2012-03-06] (Symantec Corporation) 3 mv91xx; C:\Windows\System32\Drivers\mv91xx.sys [293416 2010-07-02] (Marvell Semiconductor, Inc.) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120420.019\ENG64.SYS [117880 2012-04-20] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120420.019\EX64.SYS [2048632 2012-04-20] (Symantec Corporation) 2 RtNdPt60; C:\Windows\System32\Drivers\RtNdPt60.sys [32544 2010-01-14] (Realtek ) 3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [48416 2010-01-14] (Realtek Corporation) 3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [29472 2010-01-14] (Windows ® Codename Longhorn DDK provider) 3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation) 1 SRTSPX; C:\Windows\System32\drivers\N360x64\0502000.00D\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\N360x64\0502000.00D\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation) 3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-12-18] (Symantec Corporation) 1 SymIRON; C:\Windows\System32\drivers\N360x64\0502000.00D\Ironx64.SYS [171128 2010-11-15] (Symantec Corporation) 1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation) 3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [48416 2010-01-14] (Realtek Corporation) 3 TsUsbGD; C:\Windows\System32\Drivers\TsUsbGD.sys [31232 2010-11-20] (Microsoft Corporation) ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-04-20 19:55 - - 0000000 __SHD C:\$RECYCLE.BIN 2012-04-20 19:34 - 2011-03-15 13:24 - 0016348 ____A C:\ComboFix.txt 2012-04-20 18:18 - 2009-07-13 17:39 - 0486646 ____A C:\Windows\ntbtlog.txt 2012-04-20 18:06 - 2012-02-26 09:25 - 4470025 ____R (Swearware) C:\Users\PWS\Desktop\ComboFix.exe 2012-04-20 16:50 - 2012-04-16 18:17 - 2072624 ____A (Kaspersky Lab ZAO) C:\Users\PWS\Desktop\TDSSKiller.exe 2012-04-20 15:07 - 2012-01-06 16:54 - 0000000 ____D C:\Windows\ERDNT 2012-04-20 15:07 - 2011-12-20 21:41 - 0208896 ____A C:\Windows\MBR.exe 2012-04-20 15:07 - 2011-05-31 13:00 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-04-20 15:07 - 2010-11-20 23:19 - 0080412 ____A C:\Windows\grep.exe 2012-04-20 15:07 - 2009-07-13 21:32 - 0256000 ____A C:\Windows\PEV.exe 2012-04-20 15:07 - 2009-07-13 19:20 - 0098816 ____A C:\Windows\sed.exe 2012-04-20 15:07 - 2009-07-13 17:39 - 0068096 ____A C:\Windows\zip.exe 2012-04-20 15:07 - 2009-06-10 12:31 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-04-20 15:07 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-04-20 14:58 - 2011-12-30 20:12 - 0000000 ____D C:\Qoobox 2012-04-20 13:59 - 2012-04-17 19:41 - 0129632 ____A C:\TDSSKiller.2.7.31.0_20.04.2012_16.59.23_log.txt 2012-04-20 13:58 - 2012-04-20 13:59 - 2053340 ____A C:\Users\PWS\Desktop\tdsskiller.zip 2012-04-20 13:56 - 2012-04-20 13:53 - 0000564 ____A C:\Users\PWS\Desktop\MBR.zip 2012-04-20 13:53 - 2012-04-20 13:45 - 0002032 ____A C:\Users\PWS\Desktop\aswMBR.txt 2012-04-20 13:53 - 2012-04-16 18:46 - 0000512 ____A C:\Users\PWS\Desktop\MBR.dat 2012-04-20 13:45 - 2012-04-07 10:58 - 4731392 ____A (AVAST Software) C:\Users\PWS\Desktop\aswMBR.exe 2012-04-18 10:52 - 2012-04-18 10:46 - 0421079 ____A C:\Users\PWS\Documents\Scan0017.pdf 2012-04-18 10:46 - 2012-04-18 10:39 - 0109939 ____A C:\Users\PWS\Documents\Scan0016.pdf 2012-04-18 10:39 - 2012-04-18 10:36 - 0494444 ____A C:\Users\PWS\Documents\Scan0015.pdf 2012-04-18 10:36 - 2012-04-18 10:20 - 0420858 ____A C:\Users\PWS\Documents\Scan0014.pdf 2012-04-18 10:20 - 2012-04-18 10:08 - 0498262 ____A C:\Users\PWS\Documents\Scan0013.pdf 2012-04-18 10:08 - 2012-01-30 22:27 - 0421285 ____A C:\Users\PWS\Documents\Scan0012.pdf 2012-04-17 20:42 - 2012-01-31 19:54 - 0001302 ____A C:\Users\PWS\Desktop\RKreport[1].txt 2012-04-17 20:41 - 2012-04-17 20:42 - 0000000 ____D C:\Users\PWS\Desktop\RK_Quarantine 2012-04-17 19:41 - 2012-04-17 19:40 - 0105318 ____A C:\TDSSKiller.2.7.28.0_17.04.2012_22.41.09_log.txt 2012-04-17 19:39 - 2012-04-16 18:17 - 0129276 ____A C:\TDSSKiller.2.7.28.0_17.04.2012_22.39.46_log.txt 2012-04-17 14:16 - 2012-04-17 14:14 - 5950368 ____A (Microsoft Corporation) C:\Users\PWS\Downloads\office2003-KB934181-FullFile-ENU.exe 2012-04-17 14:15 - 2012-04-17 14:16 - 5928848 ____A (Microsoft Corporation) C:\Users\PWS\Downloads\office2003-KB956357-FullFile-ENU.exe 2012-04-17 14:14 - 2011-12-22 23:17 - 5929016 ____A (Microsoft Corporation) C:\Users\PWS\Downloads\office2003-kb887979-fullfile-enu.exe 2012-04-16 19:22 - 2011-12-31 09:46 - 0025600 ____A C:\Users\PWS\Documents\KP.doc 2012-04-16 19:01 - 2011-12-30 19:35 - 0020978 ____A C:\Users\PWS\Desktop\1682614.jpg 2012-04-16 18:46 - 2012-03-21 22:36 - 0873095 ____A C:\Users\PWS\Desktop\FM.jpg 2012-04-16 18:17 - 2012-04-05 14:17 - 0129276 ____A C:\TDSSKiller.2.7.28.0_16.04.2012_21.17.14_log.txt 2012-04-16 18:16 - 2012-03-15 19:57 - 0000348 ____A C:\TDSSKiller.2.7.20.0_16.04.2012_21.16.50_log.txt 2012-04-14 11:03 - 2012-01-22 20:32 - 0000000 ____D C:\Program Files (x86)\TD3 2012-04-14 09:05 - 2012-04-14 09:06 - 8766112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2012-04-11 20:18 - 2012-02-27 23:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-04-11 20:18 - 2012-02-27 22:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-04-11 20:18 - 2012-02-27 22:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-04-11 20:18 - 2012-02-27 22:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-04-11 20:18 - 2012-02-27 22:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-04-11 20:18 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-04-11 20:18 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-04-11 20:18 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-04-11 20:18 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-04-11 20:18 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-04-11 20:18 - 2011-05-31 12:31 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-04-11 20:18 - 2011-05-31 12:31 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-04-11 20:18 - 2011-05-31 12:31 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-04-11 20:18 - 2011-05-31 12:31 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-04-11 20:18 - 2011-05-31 12:31 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-04-11 20:18 - 2011-05-31 12:31 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-04-11 20:18 - 2011-05-31 12:31 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-04-11 20:18 - 2011-05-31 12:31 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-04-11 20:18 - 2011-05-02 21:29 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-04-11 20:18 - 2011-05-02 20:30 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-04-11 20:18 - 2010-11-20 19:24 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-04-11 20:18 - 2010-11-20 19:23 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-04-11 20:18 - 2009-07-13 17:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-04-11 20:18 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-04-11 20:18 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-04-11 20:18 - 2009-07-13 17:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-04-11 20:18 - 2009-07-13 17:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-04-11 20:18 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-04-11 20:18 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-04-11 20:17 - 2010-09-23 00:36 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys 2012-04-11 20:17 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2012-04-11 20:17 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll 2012-04-11 20:17 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll 2012-04-11 20:17 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2012-04-11 20:17 - 2009-07-13 17:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2012-04-11 20:17 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll 2012-04-07 10:58 - 2012-04-16 18:58 - 0041918 ____A C:\Users\PWS\Desktop\640.jpg 2012-04-05 14:17 - 2012-03-27 17:06 - 0129276 ____A C:\TDSSKiller.2.7.26.0_05.04.2012_17.17.02_log.txt 2012-04-05 14:16 - 2012-03-25 19:15 - 0000348 ____A C:\TDSSKiller.2.7.23.0_05.04.2012_17.16.51_log.txt 2012-04-05 14:16 - 2012-03-06 20:44 - 0000348 ____A C:\TDSSKiller.2.7.20.0_05.04.2012_17.16.34_log.txt 2012-04-03 21:18 - 2012-01-30 22:55 - 0019968 ____A C:\Users\PWS\Documents\RB 4-2012.doc 2012-04-01 20:15 - 2012-04-11 20:23 - 0000000 ____D C:\Program Files\iPod 2012-04-01 20:15 - 2012-04-11 20:23 - 0000000 ____D C:\Program Files (x86)\iTunes 2012-04-01 20:15 - 2012-04-01 20:15 - 0000000 ____D C:\Program Files\iTunes 2012-04-01 20:15 - 2011-12-29 11:44 - 0001787 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-03-30 06:15 - 2009-07-13 17:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-03-30 06:15 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-03-27 18:06 - 2012-04-17 20:42 - 0000000 ____D C:\Users\PWS\Desktop\RW pics 2012-03-27 17:04 - 2012-03-26 06:46 - 0254722 ____A C:\TDSSKiller.2.7.23.0_27.03.2012_20.04.42_log.txt 2012-03-26 06:45 - 2012-04-05 14:16 - 0128884 ____A C:\TDSSKiller.2.7.23.0_26.03.2012_09.45.19_log.txt 2012-03-25 19:14 - 2012-04-20 14:01 - 0000000 ____D C:\TDSSKiller_Quarantine 2012-03-25 19:06 - 2012-03-23 13:15 - 0254722 ____A C:\TDSSKiller.2.7.22.0_25.03.2012_22.06.58_log.txt 2012-03-25 19:06 - 2012-03-17 23:12 - 0000348 ____A C:\TDSSKiller.2.7.18.0_25.03.2012_22.06.48_log.txt 2012-03-23 13:13 - 2012-03-23 12:56 - 0128884 ____A C:\TDSSKiller.2.7.22.0_23.03.2012_16.13.33_log.txt 2012-03-23 13:13 - 2012-03-23 12:49 - 0000348 ____A C:\TDSSKiller.2.7.20.0_23.03.2012_16.13.22_log.txt 2012-03-23 12:49 - 2012-03-23 13:13 - 0128884 ____A C:\TDSSKiller.2.7.22.0_23.03.2012_15.49.15_log.txt 2012-03-23 12:49 - 2012-03-17 23:13 - 0000348 ____A C:\TDSSKiller.2.7.20.0_23.03.2012_15.49.03_log.txt ============ 3 Months Modified Files and Folders ============= 2012-04-21 00:04 - 2012-04-21 00:03 - 0000000 ____D C:\FRST 2012-04-20 21:00 - 2011-12-18 11:17 - 1003929600 __ASH C:\hiberfil.sys 2012-04-20 21:00 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT 2012-04-20 21:00 - 2009-07-13 20:51 - 0068210 ____A C:\Windows\setupact.log 2012-04-20 20:52 - 2011-12-18 10:16 - 1575607 ____A C:\Windows\WindowsUpdate.log 2012-04-20 20:50 - 2009-07-13 21:13 - 0741696 ____A C:\Windows\System32\PerfStringBackup.INI 2012-04-20 20:05 - 2012-03-30 06:15 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-04-20 20:02 - 2009-07-13 20:45 - 0016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-04-20 20:02 - 2009-07-13 20:45 - 0016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-04-20 19:55 - 2012-04-20 19:55 - 0000000 __SHD C:\$RECYCLE.BIN 2012-04-20 19:34 - 2012-04-20 19:34 - 0016348 ____A C:\ComboFix.txt 2012-04-20 19:34 - 2012-04-20 15:07 - 0000000 ____D C:\Windows\ERDNT 2012-04-20 19:34 - 2012-04-20 14:58 - 0000000 ____D C:\Qoobox 2012-04-20 19:34 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default 2012-04-20 19:34 - 2009-07-13 19:20 - 0000000 ___AD C:\users\Public 2012-04-20 19:31 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini 2012-04-20 19:31 - 2009-07-13 18:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts 2012-04-20 19:29 - 2010-11-20 19:47 - 0134346 ____A C:\Windows\PFRO.log 2012-04-20 19:20 - 2012-04-20 18:18 - 0486646 ____A C:\Windows\ntbtlog.txt 2012-04-20 18:06 - 2012-04-20 18:06 - 4470025 ____R (Swearware) C:\Users\PWS\Desktop\ComboFix.exe 2012-04-20 14:01 - 2012-04-20 13:59 - 0129632 ____A C:\TDSSKiller.2.7.31.0_20.04.2012_16.59.23_log.txt 2012-04-20 13:59 - 2012-04-20 16:50 - 2072624 ____A (Kaspersky Lab ZAO) C:\Users\PWS\Desktop\TDSSKiller.exe 2012-04-20 13:59 - 2010-12-31 22:14 - 0002254 ____A C:\Users\PWS\Desktop\eula.txt 2012-04-20 13:58 - 2012-04-20 13:58 - 2053340 ____A C:\Users\PWS\Desktop\tdsskiller.zip 2012-04-20 13:56 - 2012-04-20 13:56 - 0000564 ____A C:\Users\PWS\Desktop\MBR.zip 2012-04-20 13:53 - 2012-04-20 13:53 - 0002032 ____A C:\Users\PWS\Desktop\aswMBR.txt 2012-04-20 13:53 - 2012-04-20 13:53 - 0000512 ____A C:\Users\PWS\Desktop\MBR.dat 2012-04-20 13:45 - 2012-04-20 13:45 - 4731392 ____A (AVAST Software) C:\Users\PWS\Desktop\aswMBR.exe 2012-04-18 10:52 - 2012-04-18 10:52 - 0421079 ____A C:\Users\PWS\Documents\Scan0017.pdf 2012-04-18 10:46 - 2012-04-18 10:46 - 0109939 ____A C:\Users\PWS\Documents\Scan0016.pdf 2012-04-18 10:39 - 2012-04-18 10:39 - 0494444 ____A C:\Users\PWS\Documents\Scan0015.pdf 2012-04-18 10:36 - 2012-04-18 10:36 - 0420858 ____A C:\Users\PWS\Documents\Scan0014.pdf 2012-04-18 10:20 - 2012-04-18 10:20 - 0498262 ____A C:\Users\PWS\Documents\Scan0013.pdf 2012-04-18 10:08 - 2012-04-18 10:08 - 0421285 ____A C:\Users\PWS\Documents\Scan0012.pdf 2012-04-17 20:42 - 2012-04-17 20:42 - 0001302 ____A C:\Users\PWS\Desktop\RKreport[1].txt 2012-04-17 20:42 - 2012-04-17 20:41 - 0000000 ____D C:\Users\PWS\Desktop\RK_Quarantine 2012-04-17 19:41 - 2012-04-17 19:41 - 0105318 ____A C:\TDSSKiller.2.7.28.0_17.04.2012_22.41.09_log.txt 2012-04-17 19:40 - 2012-04-17 19:39 - 0129276 ____A C:\TDSSKiller.2.7.28.0_17.04.2012_22.39.46_log.txt 2012-04-17 14:16 - 2012-04-17 14:16 - 5950368 ____A (Microsoft Corporation) C:\Users\PWS\Downloads\office2003-KB934181-FullFile-ENU.exe 2012-04-17 14:15 - 2012-04-17 14:15 - 5928848 ____A (Microsoft Corporation) C:\Users\PWS\Downloads\office2003-KB956357-FullFile-ENU.exe 2012-04-17 14:14 - 2012-04-17 14:14 - 5929016 ____A (Microsoft Corporation) C:\Users\PWS\Downloads\office2003-kb887979-fullfile-enu.exe 2012-04-16 19:22 - 2012-04-16 19:22 - 0025600 ____A C:\Users\PWS\Documents\KP.doc 2012-04-16 18:58 - 2012-04-16 19:01 - 0020978 ____A C:\Users\PWS\Desktop\1682614.jpg 2012-04-16 18:46 - 2012-04-16 18:46 - 0873095 ____A C:\Users\PWS\Desktop\FM1.jpg 2012-04-16 18:17 - 2012-04-16 18:17 - 0129276 ____A C:\TDSSKiller.2.7.28.0_16.04.2012_21.17.14_log.txt 2012-04-16 18:17 - 2012-03-17 23:12 - 0000000 ____D C:\Users\PWS\Desktop\tdsskiller 2012-04-16 18:16 - 2012-04-16 18:16 - 0000348 ____A C:\TDSSKiller.2.7.20.0_16.04.2012_21.16.50_log.txt 2012-04-15 13:14 - 2011-12-29 12:19 - 0002206 ____A C:\Windows\Tasks\hpwebreg_CN18IDM234.job 2012-04-14 11:08 - 2011-12-18 10:26 - 0000000 ____D C:\Users\PWS\AppData\Local\VirtualStore 2012-04-14 11:05 - 2012-04-14 11:03 - 0000000 ____D C:\Program Files (x86)\TD3 2012-04-14 09:06 - 2012-03-30 06:15 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-04-14 09:06 - 2011-12-25 22:11 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-04-14 09:05 - 2012-04-14 09:05 - 8766112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2012-04-12 05:29 - 2009-07-13 21:08 - 0032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-04-11 20:17 - 2011-12-20 10:23 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-04-11 20:07 - 2011-05-31 12:49 - 0002023 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk 2012-04-10 14:12 - 2011-12-29 11:24 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-04-10 14:12 - 2011-12-18 11:53 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-04-08 12:20 - 2011-12-29 11:47 - 0002408 ____A C:\Windows\Tasks\hpwebreg_xxxxxxxxxx.job 2012-04-07 18:21 - 2011-12-18 11:33 - 0000000 ____D C:\Users\All Users\DVD Shrink 2012-04-07 18:21 - 2011-12-18 11:33 - 0000000 ____D C:\ProgramData\DVD Shrink 2012-04-07 10:58 - 2012-04-07 10:58 - 0041918 ____A C:\Users\PWS\Desktop\640.jpg 2012-04-05 14:17 - 2012-04-05 14:17 - 0129276 ____A C:\TDSSKiller.2.7.26.0_05.04.2012_17.17.02_log.txt 2012-04-05 14:16 - 2012-04-05 14:16 - 0000348 ____A C:\TDSSKiller.2.7.23.0_05.04.2012_17.16.51_log.txt 2012-04-05 14:16 - 2012-04-05 14:16 - 0000348 ____A C:\TDSSKiller.2.7.20.0_05.04.2012_17.16.34_log.txt 2012-04-04 12:56 - 2011-12-18 11:53 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-04-04 11:34 - 2012-04-03 21:18 - 0019968 ____A C:\Users\PWS\Documents\RAB 4-2012.doc 2012-04-01 20:15 - 2012-04-01 20:15 - 0001787 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-04-01 20:15 - 2012-04-01 20:15 - 0000000 ____D C:\Program Files\iTunes 2012-04-01 20:15 - 2012-04-01 20:15 - 0000000 ____D C:\Program Files\iPod 2012-04-01 20:15 - 2012-04-01 20:15 - 0000000 ____D C:\Program Files (x86)\iTunes 2012-03-27 18:09 - 2012-03-27 18:06 - 0000000 ____D C:\Users\PWS\Desktop\RW pics 2012-03-27 17:06 - 2012-03-27 17:04 - 0254722 ____A C:\TDSSKiller.2.7.23.0_27.03.2012_20.04.42_log.txt 2012-03-27 17:05 - 2012-03-25 19:14 - 0000000 ____D C:\TDSSKiller_Quarantine 2012-03-26 06:46 - 2012-03-26 06:45 - 0128884 ____A C:\TDSSKiller.2.7.23.0_26.03.2012_09.45.19_log.txt 2012-03-25 19:15 - 2012-03-25 19:06 - 0254722 ____A C:\TDSSKiller.2.7.22.0_25.03.2012_22.06.58_log.txt 2012-03-25 19:06 - 2012-03-25 19:06 - 0000348 ____A C:\TDSSKiller.2.7.18.0_25.03.2012_22.06.48_log.txt 2012-03-23 13:15 - 2012-03-23 13:13 - 0128884 ____A C:\TDSSKiller.2.7.22.0_23.03.2012_16.13.33_log.txt 2012-03-23 13:13 - 2012-03-23 13:13 - 0000348 ____A C:\TDSSKiller.2.7.20.0_23.03.2012_16.13.22_log.txt 2012-03-23 12:56 - 2012-03-23 12:49 - 0128884 ____A C:\TDSSKiller.2.7.22.0_23.03.2012_15.49.15_log.txt 2012-03-23 12:49 - 2012-03-23 12:49 - 0000348 ____A C:\TDSSKiller.2.7.20.0_23.03.2012_15.49.03_log.txt 2012-03-21 22:36 - 2012-03-19 10:50 - 0900608 ____A C:\Users\PWS\Desktop\OK.doc 2012-03-21 21:28 - 2012-03-21 21:28 - 0340695 ____A C:\Users\PWS\Documents\Scan0011.pdf 2012-03-21 21:25 - 2012-03-21 21:25 - 0353804 ____A C:\Users\PWS\Documents\Scan0010.pdf 2012-03-21 21:24 - 2012-03-21 21:24 - 0493049 ____A C:\Users\PWS\Documents\Scan0009.pdf 2012-03-19 10:17 - 2012-03-19 10:17 - 0095138 ____A C:\Users\PWS\Documents\Scan0008.pdf 2012-03-19 10:14 - 2012-03-19 10:14 - 0086073 ____A C:\Users\PWS\Documents\Scan0007.pdf 2012-03-19 10:08 - 2012-03-19 10:08 - 0423011 ____A C:\Users\PWS\Documents\Scan0006.pdf 2012-03-19 10:05 - 2012-03-19 10:05 - 0487078 ____A C:\Users\PWS\Documents\Scan0005.pdf 2012-03-19 10:04 - 2012-03-19 10:04 - 0318095 ____A C:\Users\PWS\Documents\Scan0004.pdf 2012-03-19 10:02 - 2012-03-19 10:02 - 0489536 ____A C:\Users\PWS\Documents\Scan0003.pdf 2012-03-19 09:44 - 2012-03-19 09:44 - 0486648 ____A C:\Users\PWS\Documents\Scan0002.pdf 2012-03-19 08:57 - 2012-03-19 08:57 - 0200687 ____A C:\Users\PWS\Documents\Scan0001.pdf 2012-03-19 08:31 - 2011-12-22 22:03 - 0000000 ____D C:\Users\PWS\Desktop\MA 2012-03-17 23:13 - 2012-03-17 23:13 - 0092944 ____A C:\TDSSKiller.2.7.20.0_18.03.2012_02.13.01_log.txt 2012-03-17 23:12 - 2012-03-17 23:12 - 0000348 ____A C:\TDSSKiller.2.7.18.0_18.03.2012_02.12.24_log.txt 2012-03-17 12:43 - 2011-12-18 15:16 - 0000000 ____A C:\Users\PWS\AppData\Roaming\FileOut.cns 2012-03-17 12:43 - 2011-12-18 15:16 - 0000000 ____A C:\Users\PWS\AppData\Roaming\FileIn.cns 2012-03-15 19:57 - 2012-03-15 19:57 - 0116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\21858290.sys 2012-03-15 19:57 - 2012-03-15 19:57 - 0081012 ____A C:\TDSSKiller.2.7.20.0_15.03.2012_22.57.31_log.txt 2012-03-15 19:57 - 2012-03-15 19:57 - 0000348 ____A C:\TDSSKiller.2.7.18.0_15.03.2012_22.57.07_log.txt 2012-03-14 21:33 - 2012-03-14 21:33 - 0081012 ____A C:\TDSSKiller.2.7.20.0_15.03.2012_00.33.28_log.txt 2012-03-14 21:33 - 2012-03-14 21:33 - 0000348 ____A C:\TDSSKiller.2.7.18.0_15.03.2012_00.33.16_log.txt 2012-03-13 20:45 - 2009-07-13 20:45 - 0288152 ____A C:\Windows\System32\FNTCACHE.DAT 2012-03-10 08:35 - 2012-03-10 08:35 - 0027648 ____A C:\Users\PWS\Documents\MTP.doc 2012-03-06 20:44 - 2012-03-06 20:44 - 0081012 ____A C:\TDSSKiller.2.7.19.0_06.03.2012_22.44.16_log.txt 2012-03-06 20:44 - 2012-03-06 20:44 - 0000348 ____A C:\TDSSKiller.2.7.18.0_06.03.2012_22.44.03_log.txt 2012-03-06 20:37 - 2012-03-06 20:37 - 0026624 ____A C:\Users\PWS\Documents\Now we must speak.doc 2012-03-05 22:53 - 2012-04-11 20:18 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-03-05 21:59 - 2012-04-11 20:18 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-03-05 21:59 - 2012-04-11 20:18 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-03-03 23:28 - 2012-03-03 23:27 - 0081012 ____A C:\TDSSKiller.2.7.18.0_04.03.2012_01.27.57_log.txt 2012-03-03 23:27 - 2012-03-03 23:27 - 0000348 ____A C:\TDSSKiller.2.7.13.0_04.03.2012_01.27.19_log.txt 2012-03-03 23:26 - 2012-03-03 23:26 - 0000348 ____A C:\TDSSKiller.2.7.13.0_04.03.2012_01.26.54_log.txt 2012-02-29 22:46 - 2012-04-11 20:17 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys 2012-02-29 22:38 - 2012-04-11 20:17 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2012-02-29 22:33 - 2012-04-11 20:17 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll 2012-02-29 22:28 - 2012-04-11 20:17 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll 2012-02-29 21:37 - 2012-04-11 20:17 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2012-02-29 21:33 - 2012-04-11 20:17 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2012-02-29 21:29 - 2012-04-11 20:17 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll 2012-02-29 20:11 - 2012-02-29 20:11 - 0000000 ____D C:\Samsung 2012-02-29 07:17 - 2012-02-29 07:17 - 0000000 ____D C:\Windows\System32\Macromed 2012-02-27 23:34 - 2012-04-11 20:18 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-02-27 23:02 - 2012-04-11 20:18 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-02-27 22:56 - 2012-04-11 20:18 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-02-27 22:50 - 2012-04-11 20:18 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-02-27 22:49 - 2012-04-11 20:18 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-02-27 22:48 - 2012-04-11 20:18 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-02-27 22:48 - 2012-04-11 20:18 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-02-27 22:47 - 2012-04-11 20:18 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-02-27 22:45 - 2012-04-11 20:18 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-02-27 22:43 - 2012-04-11 20:18 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-02-27 22:43 - 2012-04-11 20:18 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-02-27 22:42 - 2012-04-11 20:18 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-02-27 22:39 - 2012-04-11 20:18 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-02-27 17:52 - 2012-04-11 20:18 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-02-27 17:27 - 2012-04-11 20:18 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-02-27 17:18 - 2012-04-11 20:18 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-02-27 17:12 - 2012-04-11 20:18 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-02-27 17:11 - 2012-04-11 20:18 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-02-27 17:11 - 2012-04-11 20:18 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-02-27 17:09 - 2012-04-11 20:18 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-02-27 17:08 - 2012-04-11 20:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-02-27 17:06 - 2012-04-11 20:18 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-02-27 17:04 - 2012-04-11 20:18 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-02-27 17:03 - 2012-04-11 20:18 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-02-27 17:03 - 2012-04-11 20:18 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-02-27 16:59 - 2012-04-11 20:18 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-02-26 10:01 - 2012-02-26 10:01 - 0030720 ____A C:\Users\PWS\Documents\BN logo.doc 2012-02-26 09:25 - 2012-02-26 09:25 - 0010062 ____A C:\Users\PWS\Desktop\bn logo.jpg 2012-02-26 09:21 - 2012-02-26 09:21 - 0000000 ____D C:\TSSDKiller 2012-02-22 14:21 - 2012-02-22 14:21 - 0020480 ____A C:\Users\PWS\Documents\TCS inquiry.doc 2012-02-22 12:06 - 2012-02-22 12:06 - 0956344 ____A (Microsoft Corporation) C:\Users\PWS\Desktop\SaveAsPDFandXPS.exe 2012-02-22 12:06 - 2012-02-22 12:06 - 0000000 ____D C:\Program Files (x86)\MSECache 2012-02-19 10:38 - 2011-12-22 13:58 - 0000000 ____D C:\Program Files (x86)\Microsoft Games 2012-02-18 23:41 - 2012-02-18 23:41 - 1857786 ____A C:\Users\PWS\Desktop\ProcessExplorer.zip 2012-02-17 19:59 - 2011-12-18 10:26 - 0000174 ___SH C:\Users\PWS\Start Menu\Programs\Startup\desktop.ini 2012-02-17 19:59 - 2011-12-18 10:26 - 0000174 ___SH C:\Users\PWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini 2012-02-16 22:38 - 2012-03-13 14:56 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll 2012-02-16 21:34 - 2012-03-13 14:56 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2012-02-16 20:58 - 2012-03-13 14:56 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-02-16 20:57 - 2012-03-13 14:56 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys 2012-02-15 08:01 - 2012-02-15 08:01 - 4547944 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll 2012-02-15 08:01 - 2012-02-15 08:01 - 0052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys 2012-02-11 22:49 - 2011-12-22 22:12 - 0000127 ____A C:\Users\PWS\AppData\default.pls 2012-02-09 22:36 - 2012-03-13 18:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2012-02-09 22:29 - 2012-02-09 22:32 - 9153364 ____A C:\Users\PWS\Desktop\07 HKM.m4a 2012-02-09 22:22 - 2012-02-09 22:23 - 8576232 ____A C:\Users\PWS\Desktop\1-02 Ay.m4a 2012-02-09 22:11 - 2011-12-22 16:35 - 0000000 ____D C:\Users\PWS\AppData\Local\Ahead 2012-02-09 22:07 - 2012-02-09 21:43 - 0000000 ____D C:\Users\PWS\Desktop\New folder 2012-02-09 21:38 - 2012-03-13 18:36 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2012-02-09 07:17 - 2011-12-18 11:47 - 0002513 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk 2012-02-09 07:17 - 2011-12-18 11:46 - 0000000 ____D C:\Windows\System32\Drivers\N360x64 2012-02-02 20:34 - 2012-03-13 18:37 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-01-31 19:54 - 2012-01-31 19:54 - 1107576 ____A C:\Users\PWS\Desktop\Re OK.zip 2012-01-31 19:41 - 2012-01-31 19:38 - 0000000 ____D C:\Users\PWS\AppData\Roaming\ICAClient 2012-01-31 19:36 - 2012-01-31 19:36 - 0000000 ____D C:\Users\PWS\AppData\Roaming\Mozilla 2012-01-31 19:36 - 2012-01-31 19:36 - 0000000 ____D C:\Users\PWS\AppData\Local\Citrix 2012-01-30 22:55 - 2012-01-30 22:55 - 0019968 ____A C:\Users\PWS\Documents\OK.doc 2012-01-30 22:27 - 2012-01-30 22:27 - 0137796 ____A C:\Users\PWS\Documents\Scan0012.jpg 2012-01-30 22:25 - 2012-01-30 20:41 - 0030720 ____A C:\Users\PWS\Documents\504.doc 2012-01-28 10:53 - 2012-01-28 10:53 - 0102104 ____A C:\Users\PWS\Desktop\bell.wav 2012-01-24 22:38 - 2012-03-13 14:56 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-01-24 22:38 - 2012-03-13 14:56 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-01-24 22:33 - 2012-03-13 14:56 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ========================= Memory info ====================== Percentage of memory in use: 7% Total physical RAM: 12199.23 MB Available physical RAM: 11278.63 MB Total Pagefile: 12197.43 MB Available Pagefile: 11265.08 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (WIN7) (Fixed) (Total:745.21 GB) (Free:682.34 GB) NTFS ==>[Drive with boot components (obtanied from BCD)] 2 Drive d: (DATA) (Fixed) (Total:1103.63 GB) (Free:1089.26 GB) NTFS 8 Drive j: (LEXAR) (Removable) (Total:0.97 GB) (Free:0.52 GB) FAT 10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 1863 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 Online 991 MB 0 B Disk 6 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 14 GB 1024 KB Partition 2 Primary 745 GB 14 GB Partition 3 Primary 1103 GB 759 GB ====================================================================================================== Disk: 0 Partition 1 Type : 1B Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C WIN7 NTFS Partition 745 GB Healthy ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D DATA NTFS Partition 1103 GB Healthy ====================================================================================================== Partitions of Disk 5: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 991 MB 31 KB ====================================================================================================== Disk: 5 Partition 1 Type : 04 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 7 J LEXAR FAT Removable 991 MB Healthy ====================================================================================================== ========================================================== Last Boot: 2012-04-20 17:30 ======================= End Of Log ==========================
- April 21, 2012
- 33 replies
Possible redirect infection

needhelp1 replied to needhelp1's topic in Resolved Malware Removal Logs

Just reset router and flushdns. Same results as I just mentioned (and like I said, maybe thats okay as is, I'm just not positive if that happened before the infection).
- April 21, 2012
- 33 replies
Possible redirect infection

needhelp1 replied to needhelp1's topic in Resolved Malware Removal Logs

Okay I'll give that a try. One other note if its worth anything. I tried Google and doing a search for Malwarebytes. On the results page, the URL on the affected computer is much different than the one on this good computer (hopefully good ha). Its much longer and much different content after google.com on the affected computer.
- April 21, 2012
- 33 replies
Possible redirect infection

needhelp1 replied to needhelp1's topic in Resolved Malware Removal Logs

Hard to say. Definitly not like before. I tested by typing a URL wrong and there is no being directed to ad sites with popups like before, and no outright redirects from google searches. But what it does do is go to is a page with a totally unrelated URL. For example if I type in Malwarebytes' address with a typo, the resulting URL is completly different. It might be normal but somehow I don't remember that happening before.
- April 21, 2012
- 33 replies
Possible redirect infection

needhelp1 replied to needhelp1's topic in Resolved Malware Removal Logs

I just tried Combofix again in normal mode for the heck of it one more time and it worked all of the sudden. Do I need to follow the further steps you just posted? Combofix log below: ComboFix 12-04-20.03 - PWS 04/20/2012 22:24:18.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12199.10838 [GMT -5:00] Running from: c:\users\PWS\Desktop\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-03-21 to 2012-04-21 ))))))))))))))))))))))))))))))) . . 2012-04-21 03:29 . 2012-04-21 03:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-14 19:03 . 2012-04-14 19:05 -------- d-----w- c:\program files (x86)\TD3 2012-04-14 17:05 . 2012-04-14 17:05 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-12 04:17 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-12 04:17 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-12 04:17 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-12 04:17 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-12 04:17 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-12 04:17 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-12 04:17 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2012-04-02 04:15 . 2012-04-02 04:15 -------- d-----w- c:\program files\iTunes 2012-04-02 04:15 . 2012-04-02 04:15 -------- d-----w- c:\program files (x86)\iTunes 2012-04-02 04:15 . 2012-04-02 04:15 -------- d-----w- c:\program files\iPod 2012-03-30 14:15 . 2012-04-14 17:06 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-03-26 03:14 . 2012-03-28 01:05 -------- d-----w- C:\TDSSKiller_Quarantine . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-14 17:06 . 2011-12-26 06:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-04 20:56 . 2011-12-18 19:53 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-16 03:57 . 2012-03-16 03:57 116016 ----a-w- c:\windows\system32\drivers\21858290.sys 2012-02-17 06:38 . 2012-03-13 22:56 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 05:34 . 2012-03-13 22:56 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58 . 2012-03-13 22:56 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:57 . 2012-03-13 22:56 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-10 06:36 . 2012-03-14 02:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:38 . 2012-03-14 02:36 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-02-03 04:34 . 2012-03-14 02:37 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-02-01 03:36 . 2012-02-01 03:36 73728 ----a-r- c:\users\PWS\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe 2012-02-01 03:36 . 2012-02-01 03:36 73728 ----a-r- c:\users\PWS\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe 2012-01-25 06:38 . 2012-03-13 22:56 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 06:38 . 2012-03-13 22:56 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-01-25 06:33 . 2012-03-13 22:56 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-12-18 296056] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-5-31 548528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x] R3 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [x] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x] R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x] R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-04-02 1160824] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120417.001\IDSvia64.sys [2012-03-06 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe [2010-11-19 915072] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [2010-10-21 586880] S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392] S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-23 23:34 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:06] . 2012-04-15 c:\windows\Tasks\hpwebreg_CN18IDM234.job - c:\program files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe [2010-11-17 03:29] . 2012-04-08 c:\windows\Tasks\hpwebreg_xxxxxxxxxx.job - c:\program files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe [2010-11-17 03:29] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-06 166936] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-06 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-06 416792] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-04-20 22:34:52 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-21 03:34 . Pre-Run: 732,505,481,216 bytes free Post-Run: 732,472,172,544 bytes free . - - End Of File - - 047FCD97E1034AC5D6015CBB2D8400C0
- April 21, 2012
- 33 replies
Possible redirect infection

needhelp1 replied to needhelp1's topic in Resolved Malware Removal Logs

Finally was able to Disable Norton and go into safe mode. I tried Combofix and it started, ran for about 10 seconds, then abruptly shut off almost as if it hit a tripwire. I tried a Malwarebytes quickscan and it didn't find anything to trip it. Combofix issue?
- April 21, 2012
- 33 replies
Possible redirect infection

needhelp1 replied to needhelp1's topic in Resolved Malware Removal Logs

I disabled Norton AV and firewall but Combofix still found something within Norton on and stalled at stage 4 for a little over an hour. So I went in and disabled everything I could in Norton, then downloaded a fresh copy of Combofix. No conflicts with Norton this time, but Combofix is still hanging up at stage 4. Any suggestions?
- April 21, 2012
- 33 replies
Possible redirect infection

needhelp1 replied to needhelp1's topic in Resolved Malware Removal Logs

Thanks for the reply, logs posted/attached below: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-04-20 16:45:49 ----------------------------- 16:45:49.204 OS Version: Windows x64 6.1.7601 Service Pack 1 16:45:49.204 Number of processors: 4 586 0x2A07 16:45:49.204 ComputerName: SD70 UserName: PWS 16:45:50.359 Initialize success 16:46:25.772 AVAST engine defs: 12042001 16:46:41.872 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 16:46:41.887 Disk 0 Vendor: WDC_WD20EARX-22PASB0 51.0AB51 Size: 1907729MB BusType: 3 16:46:41.903 Disk 0 MBR read successfully 16:46:41.918 Disk 0 MBR scan 16:46:41.918 Disk 0 unknown MBR code 16:46:41.918 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 14524 MB offset 2048 16:46:41.934 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 763090 MB offset 29747200 16:46:41.965 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1130113 MB offset 1592555520 16:46:42.012 Disk 0 scanning C:\Windows\system32\drivers 16:46:48.533 Service scanning 16:47:02.448 Modules scanning 16:47:02.448 Disk 0 trace - called modules: 16:47:02.464 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 16:47:02.978 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800ae38790] 16:47:02.978 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa800ab28520] 16:47:02.978 5 ACPI.sys[fffff88000f157a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800ab2d060] 16:47:04.086 AVAST engine scan C:\Windows 16:47:06.223 AVAST engine scan C:\Windows\system32 16:49:09.011 AVAST engine scan C:\Windows\system32\drivers 16:49:33.534 AVAST engine scan C:\Users\PWS 16:52:35.883 AVAST engine scan C:\ProgramData 16:53:26.521 Scan finished successfully 16:53:58.641 Disk 0 MBR has been saved successfully to "C:\Users\PWS\Desktop\MBR.dat" 16:53:58.641 The log file has been saved successfully to "C:\Users\PWS\Desktop\aswMBR.txt" ----------------------------------------------------------- And the TDSSKiller log below: 16:59:23.0007 1556 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47 16:59:23.0787 1556 ============================================================ 16:59:23.0787 1556 Current date / time: 2012/04/20 16:59:23.0787 16:59:23.0787 1556 SystemInfo: 16:59:23.0787 1556 16:59:23.0787 1556 OS Version: 6.1.7601 ServicePack: 1.0 16:59:23.0787 1556 Product type: Workstation 16:59:23.0787 1556 ComputerName: SD70 16:59:23.0787 1556 UserName: PWS 16:59:23.0787 1556 Windows directory: C:\Windows 16:59:23.0787 1556 System windows directory: C:\Windows 16:59:23.0787 1556 Running under WOW64 16:59:23.0787 1556 Processor architecture: Intel x64 16:59:23.0787 1556 Number of processors: 4 16:59:23.0787 1556 Page size: 0x1000 16:59:23.0787 1556 Boot type: Normal boot 16:59:23.0787 1556 ============================================================ 16:59:25.0004 1556 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:59:25.0020 1556 Drive \Device\Harddisk6\DR6 - Size: 0x3DF80000 (0.97 Gb), SectorSize: 0x200, Cylinders: 0x7E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 16:59:25.0020 1556 \Device\Harddisk0\DR0: 16:59:25.0020 1556 MBR partitions: 16:59:25.0020 1556 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x5D269000 16:59:25.0020 1556 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x5EEC7800, BlocksNum 0x89F40800 16:59:25.0020 1556 \Device\Harddisk6\DR6: 16:59:25.0020 1556 MBR partitions: 16:59:25.0020 1556 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x4, StartLBA 0x3F, BlocksNum 0x1EFBC1 16:59:25.0066 1556 C: <-> \Device\Harddisk0\DR0\Partition0 16:59:25.0144 1556 D: <-> \Device\Harddisk0\DR0\Partition1 16:59:25.0144 1556 Initialize success 16:59:25.0144 1556 ============================================================ 16:59:37.0406 4880 ============================================================ 16:59:37.0406 4880 Scan started 16:59:37.0406 4880 Mode: Manual; TDLFS; 16:59:37.0406 4880 ============================================================ 16:59:38.0217 4880 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 16:59:38.0248 4880 1394ohci - ok 16:59:38.0389 4880 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 16:59:38.0389 4880 ACPI - ok 16:59:38.0404 4880 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 16:59:38.0404 4880 AcpiPmi - ok 16:59:38.0514 4880 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 16:59:38.0514 4880 AdobeARMservice - ok 16:59:38.0592 4880 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 16:59:38.0592 4880 AdobeFlashPlayerUpdateSvc - ok 16:59:38.0638 4880 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 16:59:38.0638 4880 adp94xx - ok 16:59:38.0670 4880 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 16:59:38.0670 4880 adpahci - ok 16:59:38.0701 4880 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 16:59:38.0701 4880 adpu320 - ok 16:59:38.0732 4880 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 16:59:38.0732 4880 AeLookupSvc - ok 16:59:38.0779 4880 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 16:59:38.0779 4880 AFD - ok 16:59:38.0794 4880 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 16:59:38.0794 4880 agp440 - ok 16:59:38.0826 4880 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 16:59:38.0826 4880 ALG - ok 16:59:38.0841 4880 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 16:59:38.0841 4880 aliide - ok 16:59:38.0841 4880 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 16:59:38.0857 4880 amdide - ok 16:59:38.0872 4880 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 16:59:38.0872 4880 AmdK8 - ok 16:59:38.0888 4880 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 16:59:38.0888 4880 AmdPPM - ok 16:59:38.0919 4880 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 16:59:38.0919 4880 amdsata - ok 16:59:38.0935 4880 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 16:59:38.0935 4880 amdsbs - ok 16:59:38.0950 4880 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 16:59:38.0950 4880 amdxata - ok 16:59:38.0982 4880 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 16:59:38.0982 4880 AppID - ok 16:59:38.0997 4880 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 16:59:38.0997 4880 AppIDSvc - ok 16:59:38.0997 4880 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 16:59:39.0013 4880 Appinfo - ok 16:59:39.0044 4880 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 16:59:39.0044 4880 Apple Mobile Device - ok 16:59:39.0060 4880 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 16:59:39.0075 4880 arc - ok 16:59:39.0075 4880 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 16:59:39.0075 4880 arcsas - ok 16:59:39.0153 4880 asComSvc (fb03a917c1294d3e6d671f24722e1ba3) C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe 16:59:39.0153 4880 asComSvc - ok 16:59:39.0184 4880 asHmComSvc (705249a820cc541ee54bd2d091381adf) C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe 16:59:39.0200 4880 asHmComSvc - ok 16:59:39.0262 4880 ASInsHelp (edaa17ce771c696655b6585f7cad2100) C:\Windows\SysWow64\drivers\AsInsHelp64.sys 16:59:39.0262 4880 ASInsHelp - ok 16:59:39.0278 4880 AsIO (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys 16:59:39.0278 4880 AsIO - ok 16:59:39.0325 4880 asmthub3 (954950d11ada98ac1b7ee3c770e4622c) C:\Windows\system32\DRIVERS\asmthub3.sys 16:59:39.0325 4880 asmthub3 - ok 16:59:39.0340 4880 asmtxhci (01dbb05db1db95803e3c9f2b49afe79c) C:\Windows\system32\DRIVERS\asmtxhci.sys 16:59:39.0340 4880 asmtxhci - ok 16:59:39.0372 4880 AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe 16:59:39.0387 4880 AsSysCtrlService - ok 16:59:39.0387 4880 AsUpIO (1392b92179b07b672720763d9b1028a5) C:\Windows\syswow64\drivers\AsUpIO.sys 16:59:39.0403 4880 AsUpIO - ok 16:59:39.0418 4880 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 16:59:39.0418 4880 AsyncMac - ok 16:59:39.0434 4880 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 16:59:39.0434 4880 atapi - ok 16:59:39.0450 4880 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 16:59:39.0465 4880 AudioEndpointBuilder - ok 16:59:39.0481 4880 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 16:59:39.0481 4880 AudioSrv - ok 16:59:39.0512 4880 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 16:59:39.0512 4880 AxInstSV - ok 16:59:39.0543 4880 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 16:59:39.0559 4880 b06bdrv - ok 16:59:39.0574 4880 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 16:59:39.0590 4880 b57nd60a - ok 16:59:39.0637 4880 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 16:59:39.0637 4880 BBSvc - ok 16:59:39.0668 4880 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 16:59:39.0668 4880 BDESVC - ok 16:59:39.0684 4880 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 16:59:39.0684 4880 Beep - ok 16:59:39.0715 4880 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 16:59:39.0730 4880 BFE - ok 16:59:39.0824 4880 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120402.001\BHDrvx64.sys 16:59:39.0840 4880 BHDrvx64 - ok 16:59:39.0871 4880 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 16:59:39.0886 4880 BITS - ok 16:59:39.0886 4880 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys 16:59:39.0886 4880 blbdrive - ok 16:59:39.0949 4880 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 16:59:39.0949 4880 Bonjour Service - ok 16:59:39.0964 4880 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 16:59:39.0964 4880 bowser - ok 16:59:39.0996 4880 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 16:59:39.0996 4880 BrFiltLo - ok 16:59:40.0011 4880 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 16:59:40.0011 4880 BrFiltUp - ok 16:59:40.0027 4880 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 16:59:40.0027 4880 Browser - ok 16:59:40.0042 4880 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 16:59:40.0058 4880 Brserid - ok 16:59:40.0074 4880 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 16:59:40.0074 4880 BrSerWdm - ok 16:59:40.0089 4880 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 16:59:40.0089 4880 BrUsbMdm - ok 16:59:40.0120 4880 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 16:59:40.0120 4880 BrUsbSer - ok 16:59:40.0136 4880 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 16:59:40.0136 4880 BTHMODEM - ok 16:59:40.0152 4880 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 16:59:40.0152 4880 bthserv - ok 16:59:40.0167 4880 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 16:59:40.0167 4880 cdfs - ok 16:59:40.0198 4880 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 16:59:40.0198 4880 cdrom - ok 16:59:40.0214 4880 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 16:59:40.0214 4880 CertPropSvc - ok 16:59:40.0230 4880 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 16:59:40.0230 4880 circlass - ok 16:59:40.0245 4880 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 16:59:40.0245 4880 CLFS - ok 16:59:40.0308 4880 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:59:40.0308 4880 clr_optimization_v2.0.50727_32 - ok 16:59:40.0339 4880 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 16:59:40.0339 4880 clr_optimization_v2.0.50727_64 - ok 16:59:40.0401 4880 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:59:40.0401 4880 clr_optimization_v4.0.30319_32 - ok 16:59:40.0432 4880 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 16:59:40.0432 4880 clr_optimization_v4.0.30319_64 - ok 16:59:40.0448 4880 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 16:59:40.0448 4880 CmBatt - ok 16:59:40.0464 4880 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 16:59:40.0464 4880 cmdide - ok 16:59:40.0495 4880 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 16:59:40.0495 4880 CNG - ok 16:59:40.0510 4880 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 16:59:40.0510 4880 Compbatt - ok 16:59:40.0526 4880 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 16:59:40.0526 4880 CompositeBus - ok 16:59:40.0542 4880 COMSysApp - ok 16:59:40.0573 4880 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 16:59:40.0573 4880 crcdisk - ok 16:59:40.0604 4880 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 16:59:40.0604 4880 CryptSvc - ok 16:59:40.0651 4880 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 16:59:40.0651 4880 DcomLaunch - ok 16:59:40.0682 4880 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 16:59:40.0698 4880 defragsvc - ok 16:59:40.0744 4880 Device Handle Service (0a403702cb00432ac818523cd416bf67) C:\Windows\SysWOW64\AsHookDevice.exe 16:59:40.0744 4880 Device Handle Service - ok 16:59:40.0744 4880 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 16:59:40.0760 4880 DfsC - ok 16:59:40.0776 4880 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 16:59:40.0776 4880 Dhcp - ok 16:59:40.0791 4880 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 16:59:40.0791 4880 discache - ok 16:59:40.0807 4880 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 16:59:40.0807 4880 Disk - ok 16:59:40.0822 4880 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 16:59:40.0838 4880 Dnscache - ok 16:59:40.0854 4880 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 16:59:40.0854 4880 dot3svc - ok 16:59:40.0869 4880 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 16:59:40.0869 4880 DPS - ok 16:59:40.0900 4880 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 16:59:40.0900 4880 drmkaud - ok 16:59:40.0932 4880 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 16:59:40.0947 4880 DXGKrnl - ok 16:59:40.0947 4880 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 16:59:40.0963 4880 EapHost - ok 16:59:41.0025 4880 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 16:59:41.0088 4880 ebdrv - ok 16:59:41.0150 4880 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 16:59:41.0150 4880 eeCtrl - ok 16:59:41.0181 4880 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 16:59:41.0181 4880 EFS - ok 16:59:41.0244 4880 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 16:59:41.0259 4880 ehRecvr - ok 16:59:41.0275 4880 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 16:59:41.0275 4880 ehSched - ok 16:59:41.0290 4880 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 16:59:41.0306 4880 elxstor - ok 16:59:41.0337 4880 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 16:59:41.0337 4880 EraserUtilRebootDrv - ok 16:59:41.0353 4880 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 16:59:41.0353 4880 ErrDev - ok 16:59:41.0384 4880 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 16:59:41.0400 4880 EventSystem - ok 16:59:41.0431 4880 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 16:59:41.0431 4880 exfat - ok 16:59:41.0446 4880 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 16:59:41.0446 4880 fastfat - ok 16:59:41.0478 4880 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 16:59:41.0493 4880 Fax - ok 16:59:41.0509 4880 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 16:59:41.0509 4880 fdc - ok 16:59:41.0524 4880 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 16:59:41.0524 4880 fdPHost - ok 16:59:41.0540 4880 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 16:59:41.0540 4880 FDResPub - ok 16:59:41.0556 4880 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 16:59:41.0556 4880 FileInfo - ok 16:59:41.0571 4880 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 16:59:41.0571 4880 Filetrace - ok 16:59:41.0587 4880 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 16:59:41.0587 4880 flpydisk - ok 16:59:41.0618 4880 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 16:59:41.0618 4880 FltMgr - ok 16:59:41.0649 4880 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 16:59:41.0665 4880 FontCache - ok 16:59:41.0696 4880 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 16:59:41.0712 4880 FontCache3.0.0.0 - ok 16:59:41.0727 4880 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 16:59:41.0727 4880 FsDepends - ok 16:59:41.0774 4880 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys 16:59:41.0774 4880 fssfltr - ok 16:59:41.0836 4880 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 16:59:41.0883 4880 fsssvc - ok 16:59:41.0899 4880 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 16:59:41.0899 4880 Fs_Rec - ok 16:59:41.0930 4880 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 16:59:41.0930 4880 fvevol - ok 16:59:41.0946 4880 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 16:59:41.0946 4880 gagp30kx - ok 16:59:41.0961 4880 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 16:59:41.0961 4880 GEARAspiWDM - ok 16:59:41.0977 4880 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 16:59:42.0039 4880 gpsvc - ok 16:59:42.0148 4880 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 16:59:42.0148 4880 hcw85cir - ok 16:59:42.0273 4880 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 16:59:42.0273 4880 HdAudAddService - ok 16:59:42.0304 4880 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 16:59:42.0320 4880 HDAudBus - ok 16:59:42.0351 4880 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 16:59:42.0351 4880 HidBatt - ok 16:59:42.0460 4880 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 16:59:42.0460 4880 HidBth - ok 16:59:42.0585 4880 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 16:59:42.0585 4880 HidIr - ok 16:59:42.0601 4880 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 16:59:42.0601 4880 hidserv - ok 16:59:42.0632 4880 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 16:59:42.0632 4880 HidUsb - ok 16:59:42.0648 4880 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 16:59:42.0663 4880 hkmsvc - ok 16:59:42.0679 4880 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 16:59:42.0679 4880 HomeGroupListener - ok 16:59:42.0710 4880 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 16:59:42.0710 4880 HomeGroupProvider - ok 16:59:42.0741 4880 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 16:59:42.0741 4880 HpSAMD - ok 16:59:42.0772 4880 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 16:59:42.0772 4880 HTTP - ok 16:59:42.0788 4880 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 16:59:42.0788 4880 hwpolicy - ok 16:59:42.0804 4880 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 16:59:42.0804 4880 i8042prt - ok 16:59:42.0835 4880 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys 16:59:42.0835 4880 iaStor - ok 16:59:42.0866 4880 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 16:59:42.0866 4880 iaStorV - ok 16:59:42.0944 4880 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 16:59:42.0960 4880 idsvc - ok 16:59:43.0100 4880 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120417.001\IDSvia64.sys 16:59:43.0100 4880 IDSVia64 - ok 16:59:43.0287 4880 igfx (bc610abb825504272364efe4c831e672) C:\Windows\system32\DRIVERS\igdkmd64.sys 16:59:43.0474 4880 igfx - ok 16:59:43.0490 4880 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 16:59:43.0490 4880 iirsp - ok 16:59:43.0521 4880 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 16:59:43.0537 4880 IKEEXT - ok 16:59:43.0552 4880 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys 16:59:43.0552 4880 Impcd - ok 16:59:43.0630 4880 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys 16:59:43.0662 4880 IntcAzAudAddService - ok 16:59:43.0677 4880 IntcDAud (4429b91b0fe91f9be8e24e93cc960368) C:\Windows\system32\DRIVERS\IntcDAud.sys 16:59:43.0677 4880 IntcDAud - ok 16:59:43.0693 4880 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 16:59:43.0693 4880 intelide - ok 16:59:43.0724 4880 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 16:59:43.0724 4880 intelppm - ok 16:59:43.0740 4880 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 16:59:43.0740 4880 IPBusEnum - ok 16:59:43.0771 4880 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:59:43.0771 4880 IpFilterDriver - ok 16:59:43.0786 4880 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 16:59:43.0786 4880 iphlpsvc - ok 16:59:43.0802 4880 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 16:59:43.0802 4880 IPMIDRV - ok 16:59:43.0818 4880 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 16:59:43.0818 4880 IPNAT - ok 16:59:43.0880 4880 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 16:59:43.0880 4880 iPod Service - ok 16:59:43.0896 4880 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 16:59:43.0896 4880 IRENUM - ok 16:59:43.0911 4880 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 16:59:43.0911 4880 isapnp - ok 16:59:43.0927 4880 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 16:59:43.0927 4880 iScsiPrt - ok 16:59:43.0958 4880 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 16:59:43.0958 4880 kbdclass - ok 16:59:43.0974 4880 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 16:59:43.0974 4880 kbdhid - ok 16:59:44.0020 4880 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 16:59:44.0020 4880 KeyIso - ok 16:59:44.0098 4880 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 16:59:44.0098 4880 KSecDD - ok 16:59:44.0114 4880 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 16:59:44.0114 4880 KSecPkg - ok 16:59:44.0130 4880 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 16:59:44.0130 4880 ksthunk - ok 16:59:44.0145 4880 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 16:59:44.0161 4880 KtmRm - ok 16:59:44.0192 4880 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 16:59:44.0192 4880 LanmanServer - ok 16:59:44.0208 4880 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 16:59:44.0208 4880 LanmanWorkstation - ok 16:59:44.0286 4880 LightScribeService (53710476495886d9961be46983a6a33f) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 16:59:44.0286 4880 LightScribeService - ok 16:59:44.0317 4880 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 16:59:44.0317 4880 lltdio - ok 16:59:44.0348 4880 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 16:59:44.0364 4880 lltdsvc - ok 16:59:44.0379 4880 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 16:59:44.0379 4880 lmhosts - ok 16:59:44.0426 4880 LMS (98b16e756243bea9410e32025b19c06f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 16:59:44.0426 4880 LMS - ok 16:59:44.0442 4880 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 16:59:44.0442 4880 LSI_FC - ok 16:59:44.0473 4880 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 16:59:44.0473 4880 LSI_SAS - ok 16:59:44.0504 4880 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 16:59:44.0504 4880 LSI_SAS2 - ok 16:59:44.0504 4880 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 16:59:44.0520 4880 LSI_SCSI - ok 16:59:44.0535 4880 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 16:59:44.0535 4880 luafv - ok 16:59:44.0551 4880 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 16:59:44.0551 4880 Mcx2Svc - ok 16:59:44.0566 4880 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 16:59:44.0566 4880 megasas - ok 16:59:44.0598 4880 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 16:59:44.0598 4880 MegaSR - ok 16:59:44.0613 4880 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys 16:59:44.0613 4880 MEIx64 - ok 16:59:44.0644 4880 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 16:59:44.0644 4880 MMCSS - ok 16:59:44.0660 4880 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 16:59:44.0660 4880 Modem - ok 16:59:44.0676 4880 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 16:59:44.0676 4880 monitor - ok 16:59:44.0691 4880 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 16:59:44.0691 4880 mouclass - ok 16:59:44.0691 4880 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 16:59:44.0691 4880 mouhid - ok 16:59:44.0707 4880 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 16:59:44.0707 4880 mountmgr - ok 16:59:44.0722 4880 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 16:59:44.0738 4880 mpio - ok 16:59:44.0738 4880 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 16:59:44.0738 4880 mpsdrv - ok 16:59:44.0769 4880 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 16:59:44.0785 4880 MpsSvc - ok 16:59:44.0800 4880 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 16:59:44.0800 4880 MRxDAV - ok 16:59:44.0832 4880 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 16:59:44.0832 4880 mrxsmb - ok 16:59:44.0863 4880 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:59:44.0863 4880 mrxsmb10 - ok 16:59:44.0878 4880 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:59:44.0878 4880 mrxsmb20 - ok 16:59:44.0894 4880 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 16:59:44.0894 4880 msahci - ok 16:59:44.0910 4880 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 16:59:44.0925 4880 msdsm - ok 16:59:44.0941 4880 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 16:59:44.0941 4880 MSDTC - ok 16:59:44.0956 4880 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 16:59:44.0956 4880 Msfs - ok 16:59:44.0972 4880 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 16:59:44.0972 4880 mshidkmdf - ok 16:59:44.0988 4880 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 16:59:44.0988 4880 msisadrv - ok 16:59:45.0003 4880 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 16:59:45.0003 4880 MSiSCSI - ok 16:59:45.0003 4880 msiserver - ok 16:59:45.0034 4880 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 16:59:45.0034 4880 MSKSSRV - ok 16:59:45.0050 4880 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 16:59:45.0050 4880 MSPCLOCK - ok 16:59:45.0066 4880 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 16:59:45.0066 4880 MSPQM - ok 16:59:45.0081 4880 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 16:59:45.0097 4880 MsRPC - ok 16:59:45.0112 4880 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 16:59:45.0112 4880 mssmbios - ok 16:59:45.0112 4880 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 16:59:45.0112 4880 MSTEE - ok 16:59:45.0128 4880 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 16:59:45.0144 4880 MTConfig - ok 16:59:45.0159 4880 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 16:59:45.0159 4880 Mup - ok 16:59:45.0222 4880 mv91xx (c752ab67a50f921622fe65725d1f6856) C:\Windows\system32\drivers\mv91xx.sys 16:59:45.0222 4880 mv91xx - ok 16:59:45.0346 4880 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe 16:59:45.0362 4880 N360 - ok 16:59:45.0378 4880 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 16:59:45.0378 4880 napagent - ok 16:59:45.0424 4880 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 16:59:45.0424 4880 NativeWifiP - ok 16:59:45.0487 4880 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120417.019\ENG64.SYS 16:59:45.0502 4880 NAVENG - ok 16:59:45.0549 4880 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120417.019\EX64.SYS 16:59:45.0565 4880 NAVEX15 - ok 16:59:45.0658 4880 NBService (b498a14133bd09ad0817590ace4470ad) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe 16:59:45.0674 4880 NBService - ok 16:59:45.0721 4880 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 16:59:45.0736 4880 NDIS - ok 16:59:45.0752 4880 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 16:59:45.0752 4880 NdisCap - ok 16:59:45.0768 4880 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 16:59:45.0768 4880 NdisTapi - ok 16:59:45.0783 4880 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 16:59:45.0783 4880 Ndisuio - ok 16:59:45.0799 4880 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 16:59:45.0814 4880 NdisWan - ok 16:59:45.0814 4880 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 16:59:45.0830 4880 NDProxy - ok 16:59:45.0846 4880 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll 16:59:45.0846 4880 Net Driver HPZ12 - ok 16:59:45.0861 4880 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 16:59:45.0861 4880 NetBIOS - ok 16:59:45.0892 4880 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 16:59:45.0892 4880 NetBT - ok 16:59:45.0908 4880 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 16:59:45.0924 4880 Netlogon - ok 16:59:45.0970 4880 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 16:59:45.0970 4880 Netman - ok 16:59:45.0986 4880 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 16:59:46.0002 4880 netprofm - ok 16:59:46.0064 4880 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:59:46.0064 4880 NetTcpPortSharing - ok 16:59:46.0095 4880 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 16:59:46.0095 4880 nfrd960 - ok 16:59:46.0126 4880 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 16:59:46.0126 4880 NlaSvc - ok 16:59:46.0173 4880 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe 16:59:46.0173 4880 NMIndexingService - ok 16:59:46.0189 4880 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 16:59:46.0189 4880 Npfs - ok 16:59:46.0189 4880 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 16:59:46.0189 4880 nsi - ok 16:59:46.0204 4880 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 16:59:46.0204 4880 nsiproxy - ok 16:59:46.0251 4880 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 16:59:46.0267 4880 Ntfs - ok 16:59:46.0282 4880 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 16:59:46.0282 4880 Null - ok 16:59:46.0314 4880 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\drivers\nusb3hub.sys 16:59:46.0314 4880 nusb3hub - ok 16:59:46.0329 4880 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\drivers\nusb3xhc.sys 16:59:46.0329 4880 nusb3xhc - ok 16:59:46.0360 4880 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 16:59:46.0360 4880 nvraid - ok 16:59:46.0376 4880 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 16:59:46.0376 4880 nvstor - ok 16:59:46.0407 4880 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 16:59:46.0407 4880 nv_agp - ok 16:59:46.0407 4880 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 16:59:46.0407 4880 ohci1394 - ok 16:59:46.0454 4880 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:59:46.0470 4880 ose - ok 16:59:46.0501 4880 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 16:59:46.0516 4880 p2pimsvc - ok 16:59:46.0532 4880 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 16:59:46.0532 4880 p2psvc - ok 16:59:46.0563 4880 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 16:59:46.0563 4880 Parport - ok 16:59:46.0579 4880 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 16:59:46.0579 4880 partmgr - ok 16:59:46.0594 4880 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 16:59:46.0594 4880 PcaSvc - ok 16:59:46.0610 4880 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 16:59:46.0610 4880 pci - ok 16:59:46.0610 4880 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 16:59:46.0610 4880 pciide - ok 16:59:46.0626 4880 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 16:59:46.0641 4880 pcmcia - ok 16:59:46.0641 4880 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 16:59:46.0641 4880 pcw - ok 16:59:46.0672 4880 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 16:59:46.0672 4880 PEAUTH - ok 16:59:46.0719 4880 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 16:59:46.0719 4880 PerfHost - ok 16:59:46.0766 4880 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 16:59:46.0782 4880 pla - ok 16:59:46.0844 4880 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 16:59:46.0844 4880 PlugPlay - ok 16:59:46.0891 4880 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll 16:59:46.0891 4880 Pml Driver HPZ12 - ok 16:59:46.0922 4880 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 16:59:46.0922 4880 PNRPAutoReg - ok 16:59:46.0922 4880 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 16:59:46.0922 4880 PNRPsvc - ok 16:59:46.0953 4880 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 16:59:46.0953 4880 PolicyAgent - ok 16:59:46.0984 4880 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 16:59:46.0984 4880 Power - ok 16:59:47.0016 4880 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 16:59:47.0016 4880 PptpMiniport - ok 16:59:47.0031 4880 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 16:59:47.0031 4880 Processor - ok 16:59:47.0047 4880 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 16:59:47.0062 4880 ProfSvc - ok 16:59:47.0078 4880 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 16:59:47.0078 4880 ProtectedStorage - ok 16:59:47.0094 4880 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 16:59:47.0094 4880 Psched - ok 16:59:47.0140 4880 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 16:59:47.0172 4880 ql2300 - ok 16:59:47.0187 4880 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 16:59:47.0187 4880 ql40xx - ok 16:59:47.0218 4880 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 16:59:47.0218 4880 QWAVE - ok 16:59:47.0234 4880 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 16:59:47.0234 4880 QWAVEdrv - ok 16:59:47.0250 4880 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 16:59:47.0250 4880 RasAcd - ok 16:59:47.0265 4880 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 16:59:47.0265 4880 RasAgileVpn - ok 16:59:47.0281 4880 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 16:59:47.0281 4880 RasAuto - ok 16:59:47.0312 4880 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 16:59:47.0312 4880 Rasl2tp - ok 16:59:47.0343 4880 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 16:59:47.0343 4880 RasMan - ok 16:59:47.0374 4880 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 16:59:47.0374 4880 RasPppoe - ok 16:59:47.0374 4880 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 16:59:47.0374 4880 RasSstp - ok 16:59:47.0406 4880 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 16:59:47.0406 4880 rdbss - ok 16:59:47.0421 4880 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 16:59:47.0437 4880 rdpbus - ok 16:59:47.0452 4880 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 16:59:47.0452 4880 RDPCDD - ok 16:59:47.0484 4880 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 16:59:47.0484 4880 RDPENCDD - ok 16:59:47.0499 4880 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 16:59:47.0499 4880 RDPREFMP - ok 16:59:47.0530 4880 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 16:59:47.0546 4880 RDPWD - ok 16:59:47.0562 4880 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 16:59:47.0562 4880 rdyboost - ok 16:59:47.0593 4880 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 16:59:47.0593 4880 RemoteAccess - ok 16:59:47.0608 4880 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 16:59:47.0608 4880 RemoteRegistry - ok 16:59:47.0624 4880 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 16:59:47.0624 4880 RpcEptMapper - ok 16:59:47.0640 4880 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 16:59:47.0640 4880 RpcLocator - ok 16:59:47.0671 4880 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 16:59:47.0671 4880 RpcSs - ok 16:59:47.0671 4880 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 16:59:47.0671 4880 rspndr - ok 16:59:47.0702 4880 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\Windows\system32\DRIVERS\Rt64win7.sys 16:59:47.0702 4880 RTL8167 - ok 16:59:47.0718 4880 RtNdPt60 (e16b7c030a05ef649b18fab0a93d871f) C:\Windows\system32\DRIVERS\RtNdPt60.sys 16:59:47.0718 4880 RtNdPt60 - ok 16:59:47.0733 4880 RTTEAMPT (1de78f5008120cd79b34c12394dcd493) C:\Windows\system32\DRIVERS\RtTeam60.sys 16:59:47.0733 4880 RTTEAMPT - ok 16:59:47.0749 4880 RTVLANPT (b1018aa1b5735f5fa89fd4dadf4bea7a) C:\Windows\system32\DRIVERS\RtVlan60.sys 16:59:47.0749 4880 RTVLANPT - ok 16:59:47.0764 4880 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 16:59:47.0764 4880 SamSs - ok 16:59:47.0827 4880 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 16:59:47.0842 4880 sbp2port - ok 16:59:47.0858 4880 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 16:59:47.0858 4880 SCardSvr - ok 16:59:47.0874 4880 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 16:59:47.0874 4880 scfilter - ok 16:59:47.0905 4880 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 16:59:47.0920 4880 Schedule - ok 16:59:47.0952 4880 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 16:59:47.0952 4880 SCPolicySvc - ok 16:59:47.0967 4880 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 16:59:47.0983 4880 SDRSVC - ok 16:59:48.0030 4880 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 16:59:48.0030 4880 SeaPort - ok 16:59:48.0061 4880 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 16:59:48.0061 4880 secdrv - ok 16:59:48.0076 4880 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 16:59:48.0076 4880 seclogon - ok 16:59:48.0108 4880 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 16:59:48.0108 4880 SENS - ok 16:59:48.0139 4880 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 16:59:48.0139 4880 SensrSvc - ok 16:59:48.0154 4880 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 16:59:48.0154 4880 Serenum - ok 16:59:48.0186 4880 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 16:59:48.0186 4880 Serial - ok 16:59:48.0201 4880 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 16:59:48.0201 4880 sermouse - ok 16:59:48.0232 4880 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 16:59:48.0232 4880 SessionEnv - ok 16:59:48.0264 4880 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 16:59:48.0264 4880 sffdisk - ok 16:59:48.0279 4880 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 16:59:48.0279 4880 sffp_mmc - ok 16:59:48.0295 4880 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 16:59:48.0295 4880 sffp_sd - ok 16:59:48.0310 4880 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 16:59:48.0310 4880 sfloppy - ok 16:59:48.0326 4880 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 16:59:48.0342 4880 SharedAccess - ok 16:59:48.0388 4880 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 16:59:48.0404 4880 ShellHWDetection - ok 16:59:48.0420 4880 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 16:59:48.0513 4880 SiSRaid2 - ok 16:59:48.0591 4880 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 16:59:48.0591 4880 SiSRaid4 - ok 16:59:48.0747 4880 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 16:59:48.0747 4880 Smb - ok 16:59:48.0794 4880 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 16:59:48.0794 4880 SNMPTRAP - ok 16:59:48.0810 4880 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 16:59:48.0810 4880 spldr - ok 16:59:48.0841 4880 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 16:59:48.0841 4880 Spooler - ok 16:59:48.0919 4880 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 16:59:48.0981 4880 sppsvc - ok 16:59:48.0981 4880 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 16:59:48.0981 4880 sppuinotify - ok 16:59:49.0075 4880 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS 16:59:49.0075 4880 SRTSP - ok 16:59:49.0090 4880 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS 16:59:49.0090 4880 SRTSPX - ok 16:59:49.0122 4880 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 16:59:49.0122 4880 srv - ok 16:59:49.0153 4880 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 16:59:49.0153 4880 srv2 - ok 16:59:49.0168 4880 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 16:59:49.0184 4880 srvnet - ok 16:59:49.0215 4880 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 16:59:49.0215 4880 SSDPSRV - ok 16:59:49.0231 4880 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 16:59:49.0231 4880 SstpSvc - ok 16:59:49.0262 4880 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 16:59:49.0262 4880 stexstor - ok 16:59:49.0309 4880 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 16:59:49.0309 4880 stisvc - ok 16:59:49.0324 4880 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 16:59:49.0324 4880 swenum - ok 16:59:49.0356 4880 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 16:59:49.0371 4880 swprv - ok 16:59:49.0387 4880 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS 16:59:49.0387 4880 SymDS - ok 16:59:49.0434 4880 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS 16:59:49.0449 4880 SymEFA - ok 16:59:49.0480 4880 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 16:59:49.0480 4880 SymEvent - ok 16:59:49.0496 4880 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS 16:59:49.0496 4880 SymIRON - ok 16:59:49.0527 4880 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS 16:59:49.0527 4880 SymNetS - ok 16:59:49.0574 4880 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 16:59:49.0621 4880 SysMain - ok 16:59:49.0621 4880 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 16:59:49.0621 4880 TabletInputService - ok 16:59:49.0652 4880 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 16:59:49.0652 4880 TapiSrv - ok 16:59:49.0683 4880 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 16:59:49.0683 4880 TBS - ok 16:59:49.0746 4880 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 16:59:49.0777 4880 Tcpip - ok 16:59:49.0824 4880 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 16:59:49.0839 4880 TCPIP6 - ok 16:59:49.0870 4880 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 16:59:49.0870 4880 tcpipreg - ok 16:59:49.0886 4880 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 16:59:49.0886 4880 TDPIPE - ok 16:59:49.0917 4880 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 16:59:49.0917 4880 TDTCP - ok 16:59:49.0933 4880 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 16:59:49.0933 4880 tdx - ok 16:59:49.0948 4880 TEAM (1de78f5008120cd79b34c12394dcd493) C:\Windows\system32\DRIVERS\RtTeam60.sys 16:59:49.0948 4880 TEAM - ok 16:59:49.0964 4880 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 16:59:49.0964 4880 TermDD - ok 16:59:49.0995 4880 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 16:59:49.0995 4880 TermService - ok 16:59:50.0026 4880 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 16:59:50.0026 4880 Themes - ok 16:59:50.0042 4880 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 16:59:50.0058 4880 THREADORDER - ok 16:59:50.0073 4880 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 16:59:50.0073 4880 TrkWks - ok 16:59:50.0104 4880 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 16:59:50.0120 4880 TrustedInstaller - ok 16:59:50.0136 4880 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 16:59:50.0136 4880 tssecsrv - ok 16:59:50.0136 4880 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 16:59:50.0136 4880 TsUsbFlt - ok 16:59:50.0151 4880 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 16:59:50.0151 4880 TsUsbGD - ok 16:59:50.0182 4880 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 16:59:50.0182 4880 tunnel - ok 16:59:50.0198 4880 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 16:59:50.0198 4880 uagp35 - ok 16:59:50.0229 4880 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 16:59:50.0229 4880 udfs - ok 16:59:50.0260 4880 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 16:59:50.0260 4880 UI0Detect - ok 16:59:50.0276 4880 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 16:59:50.0276 4880 uliagpkx - ok 16:59:50.0307 4880 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 16:59:50.0307 4880 umbus - ok 16:59:50.0307 4880 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 16:59:50.0307 4880 UmPass - ok 16:59:50.0416 4880 UNS (7a78ed1088890114dfde2c4ab038d6b6) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 16:59:50.0448 4880 UNS - ok 16:59:50.0479 4880 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 16:59:50.0479 4880 upnphost - ok 16:59:50.0526 4880 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 16:59:50.0526 4880 USBAAPL64 - ok 16:59:50.0541 4880 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 16:59:50.0541 4880 usbccgp - ok 16:59:50.0557 4880 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 16:59:50.0557 4880 usbcir - ok 16:59:50.0572 4880 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 16:59:50.0572 4880 usbehci - ok 16:59:50.0588 4880 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 16:59:50.0604 4880 usbhub - ok 16:59:50.0619 4880 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 16:59:50.0619 4880 usbohci - ok 16:59:50.0650 4880 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 16:59:50.0666 4880 usbprint - ok 16:59:50.0697 4880 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 16:59:50.0697 4880 usbscan - ok 16:59:50.0713 4880 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:59:50.0713 4880 USBSTOR - ok 16:59:50.0728 4880 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 16:59:50.0728 4880 usbuhci - ok 16:59:50.0760 4880 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 16:59:50.0760 4880 UxSms - ok 16:59:50.0838 4880 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 16:59:50.0838 4880 VaultSvc - ok 16:59:50.0853 4880 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 16:59:50.0853 4880 vdrvroot - ok 16:59:50.0869 4880 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 16:59:50.0884 4880 vds - ok 16:59:50.0884 4880 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 16:59:50.0884 4880 vga - ok 16:59:50.0900 4880 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 16:59:50.0900 4880 VgaSave - ok 16:59:50.0931 4880 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 16:59:50.0931 4880 vhdmp - ok 16:59:50.0947 4880 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 16:59:50.0947 4880 viaide - ok 16:59:50.0962 4880 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 16:59:50.0962 4880 volmgr - ok 16:59:50.0978 4880 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 16:59:50.0994 4880 volmgrx - ok 16:59:51.0009 4880 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 16:59:51.0009 4880 volsnap - ok 16:59:51.0040 4880 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 16:59:51.0040 4880 vsmraid - ok 16:59:51.0087 4880 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 16:59:51.0118 4880 VSS - ok 16:59:51.0134 4880 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 16:59:51.0134 4880 vwifibus - ok 16:59:51.0165 4880 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 16:59:51.0165 4880 W32Time - ok 16:59:51.0181 4880 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 16:59:51.0181 4880 WacomPen - ok 16:59:51.0196 4880 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 16:59:51.0196 4880 WANARP - ok 16:59:51.0212 4880 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 16:59:51.0212 4880 Wanarpv6 - ok 16:59:51.0274 4880 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 16:59:51.0290 4880 WatAdminSvc - ok 16:59:51.0337 4880 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 16:59:51.0352 4880 wbengine - ok 16:59:51.0368 4880 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 16:59:51.0368 4880 WbioSrvc - ok 16:59:51.0399 4880 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 16:59:51.0399 4880 wcncsvc - ok 16:59:51.0430 4880 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 16:59:51.0430 4880 WcsPlugInService - ok 16:59:51.0446 4880 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 16:59:51.0446 4880 Wd - ok 16:59:51.0477 4880 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 16:59:51.0477 4880 Wdf01000 - ok 16:59:51.0493 4880 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 16:59:51.0493 4880 WdiServiceHost - ok 16:59:51.0508 4880 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 16:59:51.0508 4880 WdiSystemHost - ok 16:59:51.0524 4880 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 16:59:51.0524 4880 WebClient - ok 16:59:51.0555 4880 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 16:59:51.0555 4880 Wecsvc - ok 16:59:51.0571 4880 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 16:59:51.0571 4880 wercplsupport - ok 16:59:51.0602 4880 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 16:59:51.0602 4880 WerSvc - ok 16:59:51.0602 4880 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 16:59:51.0618 4880 WfpLwf - ok 16:59:51.0618 4880 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 16:59:51.0618 4880 WIMMount - ok 16:59:51.0664 4880 WinDefend - ok 16:59:51.0664 4880 WinHttpAutoProxySvc - ok 16:59:51.0711 4880 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 16:59:51.0711 4880 Winmgmt - ok 16:59:51.0758 4880 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 16:59:51.0789 4880 WinRM - ok 16:59:51.0836 4880 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 16:59:51.0852 4880 Wlansvc - ok 16:59:51.0914 4880 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 16:59:51.0930 4880 wlcrasvc - ok 16:59:52.0008 4880 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 16:59:52.0039 4880 wlidsvc - ok 16:59:52.0070 4880 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 16:59:52.0070 4880 WmiAcpi - ok 16:59:52.0086 4880 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 16:59:52.0086 4880 wmiApSrv - ok 16:59:52.0117 4880 WMPNetworkSvc - ok 16:59:52.0132 4880 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 16:59:52.0132 4880 WPCSvc - ok 16:59:52.0148 4880 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 16:59:52.0148 4880 WPDBusEnum - ok 16:59:52.0164 4880 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 16:59:52.0164 4880 ws2ifsl - ok 16:59:52.0195 4880 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 16:59:52.0195 4880 wscsvc - ok 16:59:52.0195 4880 WSearch - ok 16:59:52.0257 4880 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 16:59:52.0288 4880 wuauserv - ok 16:59:52.0304 4880 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 16:59:52.0304 4880 WudfPf - ok 16:59:52.0320 4880 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 16:59:52.0335 4880 WUDFRd - ok 16:59:52.0351 4880 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 16:59:52.0351 4880 wudfsvc - ok 16:59:52.0366 4880 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 16:59:52.0382 4880 WwanSvc - ok 16:59:52.0413 4880 MBR (0x1B8) (4976d4a7a40b83fc7f06ee4bdd84eb9b) \Device\Harddisk0\DR0 16:59:52.0585 4880 \Device\Harddisk0\DR0 - ok 16:59:52.0585 4880 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR6 16:59:52.0725 4880 \Device\Harddisk6\DR6 - ok 16:59:52.0725 4880 Boot (0x1200) (bc5662fd06f3d074ba82d0e44227d208) \Device\Harddisk0\DR0\Partition0 16:59:52.0725 4880 \Device\Harddisk0\DR0\Partition0 - ok 16:59:52.0756 4880 Boot (0x1200) (97c6cbad2dca2c145d5ba6741f5aa2bf) \Device\Harddisk0\DR0\Partition1 16:59:52.0756 4880 \Device\Harddisk0\DR0\Partition1 - ok 16:59:52.0756 4880 Boot (0x1200) (4866b4354000fc713aeb6ba5c935354f) \Device\Harddisk6\DR6\Partition0 16:59:52.0756 4880 \Device\Harddisk6\DR6\Partition0 - ok 16:59:52.0756 4880 ============================================================ 16:59:52.0756 4880 Scan finished 16:59:52.0756 4880 ============================================================ 16:59:52.0772 2192 Detected object count: 0 16:59:52.0772 2192 Actual detected object count: 0 MBR.zip
- April 20, 2012
- 33 replies
Possible redirect infection

needhelp1 posted a topic in Resolved Malware Removal Logs

Merged Post We look for post with 0 replies Hi, Similar issue to others here. When I type in a URL wrong, instead of "can't find address" as before, now the page is redirected to a bogus site and an ad popup appears. Also, now when running Internet Explorer, two instances of IE appear in the task manager (previously just one, however, none appear when I don't run IE). And finally just this evening, when doing a Google search on multiple instances of IE in the task manager, the results were redirected to a bogus page. Malwarebytes, Norton 360, and TDSSKiller show nothing. Norton firewall does have double entries of "Internet Explorer is trying to access the internet" which it did not have before. Thanks for any help you can provide. Updated with DDS and Attach logs. DDS: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by PWS at 10:35:25 on 2012-04-18 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12199.10674 [GMT -5:00] . AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\SysWOW64\AsHookDevice.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . mStart Page = hxxp://asus.msn.com uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 TCP: Interfaces\{B572E52D-654C-4037-A505-6BF565430247} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll BHO-X64: Symantec NCO BHO - No File BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL BHO-X64: Symantec Intrusion Prevention - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-4-2 1160824] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120417.001\IDSviA64.sys [2012-4-17 488568] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2011-5-31 918144] R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe [2011-5-31 915072] R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [2011-5-31 586880] R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2011-5-31 203392] R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [2012-2-8 130008] R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-4 138360] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-31 2656280] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 253088] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?] S3 mv91xx;mv91xx;C:\Windows\system32\drivers\mv91xx.sys --> C:\Windows\system32\drivers\mv91xx.sys [?] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?] S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?] S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?] S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-04-14 19:03:32 -------- d-----w- C:\Program Files (x86)\TD3 2012-04-14 17:05:08 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-04-12 04:17:27 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-04-12 04:17:27 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-04-12 04:17:27 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-04-12 04:17:26 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-04-12 04:17:26 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-04-12 04:17:26 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-04-12 04:17:26 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll 2012-04-02 04:15:47 -------- d-----w- C:\Program Files\iTunes 2012-04-02 04:15:47 -------- d-----w- C:\Program Files\iPod 2012-04-02 04:15:47 -------- d-----w- C:\Program Files (x86)\iTunes 2012-03-30 14:15:36 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-03-26 03:14:30 -------- d-----w- C:\TDSSKiller_Quarantine . ==================== Find3M ==================== . 2012-04-14 17:06:05 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-16 03:57:32 116016 ----a-w- C:\Windows\System32\drivers\21858290.sys 2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys 2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll 2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe . ============= FINISH: 10:36:38.13 =============== Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 12/18/2011 12:24:35 PM System Uptime: 4/18/2012 10:33:56 AM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | CM6850 Processor: Intel® Core i5-2320 CPU @ 3.00GHz | LGA1155 | 3001/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 745 GiB total, 678.965 GiB free. D: is FIXED (NTFS) - 1104 GiB total, 1089.266 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable K: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP44: 3/12/2012 1:50:10 PM - Scheduled Checkpoint RP45: 3/13/2012 8:24:10 PM - Windows Update RP46: 3/13/2012 11:30:28 PM - Windows Update RP47: 3/21/2012 9:48:22 PM - Scheduled Checkpoint RP48: 3/30/2012 6:34:57 PM - Scheduled Checkpoint RP49: 4/7/2012 10:49:13 PM - Scheduled Checkpoint RP50: 4/11/2012 11:17:10 PM - Windows Update . ==== Installed Programs ====================== . Adobe Reader X (10.1.3) MUI AI Manager AI Suite II Apple Application Support Apple Software Update ASUS Backup Wizard AsusVibe2.0 Bing Bar Citrix XenApp Web Plugin Contrôle ActiveX Windows Live Mesh pour connexions à distance Control ActiveX de Windows Live Mesh para conexiones remotas D3DX10 DVD Shrink 3.2 Free M4a to MP3 Converter 7.0 Galerie de photos Windows Live Galería fotográfica de Windows Live HP Officejet Pro 8500 A910 Help HP Update I.R.I.S. OCR Intel® Management Engine Components Junk Mail filter update LightScribe System Software 1.10.13.1 Malwarebytes Anti-Malware version 1.61.0.1400 Marketsplash Shortcuts Mesh Runtime Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Standard Edition 2003 Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Train Simulator Microsoft Visual C++ 2005 Redistributable MLT Greater Toronto Area MSTS Patch 1.8.0521 EN MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser (KB973685) Nero 7 Essentials neroxml Norton Security Suite QuickTime RailDriver for MSTS RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek Ethernet Controller Driver Realtek Ethernet Diagnostic Utility Realtek High Definition Audio Driver RealUpgrade 1.1 Safari Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) TC Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 4/16/2012 12:53:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. . ==== End Of File ===========================
- April 18, 2012
- 33 replies

Sign In

needhelp1

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by needhelp1

Possible redirect infection

Possible redirect infection

Possible redirect infection

Possible redirect infection

Possible redirect infection

Possible redirect infection

Possible redirect infection

Possible redirect infection

Possible redirect infection

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information