Jump to content

VCS

Honorary Members
 View Profile  See their activity

  • Posts

    34

  • Joined

  • Last visited

 Content Type 

Everything posted by VCS

  1. VCS
    Removals completed. Everything seems to be back in order and we have visited Paypal. Thanks for all your help and expertise. Hopefully we won't be writing you back in the next three days, but it's good to know Malwarebytes forums have such helpful and dedicated experts.
  2. VCS
    Anything else?
  3. VCS
    Scan complete. No threats found.
  4. VCS
    FYI, when we logged on this morning, Symantec took the computer to black screen to "remove threats" then rebooted. So we launched the ESET scan again; it's at 49% and has found nothing. (Last night at 49% it found six; post #46.) We'll report back at 100%.
  5. VCS
    Thank you gringo. We will post with the scan is done and compare notes again tomorrow. So far (49%) it's found: Win64/Olmarik.AK.trojan Win32/Olmarik.AFK.trojan win64/Olmarik.AK.trojan a variant of win32/Rootkit.Kryptik.OX trojan Win64/Olmarik.AK trojan a variant of Win32/Olmarik.AYI trojan Seeing a pattern here. Talk to you tomorrow (and will post the report when it's done)
  6. VCS
    We're at 40% scan after 40 minutes. It's getting late in your time zone. Will you be available tomorrow to diagnose and recommend on this scan?
  7. VCS
    Good to know and thanks. Sadly, the latest scan (still running) is finding more problems. Stay tuned.
  8. VCS
    You have been most generous with your time and talent. Confirm, please, that any Paypal donation would reach you directly. Secondly, while we wait for the final scan to complete, what was at play in this computer corruption? We saw toolbar and Java deletes, but are unclear on the source of the issues. If you have time... insight is welcome.
  9. VCS
    At this time everything seems to be OK. What's it look like from your side?
  10. VCS
    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:49:28 PM, on 11/17/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19328) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Users\Vince\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe C:\Users\Vince\AppData\Local\Akamai\netsession_win.exe C:\Users\Vince\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Vince\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Vince\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Vince\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Vince\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Vince\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Vince\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.washington.edu/news R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Ghostery BHO - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\IPS\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coIEPlg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [NswUiTray] C:\Program Files (x86)\Norton SystemWorks\NswUiTray.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [googletalk] C:\Users\Vince\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Vince\AppData\Local\Akamai\netsession_win.exe" O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files (x86)\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files (x86)\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {10000000-1000-1000-1000-100000000000} - http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe O23 - Service: NETGEARGenieDaemon - NETGEAR - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11938 bytes
  11. VCS
    Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.17.06 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 8.0.6001.19328 Vince :: VINCE-PC [administrator] 11/17/2012 7:42:54 PM mbam-log-2012-11-17 (19-42-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 249094 Time elapsed: 3 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  12. VCS
    Update for Microsoft Office 2007 (KB2508958) 6400_Help Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements 7.0 Adobe Photoshop.com Inspiration Browser Adobe Premiere Elements 8.0 Adobe Reader 9.5.2 Akamai NetSession Interface Akamai NetSession Interface Service AnswerWorks 5.0 English Runtime Apple Application Support Apple Software Update bpd_scan BPDSoftware BPDSoftware_Ini Browser Address Error Redirector BufferChm Carbonite Online Backup Setup CCleaner CheckIt Diagnostics Compatibility Pack for the 2007 Office system CustomerResearchQFolder Dell-eBay Dell Getting Started Guide Dell Video Chat (remove only) DELL0604 Destination Component DeviceDiscovery DeviceManagementQFolder DocMgr DocProc DocProcQFolder eSupportQFolder Fax Ghostery IE Plugin Google Chrome Google Talk (remove only) Google Toolbar for Internet Explorer Google Update Helper GPBaseService Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Photosmart Essential 2.5 HP Product Detection HP Update HP_Network_UserGuide HPProductAssistant HPSSupply J6400 Java Auto Updater Java 6 Update 31 Java 6 Update 7 LiveUpdate (Symantec Corporation) Malwarebytes Anti-Malware version 1.65.1.1000 MarketResearch MediaDirect Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Communicator 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Live Add-in 1.5 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Mozilla Firefox 16.0.2 (x86 en-US) Mozilla Maintenance Service MSVCSetup MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NETGEAR Genie Norton 360 Norton Cleanup Norton SystemWorks Norton SystemWorks (Symantec Corporation) Norton Utilities PhotoshopdotcomInspirationBrowser ProductContext PSSWCORE Quicken WillMaker Plus 2012 QuickTime Realtek High Definition Audio Driver Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Sibelius 6.1.0.3 Demo Skype Toolbars Skype™ 5.10 SmartSound Quicktracks for Premiere Elements 8.0 SmartWebPrinting SolutionCenter Status Symantec Technical Support Web Controls Toolbox TrayApp TurboTax 2008 TurboTax 2008 WinPerFedFormset TurboTax 2008 WinPerProgramHelp TurboTax 2008 WinPerReleaseEngine TurboTax 2008 WinPerTaxSupport TurboTax 2008 WinPerUserEducation TurboTax 2008 wrapper TurboTax 2009 TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wrapper TurboTax 2010 TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wrapper UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) UWICK Tectia Client VideoToolkit01 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebReg WildTangent Games Yahoo! Toolbar
  13. VCS
    Should we reboot and run any more programs, perhaps re-run of Malwarebytes, where the problem was first detected?
  14. VCS
    How does it look from your side?
  15. VCS
    the Windows "winrscmde stopped working" window seems to have disappeared. Have not done a reboot or malwarebytes to see what they show since we started this process.
  16. VCS
    Just got the combofix report: ComboFix 12-11-16.02 - Vince 11/17/2012 17:24:35.2.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6132.4382 [GMT -8:00] Running from: c:\users\Vince\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\security\Database\tmp.edb c:\windows\svchost.exe c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 ))))))))))))))))))))))))))))))) . . 2012-11-18 01:33 . 2012-11-18 01:37 -------- d-----w- c:\users\Vince\AppData\Local\temp 2012-11-18 01:33 . 2012-11-18 01:33 -------- d-----w- c:\users\Gina\AppData\Local\temp 2012-11-18 01:33 . 2012-11-18 01:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-17 21:05 . 2012-11-17 21:05 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe 2012-11-17 21:05 . 2012-11-17 21:05 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll 2012-11-17 21:05 . 2012-11-17 21:05 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe 2012-11-16 15:37 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll 2012-11-16 15:37 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-16 15:36 . 2012-10-12 14:53 2769920 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-16 15:39 . 2006-11-02 12:35 66395536 ----a-w- c:\windows\system32\mrt.exe 2012-10-11 03:42 . 2012-04-04 02:56 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-11 03:42 . 2011-05-20 14:27 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-30 03:54 . 2009-06-13 04:11 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-13 13:45 . 2012-10-11 02:39 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-13 13:28 . 2012-10-11 02:39 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-25 11:50 . 2012-09-23 18:42 916992 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-25 11:44 . 2012-09-23 18:41 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-08-25 11:44 . 2012-09-23 18:41 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-25 11:44 . 2012-09-23 18:41 71680 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-08-25 11:44 . 2012-09-23 18:41 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-08-25 10:11 . 2012-09-23 18:41 385024 ----a-w- c:\windows\SysWow64\html.iec 2012-08-25 08:31 . 2012-09-23 18:41 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-25 08:29 . 2012-09-23 18:41 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-25 06:50 . 2012-09-23 18:41 1147392 ----a-w- c:\windows\system32\wininet.dll 2012-08-25 06:50 . 2012-09-23 18:41 1488384 ----a-w- c:\windows\system32\urlmon.dll 2012-08-25 06:50 . 2012-09-23 18:41 108032 ----a-w- c:\windows\system32\url.dll 2012-08-25 06:48 . 2012-09-23 18:41 243712 ----a-w- c:\windows\system32\occache.dll 2012-08-25 06:46 . 2012-09-23 18:41 1062912 ----a-w- c:\windows\system32\mstime.dll 2012-08-25 06:46 . 2012-09-23 18:42 9329152 ----a-w- c:\windows\system32\mshtml.dll 2012-08-25 06:46 . 2012-09-23 18:41 98304 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-25 06:46 . 2012-09-23 18:41 743424 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-25 06:46 . 2012-09-23 18:41 71680 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-08-25 06:45 . 2012-09-23 18:41 56832 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-25 06:45 . 2012-09-23 18:41 31744 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-25 06:45 . 2012-09-23 18:41 1538560 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-25 06:45 . 2012-09-23 18:41 2350592 ----a-w- c:\windows\system32\iertutil.dll 2012-08-25 06:45 . 2012-09-23 18:41 219136 ----a-w- c:\windows\system32\ieui.dll 2012-08-25 06:45 . 2012-09-23 18:41 77312 ----a-w- c:\windows\system32\iesetup.dll 2012-08-25 06:45 . 2012-09-23 18:41 132096 ----a-w- c:\windows\system32\iesysprep.dll 2012-08-25 06:45 . 2012-09-23 18:42 12509696 ----a-w- c:\windows\system32\ieframe.dll 2012-08-25 06:45 . 2012-09-23 18:41 72192 ----a-w- c:\windows\system32\iernonce.dll 2012-08-25 06:45 . 2012-09-23 18:41 252416 ----a-w- c:\windows\system32\iepeers.dll 2012-08-25 06:44 . 2012-09-23 18:41 459776 ----a-w- c:\windows\system32\iedkcs32.dll 2012-08-25 05:51 . 2012-09-23 18:41 479232 ----a-w- c:\windows\system32\html.iec 2012-08-25 05:08 . 2012-09-23 18:41 162816 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-25 05:07 . 2012-09-23 18:41 70656 ----a-w- c:\windows\system32\ie4uinit.exe 2012-08-25 05:07 . 2012-09-23 18:41 12288 ----a-w- c:\windows\system32\msfeedssync.exe 2012-08-25 05:07 . 2012-09-23 18:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 16:07 . 2012-10-11 02:39 218624 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 15:53 . 2012-10-11 02:39 172544 ----a-w- c:\windows\SysWow64\wintrust.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}] 2011-04-20 22:25 605888 ----a-w- c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408] "googletalk"="c:\users\Vince\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "Akamai NetSession Interface"="c:\users\Vince\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PCMService"="c:\program files (x86)\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392] "NswUiTray"="c:\program files (x86)\Norton SystemWorks\NswUiTray.exe" [2008-09-25 85360] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656] . c:\users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656] . c:\users\Vince\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312] S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [2008-07-28 86016] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - NPF . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Contents of the 'Scheduled Tasks' folder . 2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:42] . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 00:30] . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 00:30] . 2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3728418777-2139902927-2520845457-1000Core.job - c:\users\Vince\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-24 20:12] . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3728418777-2139902927-2520845457-1000UA.job - c:\users\Vince\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-24 20:12] . 2012-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3728418777-2139902927-2520845457-1001Core.job - c:\users\Gina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-27 14:52] . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3728418777-2139902927-2520845457-1001UA.job - c:\users\Gina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-27 14:52] . 2012-11-12 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job - c:\program files (x86)\Norton SystemWorks\OBC.exe [2008-09-25 21:52] . 2012-11-17 c:\windows\Tasks\User_Feed_Synchronization-{752E8AFC-A456-4073-BA10-26713BFDD11C}.job - c:\windows\system32\msfeedssync.exe [2012-09-23 08:30] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RAVCpl64.exe" [2008-07-28 6431232] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-17 151064] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-17 208920] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-17 176152] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.washington.edu/news mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090127 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll TCP: DhcpNameServer = 192.168.1.1 DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab FF - ProfilePath - c:\users\Vince\AppData\Roaming\Mozilla\Firefox\Profiles\q2dnqsfh.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.washington.edu/ FF - ExtSQL: !HIDDEN! 2009-08-30 18:12; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - ExtSQL: !HIDDEN! 2010-01-21 07:50; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe Wow6432Node-HKLM-Run-hpqSRMon - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-26841050.sys HKLM-Run-Skytel - Skytel.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . ------------------------ Other Running Processes ------------------------ . c:\program files\Dell\DellDock\DockLogin.exe c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe c:\program files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe c:\users\Vince\AppData\Local\Google\Chrome\Application\chrome.exe . ************************************************************************** . Completion time: 2012-11-17 17:42:33 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-18 01:42 . Pre-Run: 461,526,589,440 bytes free Post-Run: 461,132,374,016 bytes free . - - End Of File - - 6243A85B9268AD8B2EC8DA54D7A906EA
  17. VCS
    This time combofix is going much farther than before. We're at Completed State 5. Crossing fingers.
  18. VCS
    Here's aswMBR and re-running combofix now. aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-11-17 17:07:54 ----------------------------- 17:07:54.249 OS Version: Windows x64 6.0.6002 Service Pack 2 17:07:54.249 Number of processors: 4 586 0xF0B 17:07:54.250 ComputerName: VINCE-PC UserName: Vince 17:07:56.674 Initialize success 17:08:11.110 AVAST engine defs: 12111601 17:08:25.617 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 17:08:25.619 Disk 0 Vendor: WDC_WD6400AAKS-75A7B0 01.03B01 Size: 610480MB BusType: 3 17:08:25.625 Disk 0 MBR read successfully 17:08:25.627 Disk 0 MBR scan 17:08:25.630 Disk 0 Windows VISTA default MBR code 17:08:25.633 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 17:08:25.642 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920 17:08:25.657 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 595439 MB offset 30801920 17:08:25.676 Disk 0 scanning C:\Windows\system32\drivers 17:08:36.296 Service scanning 17:08:52.607 Modules scanning 17:08:52.613 Disk 0 trace - called modules: 17:08:52.631 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 17:08:52.636 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80074eb610] 17:08:52.640 3 CLASSPNP.SYS[fffffa60011d3c33] -> nt!IofCallDriver -> [0xfffffa800520a930] 17:08:52.645 5 acpi.sys[fffffa60008fafde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006155060] 17:08:53.980 AVAST engine scan C:\Windows 17:08:57.180 AVAST engine scan C:\Windows\system32 17:12:21.245 AVAST engine scan C:\Windows\system32\drivers 17:12:36.386 AVAST engine scan C:\Users\Vince 17:15:49.329 AVAST engine scan C:\ProgramData 17:16:54.235 Disk 0 MBR has been saved successfully to "C:\Users\Vince\Desktop\test\MBR.dat" 17:16:54.235 The log file has been saved successfully to "C:\Users\Vince\Desktop\test\aswMBR.txt"
  19. VCS
    Sorry we're on Page 2. Here's the first report: 16:55:52.0979 2824 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 16:55:53.0525 2824 ============================================================ 16:55:53.0525 2824 Current date / time: 2012/11/17 16:55:53.0525 16:55:53.0525 2824 SystemInfo: 16:55:53.0525 2824 16:55:53.0525 2824 OS Version: 6.0.6002 ServicePack: 2.0 16:55:53.0525 2824 Product type: Workstation 16:55:53.0525 2824 ComputerName: VINCE-PC 16:55:53.0525 2824 UserName: Vince 16:55:53.0525 2824 Windows directory: C:\Windows 16:55:53.0525 2824 System windows directory: C:\Windows 16:55:53.0525 2824 Running under WOW64 16:55:53.0525 2824 Processor architecture: Intel x64 16:55:53.0525 2824 Number of processors: 4 16:55:53.0525 2824 Page size: 0x1000 16:55:53.0525 2824 Boot type: Normal boot 16:55:53.0525 2824 ============================================================ 16:55:55.0678 2824 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:55:55.0678 2824 ============================================================ 16:55:55.0678 2824 \Device\Harddisk0\DR0: 16:55:55.0678 2824 MBR partitions: 16:55:55.0678 2824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000 16:55:55.0678 2824 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x48AF7AB0 16:55:55.0678 2824 ============================================================ 16:55:55.0709 2824 C: <-> \Device\Harddisk0\DR0\Partition2 16:55:55.0740 2824 D: <-> \Device\Harddisk0\DR0\Partition1 16:55:55.0740 2824 ============================================================ 16:55:55.0740 2824 Initialize success 16:55:55.0740 2824 ============================================================ 16:56:00.0062 4356 ============================================================ 16:56:00.0062 4356 Scan started 16:56:00.0062 4356 Mode: Manual; 16:56:00.0062 4356 ============================================================ 16:56:01.0044 4356 ================ Scan system memory ======================== 16:56:01.0044 4356 System memory - ok 16:56:01.0044 4356 ================ Scan services ============================= 16:56:01.0169 4356 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys 16:56:01.0169 4356 ACPI - ok 16:56:01.0263 4356 [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe 16:56:01.0278 4356 AdobeActiveFileMonitor7.0 - ok 16:56:01.0341 4356 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 16:56:01.0341 4356 AdobeFlashPlayerUpdateSvc - ok 16:56:01.0372 4356 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 16:56:01.0388 4356 adp94xx - ok 16:56:01.0403 4356 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys 16:56:01.0403 4356 adpahci - ok 16:56:01.0403 4356 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 16:56:01.0403 4356 adpu160m - ok 16:56:01.0419 4356 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 16:56:01.0419 4356 adpu320 - ok 16:56:01.0450 4356 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 16:56:01.0466 4356 AeLookupSvc - ok 16:56:01.0481 4356 [ 0D7A11395C0A33D9E7587CDB9866EFAD ] AERTFilters C:\Windows\system32\AERTSr64.exe 16:56:01.0481 4356 AERTFilters - ok 16:56:01.0512 4356 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys 16:56:01.0512 4356 AFD - ok 16:56:01.0544 4356 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys 16:56:01.0544 4356 agp440 - ok 16:56:01.0559 4356 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 16:56:01.0559 4356 aic78xx - ok 16:56:01.0700 4356 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll 16:56:01.0700 4356 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66 16:56:01.0715 4356 Akamai ( HiddenFile.Multi.Generic ) - warning 16:56:01.0715 4356 Akamai - detected HiddenFile.Multi.Generic (1) 16:56:01.0762 4356 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe 16:56:01.0762 4356 ALG - ok 16:56:01.0778 4356 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys 16:56:01.0778 4356 aliide - ok 16:56:01.0778 4356 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys 16:56:01.0778 4356 amdide - ok 16:56:01.0793 4356 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 16:56:01.0793 4356 AmdK8 - ok 16:56:01.0809 4356 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll 16:56:01.0809 4356 Appinfo - ok 16:56:01.0840 4356 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys 16:56:01.0840 4356 arc - ok 16:56:01.0856 4356 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys 16:56:01.0856 4356 arcsas - ok 16:56:01.0871 4356 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 16:56:01.0871 4356 AsyncMac - ok 16:56:01.0902 4356 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys 16:56:01.0902 4356 atapi - ok 16:56:01.0918 4356 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 16:56:01.0934 4356 AudioEndpointBuilder - ok 16:56:01.0980 4356 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll 16:56:01.0980 4356 AudioSrv - ok 16:56:02.0012 4356 [ 721409129AB3503B6C96404FE8D8CDF0 ] Automatic LiveUpdate Scheduler C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe 16:56:02.0027 4356 Automatic LiveUpdate Scheduler - ok 16:56:02.0058 4356 [ A2160C5D70F3517FC7356B689ABD6FCD ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl664.sys 16:56:02.0058 4356 BCM43XV - ok 16:56:02.0090 4356 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll 16:56:02.0105 4356 BFE - ok 16:56:02.0261 4356 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20121106.001\BHDrvx64.sys 16:56:02.0277 4356 BHDrvx64 - ok 16:56:02.0324 4356 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll 16:56:02.0355 4356 BITS - ok 16:56:02.0370 4356 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 16:56:02.0370 4356 blbdrive - ok 16:56:02.0402 4356 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 16:56:02.0402 4356 bowser - ok 16:56:02.0433 4356 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 16:56:02.0433 4356 BrFiltLo - ok 16:56:02.0433 4356 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 16:56:02.0433 4356 BrFiltUp - ok 16:56:02.0464 4356 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll 16:56:02.0464 4356 Browser - ok 16:56:02.0480 4356 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys 16:56:02.0480 4356 Brserid - ok 16:56:02.0495 4356 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 16:56:02.0495 4356 BrSerWdm - ok 16:56:02.0495 4356 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 16:56:02.0495 4356 BrUsbMdm - ok 16:56:02.0511 4356 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 16:56:02.0511 4356 BrUsbSer - ok 16:56:02.0526 4356 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 16:56:02.0526 4356 BTHMODEM - ok 16:56:02.0573 4356 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys 16:56:02.0573 4356 ccSet_N360 - ok 16:56:02.0589 4356 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 16:56:02.0589 4356 cdfs - ok 16:56:02.0620 4356 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 16:56:02.0620 4356 cdrom - ok 16:56:02.0651 4356 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll 16:56:02.0651 4356 CertPropSvc - ok 16:56:02.0667 4356 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys 16:56:02.0667 4356 circlass - ok 16:56:02.0698 4356 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys 16:56:02.0698 4356 CLFS - ok 16:56:02.0760 4356 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:56:02.0760 4356 clr_optimization_v2.0.50727_32 - ok 16:56:02.0792 4356 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 16:56:02.0792 4356 clr_optimization_v2.0.50727_64 - ok 16:56:02.0854 4356 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:56:02.0854 4356 clr_optimization_v4.0.30319_32 - ok 16:56:02.0901 4356 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 16:56:02.0901 4356 clr_optimization_v4.0.30319_64 - ok 16:56:02.0916 4356 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys 16:56:02.0916 4356 cmdide - ok 16:56:02.0916 4356 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 16:56:02.0916 4356 Compbatt - ok 16:56:02.0916 4356 COMSysApp - ok 16:56:02.0963 4356 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 16:56:02.0963 4356 crcdisk - ok 16:56:03.0010 4356 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll 16:56:03.0010 4356 CryptSvc - ok 16:56:03.0057 4356 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll 16:56:03.0072 4356 DcomLaunch - ok 16:56:03.0104 4356 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 16:56:03.0104 4356 DfsC - ok 16:56:03.0182 4356 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe 16:56:03.0275 4356 DFSR - ok 16:56:03.0322 4356 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll 16:56:03.0322 4356 Dhcp - ok 16:56:03.0353 4356 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys 16:56:03.0353 4356 disk - ok 16:56:03.0384 4356 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 16:56:03.0384 4356 Dnscache - ok 16:56:03.0400 4356 [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe 16:56:03.0400 4356 DockLoginService - ok 16:56:03.0431 4356 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll 16:56:03.0447 4356 dot3svc - ok 16:56:03.0478 4356 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 16:56:03.0478 4356 Dot4 - ok 16:56:03.0494 4356 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 16:56:03.0494 4356 Dot4Print - ok 16:56:03.0509 4356 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 16:56:03.0509 4356 dot4usb - ok 16:56:03.0540 4356 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll 16:56:03.0540 4356 DPS - ok 16:56:03.0572 4356 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 16:56:03.0572 4356 drmkaud - ok 16:56:03.0603 4356 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 16:56:03.0618 4356 DXGKrnl - ok 16:56:03.0650 4356 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys 16:56:03.0650 4356 e1express - ok 16:56:03.0665 4356 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys 16:56:03.0665 4356 E1G60 - ok 16:56:03.0696 4356 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll 16:56:03.0696 4356 EapHost - ok 16:56:03.0728 4356 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys 16:56:03.0728 4356 Ecache - ok 16:56:03.0790 4356 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 16:56:03.0790 4356 eeCtrl - ok 16:56:03.0821 4356 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe 16:56:03.0821 4356 ehRecvr - ok 16:56:03.0837 4356 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe 16:56:03.0837 4356 ehSched - ok 16:56:03.0868 4356 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll 16:56:03.0868 4356 ehstart - ok 16:56:03.0884 4356 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys 16:56:03.0899 4356 elxstor - ok 16:56:03.0946 4356 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll 16:56:03.0962 4356 EMDMgmt - ok 16:56:03.0977 4356 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 16:56:03.0977 4356 EraserUtilRebootDrv - ok 16:56:03.0993 4356 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys 16:56:03.0993 4356 ErrDev - ok 16:56:04.0024 4356 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll 16:56:04.0024 4356 EventSystem - ok 16:56:04.0055 4356 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys 16:56:04.0055 4356 exfat - ok 16:56:04.0086 4356 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys 16:56:04.0086 4356 fastfat - ok 16:56:04.0102 4356 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 16:56:04.0102 4356 fdc - ok 16:56:04.0118 4356 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll 16:56:04.0118 4356 fdPHost - ok 16:56:04.0133 4356 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll 16:56:04.0133 4356 FDResPub - ok 16:56:04.0149 4356 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 16:56:04.0149 4356 FileInfo - ok 16:56:04.0149 4356 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys 16:56:04.0149 4356 Filetrace - ok 16:56:04.0211 4356 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 16:56:04.0211 4356 FLEXnet Licensing Service - ok 16:56:04.0227 4356 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 16:56:04.0227 4356 flpydisk - ok 16:56:04.0258 4356 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 16:56:04.0258 4356 FltMgr - ok 16:56:04.0320 4356 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll 16:56:04.0336 4356 FontCache - ok 16:56:04.0383 4356 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 16:56:04.0383 4356 FontCache3.0.0.0 - ok 16:56:04.0398 4356 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 16:56:04.0398 4356 Fs_Rec - ok 16:56:04.0414 4356 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 16:56:04.0414 4356 gagp30kx - ok 16:56:04.0476 4356 [ 311ACFCDD2C9A99481E91FA4CB028D70 ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe 16:56:04.0476 4356 GameConsoleService - ok 16:56:04.0523 4356 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll 16:56:04.0523 4356 gpsvc - ok 16:56:04.0632 4356 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 16:56:04.0632 4356 gupdate - ok 16:56:04.0648 4356 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 16:56:04.0648 4356 gupdatem - ok 16:56:04.0679 4356 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 16:56:04.0679 4356 gusvc - ok 16:56:04.0726 4356 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 16:56:04.0726 4356 HDAudBus - ok 16:56:04.0742 4356 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys 16:56:04.0742 4356 HidBth - ok 16:56:04.0742 4356 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys 16:56:04.0742 4356 HidIr - ok 16:56:04.0773 4356 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll 16:56:04.0773 4356 hidserv - ok 16:56:04.0804 4356 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 16:56:04.0804 4356 HidUsb - ok 16:56:04.0820 4356 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll 16:56:04.0820 4356 hkmsvc - ok 16:56:04.0851 4356 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 16:56:04.0851 4356 HpCISSs - ok 16:56:04.0913 4356 [ B14328CFEEB6B736BE44C2C9DB3B162C ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 16:56:04.0929 4356 hpqcxs08 - ok 16:56:04.0944 4356 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 16:56:04.0944 4356 hpqddsvc - ok 16:56:04.0976 4356 [ 969F2F6571B915BADA4FA68228C2CBBC ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 16:56:04.0991 4356 HPSLPSVC - ok 16:56:05.0022 4356 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys 16:56:05.0038 4356 HTTP - ok 16:56:05.0038 4356 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys 16:56:05.0038 4356 i2omp - ok 16:56:05.0069 4356 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 16:56:05.0069 4356 i8042prt - ok 16:56:05.0100 4356 [ CEB53BB804B41C52AB0782505C8E2994 ] iaStor C:\Windows\system32\drivers\iastor.sys 16:56:05.0100 4356 iaStor - ok 16:56:05.0116 4356 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 16:56:05.0116 4356 iaStorV - ok 16:56:05.0163 4356 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 16:56:05.0163 4356 idsvc - ok 16:56:05.0241 4356 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20121116.001\IDSvia64.sys 16:56:05.0256 4356 IDSVia64 - ok 16:56:05.0428 4356 [ 2161876969E428A494F8D7C38FA6F513 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 16:56:05.0522 4356 igfx - ok 16:56:05.0537 4356 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys 16:56:05.0537 4356 iirsp - ok 16:56:05.0568 4356 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll 16:56:05.0568 4356 IKEEXT - ok 16:56:05.0615 4356 [ 0DD17D4B59D0EC40E3C86A505BB0B6DD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 16:56:05.0615 4356 IntcAzAudAddService - ok 16:56:05.0631 4356 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys 16:56:05.0631 4356 intelide - ok 16:56:05.0646 4356 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 16:56:05.0646 4356 intelppm - ok 16:56:05.0724 4356 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe 16:56:05.0724 4356 IntuitUpdateService - ok 16:56:05.0787 4356 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe 16:56:05.0787 4356 IntuitUpdateServiceV4 - ok 16:56:05.0818 4356 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 16:56:05.0818 4356 IPBusEnum - ok 16:56:05.0849 4356 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:56:05.0849 4356 IpFilterDriver - ok 16:56:05.0880 4356 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 16:56:05.0880 4356 iphlpsvc - ok 16:56:05.0880 4356 IpInIp - ok 16:56:05.0927 4356 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 16:56:05.0927 4356 IPMIDRV - ok 16:56:05.0943 4356 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 16:56:05.0943 4356 IPNAT - ok 16:56:05.0958 4356 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys 16:56:05.0958 4356 IRENUM - ok 16:56:05.0974 4356 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys 16:56:05.0974 4356 isapnp - ok 16:56:06.0005 4356 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 16:56:06.0005 4356 iScsiPrt - ok 16:56:06.0021 4356 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 16:56:06.0021 4356 iteatapi - ok 16:56:06.0021 4356 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys 16:56:06.0036 4356 iteraid - ok 16:56:06.0052 4356 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 16:56:06.0052 4356 kbdclass - ok 16:56:06.0068 4356 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 16:56:06.0068 4356 kbdhid - ok 16:56:06.0099 4356 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe 16:56:06.0099 4356 KeyIso - ok 16:56:06.0130 4356 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 16:56:06.0130 4356 KSecDD - ok 16:56:06.0177 4356 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 16:56:06.0177 4356 ksthunk - ok 16:56:06.0208 4356 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll 16:56:06.0224 4356 KtmRm - ok 16:56:06.0239 4356 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll 16:56:06.0239 4356 LanmanServer - ok 16:56:06.0270 4356 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 16:56:06.0270 4356 LanmanWorkstation - ok 16:56:06.0270 4356 Lbd - ok 16:56:06.0380 4356 [ 36375738DC0B3CD1F764268008E74FDF ] LiveUpdate C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE 16:56:06.0395 4356 LiveUpdate - ok 16:56:06.0411 4356 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 16:56:06.0411 4356 lltdio - ok 16:56:06.0458 4356 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll 16:56:06.0458 4356 lltdsvc - ok 16:56:06.0489 4356 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll 16:56:06.0489 4356 lmhosts - ok 16:56:06.0504 4356 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 16:56:06.0504 4356 LSI_FC - ok 16:56:06.0504 4356 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 16:56:06.0504 4356 LSI_SAS - ok 16:56:06.0520 4356 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 16:56:06.0520 4356 LSI_SCSI - ok 16:56:06.0536 4356 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys 16:56:06.0536 4356 luafv - ok 16:56:06.0551 4356 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 16:56:06.0567 4356 Mcx2Svc - ok 16:56:06.0582 4356 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys 16:56:06.0582 4356 megasas - ok 16:56:06.0614 4356 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys 16:56:06.0614 4356 MegaSR - ok 16:56:06.0614 4356 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll 16:56:06.0614 4356 MMCSS - ok 16:56:06.0629 4356 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys 16:56:06.0629 4356 Modem - ok 16:56:06.0645 4356 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 16:56:06.0645 4356 monitor - ok 16:56:06.0660 4356 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 16:56:06.0660 4356 mouclass - ok 16:56:06.0676 4356 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 16:56:06.0676 4356 mouhid - ok 16:56:06.0676 4356 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 16:56:06.0676 4356 MountMgr - ok 16:56:06.0738 4356 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 16:56:06.0738 4356 MozillaMaintenance - ok 16:56:06.0738 4356 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys 16:56:06.0738 4356 mpio - ok 16:56:06.0754 4356 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 16:56:06.0754 4356 mpsdrv - ok 16:56:06.0785 4356 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll 16:56:06.0785 4356 MpsSvc - ok 16:56:06.0785 4356 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 16:56:06.0801 4356 Mraid35x - ok 16:56:06.0816 4356 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 16:56:06.0816 4356 MRxDAV - ok 16:56:06.0848 4356 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 16:56:06.0848 4356 mrxsmb - ok 16:56:06.0879 4356 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:56:06.0879 4356 mrxsmb10 - ok 16:56:06.0894 4356 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:56:06.0894 4356 mrxsmb20 - ok 16:56:06.0926 4356 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys 16:56:06.0926 4356 msahci - ok 16:56:06.0926 4356 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys 16:56:06.0941 4356 msdsm - ok 16:56:06.0957 4356 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe 16:56:06.0972 4356 MSDTC - ok 16:56:06.0988 4356 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys 16:56:07.0004 4356 Msfs - ok 16:56:07.0004 4356 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 16:56:07.0004 4356 msisadrv - ok 16:56:07.0035 4356 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 16:56:07.0035 4356 MSiSCSI - ok 16:56:07.0035 4356 msiserver - ok 16:56:07.0050 4356 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 16:56:07.0050 4356 MSKSSRV - ok 16:56:07.0066 4356 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 16:56:07.0066 4356 MSPCLOCK - ok 16:56:07.0082 4356 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 16:56:07.0082 4356 MSPQM - ok 16:56:07.0113 4356 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 16:56:07.0113 4356 MsRPC - ok 16:56:07.0128 4356 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 16:56:07.0128 4356 mssmbios - ok 16:56:07.0128 4356 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 16:56:07.0128 4356 MSTEE - ok 16:56:07.0128 4356 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys 16:56:07.0128 4356 Mup - ok 16:56:07.0191 4356 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe 16:56:07.0191 4356 N360 - ok 16:56:07.0206 4356 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll 16:56:07.0222 4356 napagent - ok 16:56:07.0238 4356 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 16:56:07.0238 4356 NativeWifiP - ok 16:56:07.0300 4356 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20121117.005\ENG64.SYS 16:56:07.0316 4356 NAVENG - ok 16:56:07.0409 4356 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20121117.005\EX64.SYS 16:56:07.0409 4356 NAVEX15 - ok 16:56:07.0472 4356 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys 16:56:07.0472 4356 NDIS - ok 16:56:07.0487 4356 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 16:56:07.0487 4356 NdisTapi - ok 16:56:07.0503 4356 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 16:56:07.0503 4356 Ndisuio - ok 16:56:07.0518 4356 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 16:56:07.0518 4356 NdisWan - ok 16:56:07.0534 4356 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 16:56:07.0534 4356 NDProxy - ok 16:56:07.0550 4356 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 16:56:07.0550 4356 Net Driver HPZ12 - ok 16:56:07.0565 4356 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 16:56:07.0565 4356 NetBIOS - ok 16:56:07.0581 4356 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 16:56:07.0596 4356 netbt - ok 16:56:07.0674 4356 [ EA833758BE56A68AABECD50E1DDCF4A3 ] NETGEARGenieDaemon C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe 16:56:07.0690 4356 NETGEARGenieDaemon - ok 16:56:07.0706 4356 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe 16:56:07.0706 4356 Netlogon - ok 16:56:07.0721 4356 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll 16:56:07.0721 4356 Netman - ok 16:56:07.0752 4356 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll 16:56:07.0752 4356 netprofm - ok 16:56:07.0768 4356 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:56:07.0784 4356 NetTcpPortSharing - ok 16:56:07.0799 4356 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 16:56:07.0799 4356 nfrd960 - ok 16:56:07.0799 4356 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll 16:56:07.0815 4356 NlaSvc - ok 16:56:07.0830 4356 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys 16:56:07.0830 4356 NPF - ok 16:56:07.0846 4356 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys 16:56:07.0846 4356 Npfs - ok 16:56:07.0893 4356 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll 16:56:07.0908 4356 nsi - ok 16:56:07.0908 4356 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 16:56:07.0908 4356 nsiproxy - ok 16:56:07.0955 4356 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 16:56:07.0971 4356 Ntfs - ok 16:56:07.0986 4356 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys 16:56:07.0986 4356 Null - ok 16:56:07.0986 4356 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys 16:56:07.0986 4356 nvraid - ok 16:56:08.0002 4356 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys 16:56:08.0002 4356 nvstor - ok 16:56:08.0018 4356 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 16:56:08.0018 4356 nv_agp - ok 16:56:08.0018 4356 NwlnkFlt - ok 16:56:08.0033 4356 NwlnkFwd - ok 16:56:08.0080 4356 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 16:56:08.0080 4356 odserv - ok 16:56:08.0142 4356 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 16:56:08.0142 4356 ohci1394 - ok 16:56:08.0174 4356 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:56:08.0174 4356 ose - ok 16:56:08.0236 4356 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll 16:56:08.0252 4356 p2pimsvc - ok 16:56:08.0314 4356 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll 16:56:08.0314 4356 p2psvc - ok 16:56:08.0314 4356 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys 16:56:08.0314 4356 Parport - ok 16:56:08.0345 4356 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys 16:56:08.0345 4356 partmgr - ok 16:56:08.0345 4356 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll 16:56:08.0361 4356 PcaSvc - ok 16:56:08.0392 4356 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys 16:56:08.0392 4356 pci - ok 16:56:08.0423 4356 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys 16:56:08.0423 4356 pciide - ok 16:56:08.0439 4356 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 16:56:08.0439 4356 pcmcia - ok 16:56:08.0454 4356 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys 16:56:08.0470 4356 PEAUTH - ok 16:56:08.0517 4356 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe 16:56:08.0517 4356 PerfHost - ok 16:56:08.0579 4356 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll 16:56:08.0595 4356 pla - ok 16:56:08.0626 4356 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 16:56:08.0626 4356 PlugPlay - ok 16:56:08.0642 4356 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 16:56:08.0642 4356 Pml Driver HPZ12 - ok 16:56:08.0657 4356 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 16:56:08.0673 4356 PNRPAutoReg - ok 16:56:08.0688 4356 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll 16:56:08.0688 4356 PNRPsvc - ok 16:56:08.0704 4356 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 16:56:08.0720 4356 PolicyAgent - ok 16:56:08.0829 4356 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 16:56:08.0829 4356 PptpMiniport - ok 16:56:08.0907 4356 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys 16:56:08.0907 4356 Processor - ok 16:56:09.0063 4356 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll 16:56:09.0063 4356 ProfSvc - ok 16:56:09.0110 4356 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe 16:56:09.0110 4356 ProtectedStorage - ok 16:56:09.0312 4356 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys 16:56:09.0312 4356 PSched - ok 16:56:09.0546 4356 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 16:56:09.0546 4356 PxHlpa64 - ok 16:56:09.0609 4356 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys 16:56:09.0624 4356 ql2300 - ok 16:56:09.0656 4356 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 16:56:09.0656 4356 ql40xx - ok 16:56:09.0671 4356 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll 16:56:09.0671 4356 QWAVE - ok 16:56:09.0687 4356 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 16:56:09.0687 4356 QWAVEdrv - ok 16:56:09.0749 4356 [ 2A09A6B271D1F50ADF5E33B37D460DE6 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys 16:56:09.0765 4356 R300 - ok 16:56:09.0780 4356 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 16:56:09.0780 4356 RasAcd - ok 16:56:09.0780 4356 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll 16:56:09.0796 4356 RasAuto - ok 16:56:09.0812 4356 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 16:56:09.0812 4356 Rasl2tp - ok 16:56:09.0843 4356 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll 16:56:09.0843 4356 RasMan - ok 16:56:09.0858 4356 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 16:56:09.0858 4356 RasPppoe - ok 16:56:09.0890 4356 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 16:56:09.0890 4356 RasSstp - ok 16:56:09.0952 4356 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 16:56:09.0952 4356 rdbss - ok 16:56:09.0968 4356 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 16:56:09.0968 4356 RDPCDD - ok 16:56:09.0983 4356 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 16:56:09.0983 4356 rdpdr - ok 16:56:09.0999 4356 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 16:56:09.0999 4356 RDPENCDD - ok 16:56:10.0030 4356 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 16:56:10.0030 4356 RDPWD - ok 16:56:10.0046 4356 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll 16:56:10.0061 4356 RemoteAccess - ok 16:56:10.0077 4356 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll 16:56:10.0077 4356 RemoteRegistry - ok 16:56:10.0092 4356 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe 16:56:10.0092 4356 RpcLocator - ok 16:56:10.0124 4356 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll 16:56:10.0139 4356 RpcSs - ok 16:56:10.0155 4356 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 16:56:10.0155 4356 rspndr - ok 16:56:10.0170 4356 [ C4DD02A9D97C5531E145F9E4420636F8 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys 16:56:10.0186 4356 RTL8169 - ok 16:56:10.0186 4356 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe 16:56:10.0186 4356 SamSs - ok 16:56:10.0202 4356 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 16:56:10.0202 4356 sbp2port - ok 16:56:10.0233 4356 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll 16:56:10.0233 4356 SCardSvr - ok 16:56:10.0264 4356 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll 16:56:10.0280 4356 Schedule - ok 16:56:10.0311 4356 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll 16:56:10.0311 4356 SCPolicySvc - ok 16:56:10.0326 4356 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll 16:56:10.0326 4356 SDRSVC - ok 16:56:10.0326 4356 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 16:56:10.0326 4356 secdrv - ok 16:56:10.0389 4356 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll 16:56:10.0404 4356 seclogon - ok 16:56:10.0404 4356 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll 16:56:10.0404 4356 SENS - ok 16:56:10.0420 4356 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys 16:56:10.0420 4356 Serenum - ok 16:56:10.0436 4356 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys 16:56:10.0436 4356 Serial - ok 16:56:10.0451 4356 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys 16:56:10.0451 4356 sermouse - ok 16:56:10.0498 4356 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll 16:56:10.0498 4356 SessionEnv - ok 16:56:10.0529 4356 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 16:56:10.0529 4356 sffdisk - ok 16:56:10.0545 4356 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 16:56:10.0545 4356 sffp_mmc - ok 16:56:10.0545 4356 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 16:56:10.0545 4356 sffp_sd - ok 16:56:10.0545 4356 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 16:56:10.0545 4356 sfloppy - ok 16:56:10.0607 4356 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll 16:56:10.0607 4356 SharedAccess - ok 16:56:10.0638 4356 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 16:56:10.0638 4356 ShellHWDetection - ok 16:56:10.0654 4356 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 16:56:10.0654 4356 SiSRaid2 - ok 16:56:10.0670 4356 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 16:56:10.0670 4356 SiSRaid4 - ok 16:56:10.0701 4356 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 16:56:10.0701 4356 SkypeUpdate - ok 16:56:10.0748 4356 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe 16:56:10.0810 4356 slsvc - ok 16:56:10.0841 4356 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll 16:56:10.0841 4356 SLUINotify - ok 16:56:10.0872 4356 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys 16:56:10.0872 4356 Smb - ok 16:56:10.0872 4356 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe 16:56:10.0872 4356 SNMPTRAP - ok 16:56:10.0904 4356 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys 16:56:10.0904 4356 spldr - ok 16:56:10.0935 4356 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe 16:56:10.0935 4356 Spooler - ok 16:56:10.0997 4356 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS 16:56:11.0013 4356 SRTSP - ok 16:56:11.0013 4356 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS 16:56:11.0013 4356 SRTSPX - ok 16:56:11.0060 4356 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys 16:56:11.0075 4356 srv - ok 16:56:11.0091 4356 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 16:56:11.0091 4356 srv2 - ok 16:56:11.0122 4356 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 16:56:11.0122 4356 srvnet - ok 16:56:11.0138 4356 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 16:56:11.0138 4356 SSDPSRV - ok 16:56:11.0153 4356 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll 16:56:11.0169 4356 SstpSvc - ok 16:56:11.0184 4356 [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 16:56:11.0184 4356 StillCam - ok 16:56:11.0216 4356 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll 16:56:11.0231 4356 stisvc - ok 16:56:11.0262 4356 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 16:56:11.0262 4356 stllssvr - ok 16:56:11.0294 4356 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys 16:56:11.0294 4356 swenum - ok 16:56:11.0325 4356 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll 16:56:11.0340 4356 swprv - ok 16:56:11.0403 4356 [ 267C914667C94E5F47D342311C1C577F ] Symantec RemoteAssist C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe 16:56:11.0403 4356 Symantec RemoteAssist - ok 16:56:11.0450 4356 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 16:56:11.0450 4356 Symc8xx - ok 16:56:11.0465 4356 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS 16:56:11.0481 4356 SymDS - ok 16:56:11.0512 4356 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS 16:56:11.0543 4356 SymEFA - ok 16:56:11.0574 4356 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 16:56:11.0574 4356 SymEvent - ok 16:56:11.0590 4356 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS 16:56:11.0590 4356 SymIRON - ok 16:56:11.0621 4356 [ A25FEE245C78804601D83431386A0BEE ] SYMTDIv C:\Windows\System32\Drivers\N360x64\0604000.009\SYMTDIV.SYS 16:56:11.0621 4356 SYMTDIv - ok 16:56:11.0637 4356 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 16:56:11.0637 4356 Sym_hi - ok 16:56:11.0637 4356 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 16:56:11.0637 4356 Sym_u3 - ok 16:56:11.0684 4356 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll 16:56:11.0684 4356 SysMain - ok 16:56:11.0715 4356 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll 16:56:11.0715 4356 TabletInputService - ok 16:56:11.0746 4356 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll 16:56:11.0746 4356 TapiSrv - ok 16:56:11.0762 4356 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll 16:56:11.0762 4356 TBS - ok 16:56:11.0808 4356 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys 16:56:11.0808 4356 Tcpip - ok 16:56:11.0840 4356 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 16:56:11.0855 4356 Tcpip6 - ok 16:56:11.0871 4356 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 16:56:11.0871 4356 tcpipreg - ok 16:56:11.0886 4356 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 16:56:11.0886 4356 TDPIPE - ok 16:56:11.0902 4356 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 16:56:11.0902 4356 TDTCP - ok 16:56:11.0933 4356 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 16:56:11.0933 4356 tdx - ok 16:56:11.0949 4356 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 16:56:11.0949 4356 TermDD - ok 16:56:11.0996 4356 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll 16:56:11.0996 4356 TermService - ok 16:56:12.0011 4356 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll 16:56:12.0011 4356 Themes - ok 16:56:12.0027 4356 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll 16:56:12.0027 4356 THREADORDER - ok 16:56:12.0042 4356 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll 16:56:12.0042 4356 TrkWks - ok 16:56:12.0058 4356 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 16:56:12.0058 4356 TrustedInstaller - ok 16:56:12.0074 4356 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 16:56:12.0074 4356 tssecsrv - ok 16:56:12.0105 4356 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 16:56:12.0105 4356 tunmp - ok 16:56:12.0120 4356 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 16:56:12.0120 4356 tunnel - ok 16:56:12.0136 4356 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 16:56:12.0136 4356 uagp35 - ok 16:56:12.0167 4356 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 16:56:12.0167 4356 udfs - ok 16:56:12.0183 4356 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe 16:56:12.0183 4356 UI0Detect - ok 16:56:12.0198 4356 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 16:56:12.0198 4356 uliagpkx - ok 16:56:12.0198 4356 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys 16:56:12.0198 4356 uliahci - ok 16:56:12.0214 4356 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys 16:56:12.0214 4356 UlSata - ok 16:56:12.0230 4356 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 16:56:12.0230 4356 ulsata2 - ok 16:56:12.0245 4356 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 16:56:12.0245 4356 umbus - ok 16:56:12.0261 4356 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll 16:56:12.0261 4356 upnphost - ok 16:56:12.0292 4356 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 16:56:12.0292 4356 usbccgp - ok 16:56:12.0308 4356 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys 16:56:12.0308 4356 usbcir - ok 16:56:12.0323 4356 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 16:56:12.0323 4356 usbehci - ok 16:56:12.0339 4356 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 16:56:12.0339 4356 usbhub - ok 16:56:12.0354 4356 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys 16:56:12.0354 4356 usbohci - ok 16:56:12.0370 4356 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 16:56:12.0370 4356 usbprint - ok 16:56:12.0401 4356 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 16:56:12.0401 4356 usbscan - ok 16:56:12.0417 4356 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:56:12.0417 4356 USBSTOR - ok 16:56:12.0448 4356 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 16:56:12.0448 4356 usbuhci - ok 16:56:12.0464 4356 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll 16:56:12.0464 4356 UxSms - ok 16:56:12.0495 4356 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe 16:56:12.0510 4356 vds - ok 16:56:12.0557 4356 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 16:56:12.0557 4356 vga - ok 16:56:12.0573 4356 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys 16:56:12.0573 4356 VgaSave - ok 16:56:12.0588 4356 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys 16:56:12.0588 4356 viaide - ok 16:56:12.0588 4356 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys 16:56:12.0588 4356 volmgr - ok 16:56:12.0620 4356 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 16:56:12.0620 4356 volmgrx - ok 16:56:12.0651 4356 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys 16:56:12.0651 4356 volsnap - ok 16:56:12.0666 4356 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 16:56:12.0666 4356 vsmraid - ok 16:56:12.0713 4356 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe 16:56:12.0744 4356 VSS - ok 16:56:12.0776 4356 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll 16:56:12.0776 4356 W32Time - ok 16:56:12.0791 4356 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 16:56:12.0791 4356 WacomPen - ok 16:56:12.0822 4356 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 16:56:12.0822 4356 Wanarp - ok 16:56:12.0869 4356 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 16:56:12.0885 4356 Wanarpv6 - ok 16:56:13.0056 4356 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll 16:56:13.0181 4356 wcncsvc - ok 16:56:13.0212 4356 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 16:56:13.0212 4356 WcsPlugInService - ok 16:56:13.0228 4356 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys 16:56:13.0228 4356 Wd - ok 16:56:13.0244 4356 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 16:56:13.0259 4356 Wdf01000 - ok 16:56:13.0306 4356 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll 16:56:13.0306 4356 WdiServiceHost - ok 16:56:13.0306 4356 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll 16:56:13.0306 4356 WdiSystemHost - ok 16:56:13.0368 4356 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll 16:56:13.0368 4356 WebClient - ok 16:56:13.0400 4356 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll 16:56:13.0400 4356 Wecsvc - ok 16:56:13.0415 4356 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll 16:56:13.0415 4356 wercplsupport - ok 16:56:13.0431 4356 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll 16:56:13.0431 4356 WerSvc - ok 16:56:13.0446 4356 WinDefend - ok 16:56:13.0446 4356 WinHttpAutoProxySvc - ok 16:56:13.0493 4356 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 16:56:13.0493 4356 Winmgmt - ok 16:56:13.0540 4356 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll 16:56:13.0587 4356 WinRM - ok 16:56:13.0618 4356 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll 16:56:13.0634 4356 Wlansvc - ok 16:56:13.0727 4356 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 16:56:13.0758 4356 wlidsvc - ok 16:56:13.0774 4356 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 16:56:13.0774 4356 WmiAcpi - ok 16:56:13.0805 4356 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 16:56:13.0805 4356 wmiApSrv - ok 16:56:13.0805 4356 WMPNetworkSvc - ok 16:56:13.0836 4356 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll 16:56:13.0836 4356 WPCSvc - ok 16:56:13.0852 4356 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 16:56:13.0868 4356 WPDBusEnum - ok 16:56:13.0883 4356 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 16:56:13.0883 4356 WpdUsb - ok 16:56:14.0133 4356 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 16:56:14.0148 4356 WPFFontCache_v0400 - ok 16:56:14.0164 4356 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 16:56:14.0164 4356 ws2ifsl - ok 16:56:14.0180 4356 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll 16:56:14.0195 4356 wscsvc - ok 16:56:14.0195 4356 WSearch - ok 16:56:14.0258 4356 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 16:56:14.0289 4356 wuauserv - ok 16:56:14.0304 4356 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 16:56:14.0304 4356 WUDFRd - ok 16:56:14.0320 4356 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll 16:56:14.0320 4356 wudfsvc - ok 16:56:14.0336 4356 ================ Scan global =============================== 16:56:14.0351 4356 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll 16:56:14.0382 4356 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll 16:56:14.0398 4356 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll 16:56:14.0429 4356 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe 16:56:14.0429 4356 [Global] - ok 16:56:14.0429 4356 ================ Scan MBR ================================== 16:56:14.0445 4356 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0 16:56:14.0445 4356 Suspicious mbr (Forged): \Device\Harddisk0\DR0 16:56:14.0507 4356 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 16:56:14.0507 4356 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 16:56:14.0507 4356 ================ Scan VBR ================================== 16:56:14.0523 4356 [ 3DFBA14AF92E5FFB4121740B84C67E09 ] \Device\Harddisk0\DR0\Partition1 16:56:14.0523 4356 \Device\Harddisk0\DR0\Partition1 - ok 16:56:14.0523 4356 [ 40566CFED7FD1B1FB1A4694BA94D16C6 ] \Device\Harddisk0\DR0\Partition2 16:56:14.0523 4356 \Device\Harddisk0\DR0\Partition2 - ok 16:56:14.0523 4356 ============================================================ 16:56:14.0523 4356 Scan finished 16:56:14.0523 4356 ============================================================ 16:56:14.0538 1808 Detected object count: 2 16:56:14.0538 1808 Actual detected object count: 2 16:57:14.0224 1808 Akamai ( HiddenFile.Multi.Generic ) - skipped by user 16:57:14.0224 1808 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 16:57:15.0846 1808 \Device\Harddisk0\DR0\# - copied to quarantine 16:57:15.0846 1808 \Device\Harddisk0\DR0 - copied to quarantine 16:57:15.0878 1808 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 16:57:15.0893 1808 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 16:57:16.0283 1808 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 16:57:16.0408 1808 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 16:57:16.0408 1808 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 16:57:16.0424 1808 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 16:57:16.0455 1808 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 16:57:16.0470 1808 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 16:57:16.0548 1808 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 16:57:16.0580 1808 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 16:57:16.0611 1808 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 16:57:16.0658 1808 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 16:57:16.0658 1808 \Device\Harddisk0\DR0 - ok 16:57:16.0658 1808 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 16:57:23.0038 4328 Deinitialize success
  20. VCS
    The Combofix program rebooted on its own and did not reopen an admin window when Windows restarted. We're guessing the program is working in the background. ??? After that we did get a popup that one of the Norton processes had stopped working, but that issue apparently has resolved as the popup is gone. Nonetheless, the CPU seems mostly idle. The "winrscmde stopped working and was closed" window continues to open everytime you close it. Recommendations?
  21. VCS
    Good news. The admin window says the scan could take 10 to 20 minutes, so at least know what to expect.
  22. VCS
    It had been going for perhaps 20 minutes; restarted and now the admin window has opened and it is in fact running.
  23. VCS
    FYI we signed onto another computer while ComboFix does its work to give you a status update. We've had one blue screen of death, but recovered from that, and ComboFix said it was detecting Norton 360's background scan even though we put everything in a delay mode (max allowed). The Norton help site said you cannot turn off scanning in 360, only extend the time of the delay. We let ComboFix proceed and it said it would. But we haven't heard from it in a while. Does this typically take a long time? Standing by for ComboFix to finish.
  24. VCS
    RogueKiller V8.3.0 [Nov 17 2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : Vince [Admin rights] Mode : Remove -- Date : 11/17/2012 14:18:47 ¤¤¤ Bad processes : 4 ¤¤¤ [sUSP PATH] RAVCpl64.exe -- C:\Windows\RAVCpl64.exe -> KILLED [TermProc] [sUSP PATH] GoogleCrashHandler.exe -- C:\Users\Vince\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe -> KILLED [TermProc] [sUSP PATH] GoogleCrashHandler64.exe -- C:\Users\Vince\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe -> KILLED [TermProc] [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermThr] ¤¤¤ Registry Entries : 4 ¤¤¤ [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> D:\windows\system32\config\SOFTWARE -> D:\Users\Default\NTUSER.DAT ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD6400AAKS-75A7B0 ATA Device +++++ --- User --- [MBR] f6d056e782c2b823983a84ee88fa9f63 [bSP] 9ca88377777070f4140b4b7266a7a7e9 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 595439 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] da088a57642c2de403e38999ea1b980e [bSP] 9ca88377777070f4140b4b7266a7a7e9 : Windows Vista MBR Code Partition table: 1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 3 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 595439 Mo Finished : << RKreport[2]_D_11172012_02d1418.txt >> RKreport[1]_S_11172012_02d1418.txt ; RKreport[2]_D_11172012_02d1418.txt
  25. VCS
    # AdwCleaner v2.007 - Logfile created 11/17/2012 at 14:05:46 # Updated 06/11/2012 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (64 bits) # User : Vince - VINCE-PC # Boot Mode : Normal # Running from : C:\Users\Vince\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Ask.com Deleted on reboot : C:\ProgramData\Ask Deleted on reboot : C:\Users\Gina\AppData\LocalLow\AskToolbar Deleted on reboot : C:\Users\Vince\AppData\LocalLow\AskToolbar Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} File Deleted : C:\Users\Public\Desktop\eBay.lnk ***** [Registry] ***** Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.19328 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\Vince\AppData\Roaming\Mozilla\Firefox\Profiles\q2dnqsfh.default\prefs.js Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Deleted : user_pref("browser.search.defaultenginename", "Ask.com"); Deleted : user_pref("browser.search.order.1", "Ask.com"); Deleted : user_pref("extensions.asktb.ff-original-keyword-url", ""); Profile name : default File : C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\8woer8b1.default\prefs.js Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Deleted : user_pref("browser.search.defaultenginename", "Ask.com"); Deleted : user_pref("browser.search.order.1", "Ask.com"); Deleted : user_pref("extensions.asktb.ff-original-keyword-url", ""); -\\ Google Chrome v23.0.1271.64 File : C:\Users\Vince\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Gina\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [4483 octets] - [17/11/2012 14:05:46] ########## EOF - C:\AdwCleaner[s1].txt - [4543 octets] ##########
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.