VCS
-
Posts
34 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by VCS
-
-
-
Scan complete. No threats found.
-
FYI, when we logged on this morning, Symantec took the computer to black screen to "remove threats" then rebooted. So we launched the ESET scan again; it's at 49% and has found nothing. (Last night at 49% it found six; post #46.) We'll report back at 100%.
-
Thank you gringo. We will post with the scan is done and compare notes again tomorrow. So far (49%) it's found:
Win64/Olmarik.AK.trojan
Win32/Olmarik.AFK.trojan
win64/Olmarik.AK.trojan
a variant of win32/Rootkit.Kryptik.OX trojan
Win64/Olmarik.AK trojan
a variant of Win32/Olmarik.AYI trojan
Seeing a pattern here. Talk to you tomorrow (and will post the report when it's done)
-
We're at 40% scan after 40 minutes. It's getting late in your time zone. Will you be available tomorrow to diagnose and recommend on this scan?
-
Good to know and thanks.
Sadly, the latest scan (still running) is finding more problems. Stay tuned.
-
You have been most generous with your time and talent. Confirm, please, that any Paypal donation would reach you directly.
Secondly, while we wait for the final scan to complete, what was at play in this computer corruption? We saw toolbar and Java deletes, but are unclear on the source of the issues. If you have time... insight is welcome.
-
At this time everything seems to be OK. What's it look like from your side?
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:49:28 PM, on 11/17/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19328)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Vince\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
C:\Users\Vince\AppData\Local\Akamai\netsession_win.exe
C:\Users\Vince\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vince\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vince\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vince\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vince\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vince\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vince\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.washington.edu/news
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ghostery BHO - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\IPS\IPSBHO.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NswUiTray] C:\Program Files (x86)\Norton SystemWorks\NswUiTray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\Vince\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Vince\AppData\Local\Akamai\netsession_win.exe"
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files (x86)\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files (x86)\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {10000000-1000-1000-1000-100000000000} - http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
O23 - Service: NETGEARGenieDaemon - NETGEAR - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11938 bytes
-
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.17.06
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19328
Vince :: VINCE-PC [administrator]
11/17/2012 7:42:54 PM
mbam-log-2012-11-17 (19-42-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249094
Time elapsed: 3 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Update for Microsoft Office 2007 (KB2508958)
6400_Help
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 8.0
Adobe Reader 9.5.2
Akamai NetSession Interface
Akamai NetSession Interface Service
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
bpd_scan
BPDSoftware
BPDSoftware_Ini
Browser Address Error Redirector
BufferChm
Carbonite Online Backup Setup
CCleaner
CheckIt Diagnostics
Compatibility Pack for the 2007 Office system
CustomerResearchQFolder
Dell-eBay
Dell Getting Started Guide
Dell Video Chat (remove only)
DELL0604
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocMgr
DocProc
DocProcQFolder
eSupportQFolder
Fax
Ghostery IE Plugin
Google Chrome
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photosmart Essential 2.5
HP Product Detection
HP Update
HP_Network_UserGuide
HPProductAssistant
HPSSupply
J6400
Java Auto Updater
Java 6 Update 31
Java 6 Update 7
LiveUpdate (Symantec Corporation)
Malwarebytes Anti-Malware version 1.65.1.1000
MarketResearch
MediaDirect
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR Genie
Norton 360
Norton Cleanup
Norton SystemWorks
Norton SystemWorks (Symantec Corporation)
Norton Utilities
PhotoshopdotcomInspirationBrowser
ProductContext
PSSWCORE
Quicken WillMaker Plus 2012
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Sibelius 6.1.0.3 Demo
Skype Toolbars
Skype™ 5.10
SmartSound Quicktracks for Premiere Elements 8.0
SmartWebPrinting
SolutionCenter
Status
Symantec Technical Support Web Controls
Toolbox
TrayApp
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
UWICK Tectia Client
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebReg
WildTangent Games
Yahoo! Toolbar
-
Should we reboot and run any more programs, perhaps re-run of Malwarebytes, where the problem was first detected?
-
How does it look from your side?
-
the Windows "winrscmde stopped working" window seems to have disappeared. Have not done a reboot or malwarebytes to see what they show since we started this process.
-
Just got the combofix report:
ComboFix 12-11-16.02 - Vince 11/17/2012 17:24:35.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6132.4382 [GMT -8:00]
Running from: c:\users\Vince\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
c:\windows\svchost.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))
.
.
2012-11-18 01:33 . 2012-11-18 01:37 -------- d-----w- c:\users\Vince\AppData\Local\temp
2012-11-18 01:33 . 2012-11-18 01:33 -------- d-----w- c:\users\Gina\AppData\Local\temp
2012-11-18 01:33 . 2012-11-18 01:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-17 21:05 . 2012-11-17 21:05 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-11-17 21:05 . 2012-11-17 21:05 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-11-17 21:05 . 2012-11-17 21:05 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-11-16 15:37 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 15:37 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-16 15:36 . 2012-10-12 14:53 2769920 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 15:39 . 2006-11-02 12:35 66395536 ----a-w- c:\windows\system32\mrt.exe
2012-10-11 03:42 . 2012-04-04 02:56 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-11 03:42 . 2011-05-20 14:27 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 03:54 . 2009-06-13 04:11 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 13:45 . 2012-10-11 02:39 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-13 13:28 . 2012-10-11 02:39 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-25 11:50 . 2012-09-23 18:42 916992 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-25 11:44 . 2012-09-23 18:41 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-08-25 11:44 . 2012-09-23 18:41 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-25 11:44 . 2012-09-23 18:41 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-08-25 11:44 . 2012-09-23 18:41 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-08-25 10:11 . 2012-09-23 18:41 385024 ----a-w- c:\windows\SysWow64\html.iec
2012-08-25 08:31 . 2012-09-23 18:41 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-25 08:29 . 2012-09-23 18:41 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-25 06:50 . 2012-09-23 18:41 1147392 ----a-w- c:\windows\system32\wininet.dll
2012-08-25 06:50 . 2012-09-23 18:41 1488384 ----a-w- c:\windows\system32\urlmon.dll
2012-08-25 06:50 . 2012-09-23 18:41 108032 ----a-w- c:\windows\system32\url.dll
2012-08-25 06:48 . 2012-09-23 18:41 243712 ----a-w- c:\windows\system32\occache.dll
2012-08-25 06:46 . 2012-09-23 18:41 1062912 ----a-w- c:\windows\system32\mstime.dll
2012-08-25 06:46 . 2012-09-23 18:42 9329152 ----a-w- c:\windows\system32\mshtml.dll
2012-08-25 06:46 . 2012-09-23 18:41 98304 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-25 06:46 . 2012-09-23 18:41 743424 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-25 06:46 . 2012-09-23 18:41 71680 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-08-25 06:45 . 2012-09-23 18:41 56832 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-25 06:45 . 2012-09-23 18:41 31744 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-25 06:45 . 2012-09-23 18:41 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-25 06:45 . 2012-09-23 18:41 2350592 ----a-w- c:\windows\system32\iertutil.dll
2012-08-25 06:45 . 2012-09-23 18:41 219136 ----a-w- c:\windows\system32\ieui.dll
2012-08-25 06:45 . 2012-09-23 18:41 77312 ----a-w- c:\windows\system32\iesetup.dll
2012-08-25 06:45 . 2012-09-23 18:41 132096 ----a-w- c:\windows\system32\iesysprep.dll
2012-08-25 06:45 . 2012-09-23 18:42 12509696 ----a-w- c:\windows\system32\ieframe.dll
2012-08-25 06:45 . 2012-09-23 18:41 72192 ----a-w- c:\windows\system32\iernonce.dll
2012-08-25 06:45 . 2012-09-23 18:41 252416 ----a-w- c:\windows\system32\iepeers.dll
2012-08-25 06:44 . 2012-09-23 18:41 459776 ----a-w- c:\windows\system32\iedkcs32.dll
2012-08-25 05:51 . 2012-09-23 18:41 479232 ----a-w- c:\windows\system32\html.iec
2012-08-25 05:08 . 2012-09-23 18:41 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-25 05:07 . 2012-09-23 18:41 70656 ----a-w- c:\windows\system32\ie4uinit.exe
2012-08-25 05:07 . 2012-09-23 18:41 12288 ----a-w- c:\windows\system32\msfeedssync.exe
2012-08-25 05:07 . 2012-09-23 18:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 16:07 . 2012-10-11 02:39 218624 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 15:53 . 2012-10-11 02:39 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}]
2011-04-20 22:25 605888 ----a-w- c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408]
"googletalk"="c:\users\Vince\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Akamai NetSession Interface"="c:\users\Vince\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files (x86)\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"NswUiTray"="c:\program files (x86)\Norton SystemWorks\NswUiTray.exe" [2008-09-25 85360]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Vince\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [2008-07-28 86016]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NPF
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:42]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 00:30]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 00:30]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3728418777-2139902927-2520845457-1000Core.job
- c:\users\Vince\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-24 20:12]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3728418777-2139902927-2520845457-1000UA.job
- c:\users\Vince\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-24 20:12]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3728418777-2139902927-2520845457-1001Core.job
- c:\users\Gina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-27 14:52]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3728418777-2139902927-2520845457-1001UA.job
- c:\users\Gina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-27 14:52]
.
2012-11-12 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files (x86)\Norton SystemWorks\OBC.exe [2008-09-25 21:52]
.
2012-11-17 c:\windows\Tasks\User_Feed_Synchronization-{752E8AFC-A456-4073-BA10-26713BFDD11C}.job
- c:\windows\system32\msfeedssync.exe [2012-09-23 08:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-28 6431232]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-17 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-17 208920]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-17 176152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.washington.edu/news
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090127
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
FF - ProfilePath - c:\users\Vince\AppData\Roaming\Mozilla\Firefox\Profiles\q2dnqsfh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.washington.edu/
FF - ExtSQL: !HIDDEN! 2009-08-30 18:12; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-01-21 07:50; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-hpqSRMon - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-26841050.sys
HKLM-Run-Skytel - Skytel.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
c:\program files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
c:\users\Vince\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2012-11-17 17:42:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-18 01:42
.
Pre-Run: 461,526,589,440 bytes free
Post-Run: 461,132,374,016 bytes free
.
- - End Of File - - 6243A85B9268AD8B2EC8DA54D7A906EA
-
This time combofix is going much farther than before. We're at Completed State 5. Crossing fingers.
-
Here's aswMBR and re-running combofix now.
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-17 17:07:54
-----------------------------
17:07:54.249 OS Version: Windows x64 6.0.6002 Service Pack 2
17:07:54.249 Number of processors: 4 586 0xF0B
17:07:54.250 ComputerName: VINCE-PC UserName: Vince
17:07:56.674 Initialize success
17:08:11.110 AVAST engine defs: 12111601
17:08:25.617 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:08:25.619 Disk 0 Vendor: WDC_WD6400AAKS-75A7B0 01.03B01 Size: 610480MB BusType: 3
17:08:25.625 Disk 0 MBR read successfully
17:08:25.627 Disk 0 MBR scan
17:08:25.630 Disk 0 Windows VISTA default MBR code
17:08:25.633 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
17:08:25.642 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
17:08:25.657 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 595439 MB offset 30801920
17:08:25.676 Disk 0 scanning C:\Windows\system32\drivers
17:08:36.296 Service scanning
17:08:52.607 Modules scanning
17:08:52.613 Disk 0 trace - called modules:
17:08:52.631 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:08:52.636 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80074eb610]
17:08:52.640 3 CLASSPNP.SYS[fffffa60011d3c33] -> nt!IofCallDriver -> [0xfffffa800520a930]
17:08:52.645 5 acpi.sys[fffffa60008fafde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006155060]
17:08:53.980 AVAST engine scan C:\Windows
17:08:57.180 AVAST engine scan C:\Windows\system32
17:12:21.245 AVAST engine scan C:\Windows\system32\drivers
17:12:36.386 AVAST engine scan C:\Users\Vince
17:15:49.329 AVAST engine scan C:\ProgramData
17:16:54.235 Disk 0 MBR has been saved successfully to "C:\Users\Vince\Desktop\test\MBR.dat"
17:16:54.235 The log file has been saved successfully to "C:\Users\Vince\Desktop\test\aswMBR.txt"
-
Sorry we're on Page 2. Here's the first report:
16:55:52.0979 2824 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:55:53.0525 2824 ============================================================
16:55:53.0525 2824 Current date / time: 2012/11/17 16:55:53.0525
16:55:53.0525 2824 SystemInfo:
16:55:53.0525 2824
16:55:53.0525 2824 OS Version: 6.0.6002 ServicePack: 2.0
16:55:53.0525 2824 Product type: Workstation
16:55:53.0525 2824 ComputerName: VINCE-PC
16:55:53.0525 2824 UserName: Vince
16:55:53.0525 2824 Windows directory: C:\Windows
16:55:53.0525 2824 System windows directory: C:\Windows
16:55:53.0525 2824 Running under WOW64
16:55:53.0525 2824 Processor architecture: Intel x64
16:55:53.0525 2824 Number of processors: 4
16:55:53.0525 2824 Page size: 0x1000
16:55:53.0525 2824 Boot type: Normal boot
16:55:53.0525 2824 ============================================================
16:55:55.0678 2824 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:55:55.0678 2824 ============================================================
16:55:55.0678 2824 \Device\Harddisk0\DR0:
16:55:55.0678 2824 MBR partitions:
16:55:55.0678 2824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
16:55:55.0678 2824 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x48AF7AB0
16:55:55.0678 2824 ============================================================
16:55:55.0709 2824 C: <-> \Device\Harddisk0\DR0\Partition2
16:55:55.0740 2824 D: <-> \Device\Harddisk0\DR0\Partition1
16:55:55.0740 2824 ============================================================
16:55:55.0740 2824 Initialize success
16:55:55.0740 2824 ============================================================
16:56:00.0062 4356 ============================================================
16:56:00.0062 4356 Scan started
16:56:00.0062 4356 Mode: Manual;
16:56:00.0062 4356 ============================================================
16:56:01.0044 4356 ================ Scan system memory ========================
16:56:01.0044 4356 System memory - ok
16:56:01.0044 4356 ================ Scan services =============================
16:56:01.0169 4356 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:56:01.0169 4356 ACPI - ok
16:56:01.0263 4356 [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
16:56:01.0278 4356 AdobeActiveFileMonitor7.0 - ok
16:56:01.0341 4356 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:56:01.0341 4356 AdobeFlashPlayerUpdateSvc - ok
16:56:01.0372 4356 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:56:01.0388 4356 adp94xx - ok
16:56:01.0403 4356 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:56:01.0403 4356 adpahci - ok
16:56:01.0403 4356 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:56:01.0403 4356 adpu160m - ok
16:56:01.0419 4356 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:56:01.0419 4356 adpu320 - ok
16:56:01.0450 4356 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:56:01.0466 4356 AeLookupSvc - ok
16:56:01.0481 4356 [ 0D7A11395C0A33D9E7587CDB9866EFAD ] AERTFilters C:\Windows\system32\AERTSr64.exe
16:56:01.0481 4356 AERTFilters - ok
16:56:01.0512 4356 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
16:56:01.0512 4356 AFD - ok
16:56:01.0544 4356 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:56:01.0544 4356 agp440 - ok
16:56:01.0559 4356 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:56:01.0559 4356 aic78xx - ok
16:56:01.0700 4356 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
16:56:01.0700 4356 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
16:56:01.0715 4356 Akamai ( HiddenFile.Multi.Generic ) - warning
16:56:01.0715 4356 Akamai - detected HiddenFile.Multi.Generic (1)
16:56:01.0762 4356 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
16:56:01.0762 4356 ALG - ok
16:56:01.0778 4356 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys
16:56:01.0778 4356 aliide - ok
16:56:01.0778 4356 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
16:56:01.0778 4356 amdide - ok
16:56:01.0793 4356 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:56:01.0793 4356 AmdK8 - ok
16:56:01.0809 4356 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
16:56:01.0809 4356 Appinfo - ok
16:56:01.0840 4356 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
16:56:01.0840 4356 arc - ok
16:56:01.0856 4356 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:56:01.0856 4356 arcsas - ok
16:56:01.0871 4356 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:56:01.0871 4356 AsyncMac - ok
16:56:01.0902 4356 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
16:56:01.0902 4356 atapi - ok
16:56:01.0918 4356 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:56:01.0934 4356 AudioEndpointBuilder - ok
16:56:01.0980 4356 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:56:01.0980 4356 AudioSrv - ok
16:56:02.0012 4356 [ 721409129AB3503B6C96404FE8D8CDF0 ] Automatic LiveUpdate Scheduler C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
16:56:02.0027 4356 Automatic LiveUpdate Scheduler - ok
16:56:02.0058 4356 [ A2160C5D70F3517FC7356B689ABD6FCD ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl664.sys
16:56:02.0058 4356 BCM43XV - ok
16:56:02.0090 4356 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
16:56:02.0105 4356 BFE - ok
16:56:02.0261 4356 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20121106.001\BHDrvx64.sys
16:56:02.0277 4356 BHDrvx64 - ok
16:56:02.0324 4356 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
16:56:02.0355 4356 BITS - ok
16:56:02.0370 4356 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:56:02.0370 4356 blbdrive - ok
16:56:02.0402 4356 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:56:02.0402 4356 bowser - ok
16:56:02.0433 4356 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:56:02.0433 4356 BrFiltLo - ok
16:56:02.0433 4356 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:56:02.0433 4356 BrFiltUp - ok
16:56:02.0464 4356 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
16:56:02.0464 4356 Browser - ok
16:56:02.0480 4356 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
16:56:02.0480 4356 Brserid - ok
16:56:02.0495 4356 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:56:02.0495 4356 BrSerWdm - ok
16:56:02.0495 4356 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:56:02.0495 4356 BrUsbMdm - ok
16:56:02.0511 4356 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:56:02.0511 4356 BrUsbSer - ok
16:56:02.0526 4356 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:56:02.0526 4356 BTHMODEM - ok
16:56:02.0573 4356 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys
16:56:02.0573 4356 ccSet_N360 - ok
16:56:02.0589 4356 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:56:02.0589 4356 cdfs - ok
16:56:02.0620 4356 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:56:02.0620 4356 cdrom - ok
16:56:02.0651 4356 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
16:56:02.0651 4356 CertPropSvc - ok
16:56:02.0667 4356 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
16:56:02.0667 4356 circlass - ok
16:56:02.0698 4356 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
16:56:02.0698 4356 CLFS - ok
16:56:02.0760 4356 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:56:02.0760 4356 clr_optimization_v2.0.50727_32 - ok
16:56:02.0792 4356 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:56:02.0792 4356 clr_optimization_v2.0.50727_64 - ok
16:56:02.0854 4356 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:56:02.0854 4356 clr_optimization_v4.0.30319_32 - ok
16:56:02.0901 4356 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:56:02.0901 4356 clr_optimization_v4.0.30319_64 - ok
16:56:02.0916 4356 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:56:02.0916 4356 cmdide - ok
16:56:02.0916 4356 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:56:02.0916 4356 Compbatt - ok
16:56:02.0916 4356 COMSysApp - ok
16:56:02.0963 4356 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:56:02.0963 4356 crcdisk - ok
16:56:03.0010 4356 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:56:03.0010 4356 CryptSvc - ok
16:56:03.0057 4356 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:56:03.0072 4356 DcomLaunch - ok
16:56:03.0104 4356 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:56:03.0104 4356 DfsC - ok
16:56:03.0182 4356 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
16:56:03.0275 4356 DFSR - ok
16:56:03.0322 4356 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:56:03.0322 4356 Dhcp - ok
16:56:03.0353 4356 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
16:56:03.0353 4356 disk - ok
16:56:03.0384 4356 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:56:03.0384 4356 Dnscache - ok
16:56:03.0400 4356 [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
16:56:03.0400 4356 DockLoginService - ok
16:56:03.0431 4356 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
16:56:03.0447 4356 dot3svc - ok
16:56:03.0478 4356 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
16:56:03.0478 4356 Dot4 - ok
16:56:03.0494 4356 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:56:03.0494 4356 Dot4Print - ok
16:56:03.0509 4356 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
16:56:03.0509 4356 dot4usb - ok
16:56:03.0540 4356 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
16:56:03.0540 4356 DPS - ok
16:56:03.0572 4356 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:56:03.0572 4356 drmkaud - ok
16:56:03.0603 4356 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:56:03.0618 4356 DXGKrnl - ok
16:56:03.0650 4356 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
16:56:03.0650 4356 e1express - ok
16:56:03.0665 4356 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
16:56:03.0665 4356 E1G60 - ok
16:56:03.0696 4356 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
16:56:03.0696 4356 EapHost - ok
16:56:03.0728 4356 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
16:56:03.0728 4356 Ecache - ok
16:56:03.0790 4356 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:56:03.0790 4356 eeCtrl - ok
16:56:03.0821 4356 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:56:03.0821 4356 ehRecvr - ok
16:56:03.0837 4356 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
16:56:03.0837 4356 ehSched - ok
16:56:03.0868 4356 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
16:56:03.0868 4356 ehstart - ok
16:56:03.0884 4356 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:56:03.0899 4356 elxstor - ok
16:56:03.0946 4356 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:56:03.0962 4356 EMDMgmt - ok
16:56:03.0977 4356 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:56:03.0977 4356 EraserUtilRebootDrv - ok
16:56:03.0993 4356 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:56:03.0993 4356 ErrDev - ok
16:56:04.0024 4356 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
16:56:04.0024 4356 EventSystem - ok
16:56:04.0055 4356 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
16:56:04.0055 4356 exfat - ok
16:56:04.0086 4356 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:56:04.0086 4356 fastfat - ok
16:56:04.0102 4356 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:56:04.0102 4356 fdc - ok
16:56:04.0118 4356 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
16:56:04.0118 4356 fdPHost - ok
16:56:04.0133 4356 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
16:56:04.0133 4356 FDResPub - ok
16:56:04.0149 4356 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:56:04.0149 4356 FileInfo - ok
16:56:04.0149 4356 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:56:04.0149 4356 Filetrace - ok
16:56:04.0211 4356 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:56:04.0211 4356 FLEXnet Licensing Service - ok
16:56:04.0227 4356 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:56:04.0227 4356 flpydisk - ok
16:56:04.0258 4356 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:56:04.0258 4356 FltMgr - ok
16:56:04.0320 4356 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
16:56:04.0336 4356 FontCache - ok
16:56:04.0383 4356 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:56:04.0383 4356 FontCache3.0.0.0 - ok
16:56:04.0398 4356 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:56:04.0398 4356 Fs_Rec - ok
16:56:04.0414 4356 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:56:04.0414 4356 gagp30kx - ok
16:56:04.0476 4356 [ 311ACFCDD2C9A99481E91FA4CB028D70 ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
16:56:04.0476 4356 GameConsoleService - ok
16:56:04.0523 4356 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
16:56:04.0523 4356 gpsvc - ok
16:56:04.0632 4356 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:56:04.0632 4356 gupdate - ok
16:56:04.0648 4356 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:56:04.0648 4356 gupdatem - ok
16:56:04.0679 4356 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:56:04.0679 4356 gusvc - ok
16:56:04.0726 4356 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:56:04.0726 4356 HDAudBus - ok
16:56:04.0742 4356 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:56:04.0742 4356 HidBth - ok
16:56:04.0742 4356 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:56:04.0742 4356 HidIr - ok
16:56:04.0773 4356 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
16:56:04.0773 4356 hidserv - ok
16:56:04.0804 4356 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:56:04.0804 4356 HidUsb - ok
16:56:04.0820 4356 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
16:56:04.0820 4356 hkmsvc - ok
16:56:04.0851 4356 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:56:04.0851 4356 HpCISSs - ok
16:56:04.0913 4356 [ B14328CFEEB6B736BE44C2C9DB3B162C ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
16:56:04.0929 4356 hpqcxs08 - ok
16:56:04.0944 4356 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
16:56:04.0944 4356 hpqddsvc - ok
16:56:04.0976 4356 [ 969F2F6571B915BADA4FA68228C2CBBC ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
16:56:04.0991 4356 HPSLPSVC - ok
16:56:05.0022 4356 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:56:05.0038 4356 HTTP - ok
16:56:05.0038 4356 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:56:05.0038 4356 i2omp - ok
16:56:05.0069 4356 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:56:05.0069 4356 i8042prt - ok
16:56:05.0100 4356 [ CEB53BB804B41C52AB0782505C8E2994 ] iaStor C:\Windows\system32\drivers\iastor.sys
16:56:05.0100 4356 iaStor - ok
16:56:05.0116 4356 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:56:05.0116 4356 iaStorV - ok
16:56:05.0163 4356 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:56:05.0163 4356 idsvc - ok
16:56:05.0241 4356 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20121116.001\IDSvia64.sys
16:56:05.0256 4356 IDSVia64 - ok
16:56:05.0428 4356 [ 2161876969E428A494F8D7C38FA6F513 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:56:05.0522 4356 igfx - ok
16:56:05.0537 4356 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:56:05.0537 4356 iirsp - ok
16:56:05.0568 4356 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
16:56:05.0568 4356 IKEEXT - ok
16:56:05.0615 4356 [ 0DD17D4B59D0EC40E3C86A505BB0B6DD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:56:05.0615 4356 IntcAzAudAddService - ok
16:56:05.0631 4356 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
16:56:05.0631 4356 intelide - ok
16:56:05.0646 4356 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:56:05.0646 4356 intelppm - ok
16:56:05.0724 4356 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
16:56:05.0724 4356 IntuitUpdateService - ok
16:56:05.0787 4356 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
16:56:05.0787 4356 IntuitUpdateServiceV4 - ok
16:56:05.0818 4356 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:56:05.0818 4356 IPBusEnum - ok
16:56:05.0849 4356 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:56:05.0849 4356 IpFilterDriver - ok
16:56:05.0880 4356 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:56:05.0880 4356 iphlpsvc - ok
16:56:05.0880 4356 IpInIp - ok
16:56:05.0927 4356 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:56:05.0927 4356 IPMIDRV - ok
16:56:05.0943 4356 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:56:05.0943 4356 IPNAT - ok
16:56:05.0958 4356 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:56:05.0958 4356 IRENUM - ok
16:56:05.0974 4356 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:56:05.0974 4356 isapnp - ok
16:56:06.0005 4356 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:56:06.0005 4356 iScsiPrt - ok
16:56:06.0021 4356 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:56:06.0021 4356 iteatapi - ok
16:56:06.0021 4356 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:56:06.0036 4356 iteraid - ok
16:56:06.0052 4356 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:56:06.0052 4356 kbdclass - ok
16:56:06.0068 4356 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:56:06.0068 4356 kbdhid - ok
16:56:06.0099 4356 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
16:56:06.0099 4356 KeyIso - ok
16:56:06.0130 4356 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:56:06.0130 4356 KSecDD - ok
16:56:06.0177 4356 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:56:06.0177 4356 ksthunk - ok
16:56:06.0208 4356 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
16:56:06.0224 4356 KtmRm - ok
16:56:06.0239 4356 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:56:06.0239 4356 LanmanServer - ok
16:56:06.0270 4356 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:56:06.0270 4356 LanmanWorkstation - ok
16:56:06.0270 4356 Lbd - ok
16:56:06.0380 4356 [ 36375738DC0B3CD1F764268008E74FDF ] LiveUpdate C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
16:56:06.0395 4356 LiveUpdate - ok
16:56:06.0411 4356 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:56:06.0411 4356 lltdio - ok
16:56:06.0458 4356 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:56:06.0458 4356 lltdsvc - ok
16:56:06.0489 4356 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:56:06.0489 4356 lmhosts - ok
16:56:06.0504 4356 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:56:06.0504 4356 LSI_FC - ok
16:56:06.0504 4356 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:56:06.0504 4356 LSI_SAS - ok
16:56:06.0520 4356 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:56:06.0520 4356 LSI_SCSI - ok
16:56:06.0536 4356 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
16:56:06.0536 4356 luafv - ok
16:56:06.0551 4356 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:56:06.0567 4356 Mcx2Svc - ok
16:56:06.0582 4356 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
16:56:06.0582 4356 megasas - ok
16:56:06.0614 4356 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:56:06.0614 4356 MegaSR - ok
16:56:06.0614 4356 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
16:56:06.0614 4356 MMCSS - ok
16:56:06.0629 4356 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
16:56:06.0629 4356 Modem - ok
16:56:06.0645 4356 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:56:06.0645 4356 monitor - ok
16:56:06.0660 4356 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:56:06.0660 4356 mouclass - ok
16:56:06.0676 4356 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:56:06.0676 4356 mouhid - ok
16:56:06.0676 4356 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:56:06.0676 4356 MountMgr - ok
16:56:06.0738 4356 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:56:06.0738 4356 MozillaMaintenance - ok
16:56:06.0738 4356 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
16:56:06.0738 4356 mpio - ok
16:56:06.0754 4356 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:56:06.0754 4356 mpsdrv - ok
16:56:06.0785 4356 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
16:56:06.0785 4356 MpsSvc - ok
16:56:06.0785 4356 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:56:06.0801 4356 Mraid35x - ok
16:56:06.0816 4356 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:56:06.0816 4356 MRxDAV - ok
16:56:06.0848 4356 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:56:06.0848 4356 mrxsmb - ok
16:56:06.0879 4356 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:56:06.0879 4356 mrxsmb10 - ok
16:56:06.0894 4356 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:56:06.0894 4356 mrxsmb20 - ok
16:56:06.0926 4356 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys
16:56:06.0926 4356 msahci - ok
16:56:06.0926 4356 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:56:06.0941 4356 msdsm - ok
16:56:06.0957 4356 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
16:56:06.0972 4356 MSDTC - ok
16:56:06.0988 4356 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:56:07.0004 4356 Msfs - ok
16:56:07.0004 4356 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:56:07.0004 4356 msisadrv - ok
16:56:07.0035 4356 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:56:07.0035 4356 MSiSCSI - ok
16:56:07.0035 4356 msiserver - ok
16:56:07.0050 4356 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:56:07.0050 4356 MSKSSRV - ok
16:56:07.0066 4356 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:56:07.0066 4356 MSPCLOCK - ok
16:56:07.0082 4356 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:56:07.0082 4356 MSPQM - ok
16:56:07.0113 4356 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:56:07.0113 4356 MsRPC - ok
16:56:07.0128 4356 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:56:07.0128 4356 mssmbios - ok
16:56:07.0128 4356 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:56:07.0128 4356 MSTEE - ok
16:56:07.0128 4356 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
16:56:07.0128 4356 Mup - ok
16:56:07.0191 4356 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
16:56:07.0191 4356 N360 - ok
16:56:07.0206 4356 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
16:56:07.0222 4356 napagent - ok
16:56:07.0238 4356 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:56:07.0238 4356 NativeWifiP - ok
16:56:07.0300 4356 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20121117.005\ENG64.SYS
16:56:07.0316 4356 NAVENG - ok
16:56:07.0409 4356 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20121117.005\EX64.SYS
16:56:07.0409 4356 NAVEX15 - ok
16:56:07.0472 4356 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:56:07.0472 4356 NDIS - ok
16:56:07.0487 4356 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:56:07.0487 4356 NdisTapi - ok
16:56:07.0503 4356 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:56:07.0503 4356 Ndisuio - ok
16:56:07.0518 4356 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:56:07.0518 4356 NdisWan - ok
16:56:07.0534 4356 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:56:07.0534 4356 NDProxy - ok
16:56:07.0550 4356 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:56:07.0550 4356 Net Driver HPZ12 - ok
16:56:07.0565 4356 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:56:07.0565 4356 NetBIOS - ok
16:56:07.0581 4356 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:56:07.0596 4356 netbt - ok
16:56:07.0674 4356 [ EA833758BE56A68AABECD50E1DDCF4A3 ] NETGEARGenieDaemon C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
16:56:07.0690 4356 NETGEARGenieDaemon - ok
16:56:07.0706 4356 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
16:56:07.0706 4356 Netlogon - ok
16:56:07.0721 4356 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
16:56:07.0721 4356 Netman - ok
16:56:07.0752 4356 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
16:56:07.0752 4356 netprofm - ok
16:56:07.0768 4356 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:56:07.0784 4356 NetTcpPortSharing - ok
16:56:07.0799 4356 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:56:07.0799 4356 nfrd960 - ok
16:56:07.0799 4356 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
16:56:07.0815 4356 NlaSvc - ok
16:56:07.0830 4356 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
16:56:07.0830 4356 NPF - ok
16:56:07.0846 4356 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:56:07.0846 4356 Npfs - ok
16:56:07.0893 4356 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
16:56:07.0908 4356 nsi - ok
16:56:07.0908 4356 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:56:07.0908 4356 nsiproxy - ok
16:56:07.0955 4356 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:56:07.0971 4356 Ntfs - ok
16:56:07.0986 4356 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
16:56:07.0986 4356 Null - ok
16:56:07.0986 4356 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:56:07.0986 4356 nvraid - ok
16:56:08.0002 4356 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:56:08.0002 4356 nvstor - ok
16:56:08.0018 4356 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:56:08.0018 4356 nv_agp - ok
16:56:08.0018 4356 NwlnkFlt - ok
16:56:08.0033 4356 NwlnkFwd - ok
16:56:08.0080 4356 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:56:08.0080 4356 odserv - ok
16:56:08.0142 4356 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:56:08.0142 4356 ohci1394 - ok
16:56:08.0174 4356 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:56:08.0174 4356 ose - ok
16:56:08.0236 4356 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:56:08.0252 4356 p2pimsvc - ok
16:56:08.0314 4356 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
16:56:08.0314 4356 p2psvc - ok
16:56:08.0314 4356 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
16:56:08.0314 4356 Parport - ok
16:56:08.0345 4356 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:56:08.0345 4356 partmgr - ok
16:56:08.0345 4356 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
16:56:08.0361 4356 PcaSvc - ok
16:56:08.0392 4356 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
16:56:08.0392 4356 pci - ok
16:56:08.0423 4356 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
16:56:08.0423 4356 pciide - ok
16:56:08.0439 4356 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:56:08.0439 4356 pcmcia - ok
16:56:08.0454 4356 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:56:08.0470 4356 PEAUTH - ok
16:56:08.0517 4356 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:56:08.0517 4356 PerfHost - ok
16:56:08.0579 4356 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
16:56:08.0595 4356 pla - ok
16:56:08.0626 4356 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:56:08.0626 4356 PlugPlay - ok
16:56:08.0642 4356 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:56:08.0642 4356 Pml Driver HPZ12 - ok
16:56:08.0657 4356 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:56:08.0673 4356 PNRPAutoReg - ok
16:56:08.0688 4356 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:56:08.0688 4356 PNRPsvc - ok
16:56:08.0704 4356 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:56:08.0720 4356 PolicyAgent - ok
16:56:08.0829 4356 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:56:08.0829 4356 PptpMiniport - ok
16:56:08.0907 4356 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
16:56:08.0907 4356 Processor - ok
16:56:09.0063 4356 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
16:56:09.0063 4356 ProfSvc - ok
16:56:09.0110 4356 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
16:56:09.0110 4356 ProtectedStorage - ok
16:56:09.0312 4356 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:56:09.0312 4356 PSched - ok
16:56:09.0546 4356 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
16:56:09.0546 4356 PxHlpa64 - ok
16:56:09.0609 4356 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:56:09.0624 4356 ql2300 - ok
16:56:09.0656 4356 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:56:09.0656 4356 ql40xx - ok
16:56:09.0671 4356 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
16:56:09.0671 4356 QWAVE - ok
16:56:09.0687 4356 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:56:09.0687 4356 QWAVEdrv - ok
16:56:09.0749 4356 [ 2A09A6B271D1F50ADF5E33B37D460DE6 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
16:56:09.0765 4356 R300 - ok
16:56:09.0780 4356 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:56:09.0780 4356 RasAcd - ok
16:56:09.0780 4356 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
16:56:09.0796 4356 RasAuto - ok
16:56:09.0812 4356 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:56:09.0812 4356 Rasl2tp - ok
16:56:09.0843 4356 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
16:56:09.0843 4356 RasMan - ok
16:56:09.0858 4356 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:56:09.0858 4356 RasPppoe - ok
16:56:09.0890 4356 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:56:09.0890 4356 RasSstp - ok
16:56:09.0952 4356 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:56:09.0952 4356 rdbss - ok
16:56:09.0968 4356 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:56:09.0968 4356 RDPCDD - ok
16:56:09.0983 4356 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:56:09.0983 4356 rdpdr - ok
16:56:09.0999 4356 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:56:09.0999 4356 RDPENCDD - ok
16:56:10.0030 4356 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:56:10.0030 4356 RDPWD - ok
16:56:10.0046 4356 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:56:10.0061 4356 RemoteAccess - ok
16:56:10.0077 4356 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:56:10.0077 4356 RemoteRegistry - ok
16:56:10.0092 4356 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
16:56:10.0092 4356 RpcLocator - ok
16:56:10.0124 4356 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
16:56:10.0139 4356 RpcSs - ok
16:56:10.0155 4356 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:56:10.0155 4356 rspndr - ok
16:56:10.0170 4356 [ C4DD02A9D97C5531E145F9E4420636F8 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
16:56:10.0186 4356 RTL8169 - ok
16:56:10.0186 4356 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
16:56:10.0186 4356 SamSs - ok
16:56:10.0202 4356 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:56:10.0202 4356 sbp2port - ok
16:56:10.0233 4356 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:56:10.0233 4356 SCardSvr - ok
16:56:10.0264 4356 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
16:56:10.0280 4356 Schedule - ok
16:56:10.0311 4356 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:56:10.0311 4356 SCPolicySvc - ok
16:56:10.0326 4356 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:56:10.0326 4356 SDRSVC - ok
16:56:10.0326 4356 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:56:10.0326 4356 secdrv - ok
16:56:10.0389 4356 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
16:56:10.0404 4356 seclogon - ok
16:56:10.0404 4356 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
16:56:10.0404 4356 SENS - ok
16:56:10.0420 4356 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:56:10.0420 4356 Serenum - ok
16:56:10.0436 4356 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
16:56:10.0436 4356 Serial - ok
16:56:10.0451 4356 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:56:10.0451 4356 sermouse - ok
16:56:10.0498 4356 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
16:56:10.0498 4356 SessionEnv - ok
16:56:10.0529 4356 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:56:10.0529 4356 sffdisk - ok
16:56:10.0545 4356 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:56:10.0545 4356 sffp_mmc - ok
16:56:10.0545 4356 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:56:10.0545 4356 sffp_sd - ok
16:56:10.0545 4356 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:56:10.0545 4356 sfloppy - ok
16:56:10.0607 4356 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:56:10.0607 4356 SharedAccess - ok
16:56:10.0638 4356 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:56:10.0638 4356 ShellHWDetection - ok
16:56:10.0654 4356 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:56:10.0654 4356 SiSRaid2 - ok
16:56:10.0670 4356 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:56:10.0670 4356 SiSRaid4 - ok
16:56:10.0701 4356 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:56:10.0701 4356 SkypeUpdate - ok
16:56:10.0748 4356 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
16:56:10.0810 4356 slsvc - ok
16:56:10.0841 4356 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:56:10.0841 4356 SLUINotify - ok
16:56:10.0872 4356 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:56:10.0872 4356 Smb - ok
16:56:10.0872 4356 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:56:10.0872 4356 SNMPTRAP - ok
16:56:10.0904 4356 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
16:56:10.0904 4356 spldr - ok
16:56:10.0935 4356 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
16:56:10.0935 4356 Spooler - ok
16:56:10.0997 4356 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS
16:56:11.0013 4356 SRTSP - ok
16:56:11.0013 4356 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS
16:56:11.0013 4356 SRTSPX - ok
16:56:11.0060 4356 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
16:56:11.0075 4356 srv - ok
16:56:11.0091 4356 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:56:11.0091 4356 srv2 - ok
16:56:11.0122 4356 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:56:11.0122 4356 srvnet - ok
16:56:11.0138 4356 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:56:11.0138 4356 SSDPSRV - ok
16:56:11.0153 4356 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:56:11.0169 4356 SstpSvc - ok
16:56:11.0184 4356 [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
16:56:11.0184 4356 StillCam - ok
16:56:11.0216 4356 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
16:56:11.0231 4356 stisvc - ok
16:56:11.0262 4356 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
16:56:11.0262 4356 stllssvr - ok
16:56:11.0294 4356 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:56:11.0294 4356 swenum - ok
16:56:11.0325 4356 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
16:56:11.0340 4356 swprv - ok
16:56:11.0403 4356 [ 267C914667C94E5F47D342311C1C577F ] Symantec RemoteAssist C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe
16:56:11.0403 4356 Symantec RemoteAssist - ok
16:56:11.0450 4356 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:56:11.0450 4356 Symc8xx - ok
16:56:11.0465 4356 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS
16:56:11.0481 4356 SymDS - ok
16:56:11.0512 4356 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS
16:56:11.0543 4356 SymEFA - ok
16:56:11.0574 4356 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:56:11.0574 4356 SymEvent - ok
16:56:11.0590 4356 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS
16:56:11.0590 4356 SymIRON - ok
16:56:11.0621 4356 [ A25FEE245C78804601D83431386A0BEE ] SYMTDIv C:\Windows\System32\Drivers\N360x64\0604000.009\SYMTDIV.SYS
16:56:11.0621 4356 SYMTDIv - ok
16:56:11.0637 4356 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:56:11.0637 4356 Sym_hi - ok
16:56:11.0637 4356 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:56:11.0637 4356 Sym_u3 - ok
16:56:11.0684 4356 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
16:56:11.0684 4356 SysMain - ok
16:56:11.0715 4356 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:56:11.0715 4356 TabletInputService - ok
16:56:11.0746 4356 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:56:11.0746 4356 TapiSrv - ok
16:56:11.0762 4356 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
16:56:11.0762 4356 TBS - ok
16:56:11.0808 4356 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:56:11.0808 4356 Tcpip - ok
16:56:11.0840 4356 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:56:11.0855 4356 Tcpip6 - ok
16:56:11.0871 4356 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:56:11.0871 4356 tcpipreg - ok
16:56:11.0886 4356 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:56:11.0886 4356 TDPIPE - ok
16:56:11.0902 4356 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:56:11.0902 4356 TDTCP - ok
16:56:11.0933 4356 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:56:11.0933 4356 tdx - ok
16:56:11.0949 4356 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:56:11.0949 4356 TermDD - ok
16:56:11.0996 4356 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
16:56:11.0996 4356 TermService - ok
16:56:12.0011 4356 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
16:56:12.0011 4356 Themes - ok
16:56:12.0027 4356 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
16:56:12.0027 4356 THREADORDER - ok
16:56:12.0042 4356 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
16:56:12.0042 4356 TrkWks - ok
16:56:12.0058 4356 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:56:12.0058 4356 TrustedInstaller - ok
16:56:12.0074 4356 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:56:12.0074 4356 tssecsrv - ok
16:56:12.0105 4356 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:56:12.0105 4356 tunmp - ok
16:56:12.0120 4356 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:56:12.0120 4356 tunnel - ok
16:56:12.0136 4356 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:56:12.0136 4356 uagp35 - ok
16:56:12.0167 4356 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:56:12.0167 4356 udfs - ok
16:56:12.0183 4356 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:56:12.0183 4356 UI0Detect - ok
16:56:12.0198 4356 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:56:12.0198 4356 uliagpkx - ok
16:56:12.0198 4356 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:56:12.0198 4356 uliahci - ok
16:56:12.0214 4356 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:56:12.0214 4356 UlSata - ok
16:56:12.0230 4356 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:56:12.0230 4356 ulsata2 - ok
16:56:12.0245 4356 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:56:12.0245 4356 umbus - ok
16:56:12.0261 4356 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
16:56:12.0261 4356 upnphost - ok
16:56:12.0292 4356 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:56:12.0292 4356 usbccgp - ok
16:56:12.0308 4356 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:56:12.0308 4356 usbcir - ok
16:56:12.0323 4356 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:56:12.0323 4356 usbehci - ok
16:56:12.0339 4356 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:56:12.0339 4356 usbhub - ok
16:56:12.0354 4356 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:56:12.0354 4356 usbohci - ok
16:56:12.0370 4356 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:56:12.0370 4356 usbprint - ok
16:56:12.0401 4356 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:56:12.0401 4356 usbscan - ok
16:56:12.0417 4356 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:56:12.0417 4356 USBSTOR - ok
16:56:12.0448 4356 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:56:12.0448 4356 usbuhci - ok
16:56:12.0464 4356 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
16:56:12.0464 4356 UxSms - ok
16:56:12.0495 4356 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
16:56:12.0510 4356 vds - ok
16:56:12.0557 4356 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:56:12.0557 4356 vga - ok
16:56:12.0573 4356 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:56:12.0573 4356 VgaSave - ok
16:56:12.0588 4356 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
16:56:12.0588 4356 viaide - ok
16:56:12.0588 4356 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:56:12.0588 4356 volmgr - ok
16:56:12.0620 4356 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:56:12.0620 4356 volmgrx - ok
16:56:12.0651 4356 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:56:12.0651 4356 volsnap - ok
16:56:12.0666 4356 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:56:12.0666 4356 vsmraid - ok
16:56:12.0713 4356 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
16:56:12.0744 4356 VSS - ok
16:56:12.0776 4356 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
16:56:12.0776 4356 W32Time - ok
16:56:12.0791 4356 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:56:12.0791 4356 WacomPen - ok
16:56:12.0822 4356 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:56:12.0822 4356 Wanarp - ok
16:56:12.0869 4356 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:56:12.0885 4356 Wanarpv6 - ok
16:56:13.0056 4356 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:56:13.0181 4356 wcncsvc - ok
16:56:13.0212 4356 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:56:13.0212 4356 WcsPlugInService - ok
16:56:13.0228 4356 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
16:56:13.0228 4356 Wd - ok
16:56:13.0244 4356 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:56:13.0259 4356 Wdf01000 - ok
16:56:13.0306 4356 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:56:13.0306 4356 WdiServiceHost - ok
16:56:13.0306 4356 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:56:13.0306 4356 WdiSystemHost - ok
16:56:13.0368 4356 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
16:56:13.0368 4356 WebClient - ok
16:56:13.0400 4356 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:56:13.0400 4356 Wecsvc - ok
16:56:13.0415 4356 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:56:13.0415 4356 wercplsupport - ok
16:56:13.0431 4356 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
16:56:13.0431 4356 WerSvc - ok
16:56:13.0446 4356 WinDefend - ok
16:56:13.0446 4356 WinHttpAutoProxySvc - ok
16:56:13.0493 4356 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:56:13.0493 4356 Winmgmt - ok
16:56:13.0540 4356 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
16:56:13.0587 4356 WinRM - ok
16:56:13.0618 4356 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:56:13.0634 4356 Wlansvc - ok
16:56:13.0727 4356 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:56:13.0758 4356 wlidsvc - ok
16:56:13.0774 4356 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:56:13.0774 4356 WmiAcpi - ok
16:56:13.0805 4356 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:56:13.0805 4356 wmiApSrv - ok
16:56:13.0805 4356 WMPNetworkSvc - ok
16:56:13.0836 4356 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:56:13.0836 4356 WPCSvc - ok
16:56:13.0852 4356 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:56:13.0868 4356 WPDBusEnum - ok
16:56:13.0883 4356 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:56:13.0883 4356 WpdUsb - ok
16:56:14.0133 4356 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:56:14.0148 4356 WPFFontCache_v0400 - ok
16:56:14.0164 4356 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:56:14.0164 4356 ws2ifsl - ok
16:56:14.0180 4356 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
16:56:14.0195 4356 wscsvc - ok
16:56:14.0195 4356 WSearch - ok
16:56:14.0258 4356 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:56:14.0289 4356 wuauserv - ok
16:56:14.0304 4356 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:56:14.0304 4356 WUDFRd - ok
16:56:14.0320 4356 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:56:14.0320 4356 wudfsvc - ok
16:56:14.0336 4356 ================ Scan global ===============================
16:56:14.0351 4356 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
16:56:14.0382 4356 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
16:56:14.0398 4356 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
16:56:14.0429 4356 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
16:56:14.0429 4356 [Global] - ok
16:56:14.0429 4356 ================ Scan MBR ==================================
16:56:14.0445 4356 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
16:56:14.0445 4356 Suspicious mbr (Forged): \Device\Harddisk0\DR0
16:56:14.0507 4356 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
16:56:14.0507 4356 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
16:56:14.0507 4356 ================ Scan VBR ==================================
16:56:14.0523 4356 [ 3DFBA14AF92E5FFB4121740B84C67E09 ] \Device\Harddisk0\DR0\Partition1
16:56:14.0523 4356 \Device\Harddisk0\DR0\Partition1 - ok
16:56:14.0523 4356 [ 40566CFED7FD1B1FB1A4694BA94D16C6 ] \Device\Harddisk0\DR0\Partition2
16:56:14.0523 4356 \Device\Harddisk0\DR0\Partition2 - ok
16:56:14.0523 4356 ============================================================
16:56:14.0523 4356 Scan finished
16:56:14.0523 4356 ============================================================
16:56:14.0538 1808 Detected object count: 2
16:56:14.0538 1808 Actual detected object count: 2
16:57:14.0224 1808 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
16:57:14.0224 1808 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
16:57:15.0846 1808 \Device\Harddisk0\DR0\# - copied to quarantine
16:57:15.0846 1808 \Device\Harddisk0\DR0 - copied to quarantine
16:57:15.0878 1808 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
16:57:15.0893 1808 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
16:57:16.0283 1808 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:57:16.0408 1808 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:57:16.0408 1808 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
16:57:16.0424 1808 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
16:57:16.0455 1808 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
16:57:16.0470 1808 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:57:16.0548 1808 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:57:16.0580 1808 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
16:57:16.0611 1808 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
16:57:16.0658 1808 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
16:57:16.0658 1808 \Device\Harddisk0\DR0 - ok
16:57:16.0658 1808 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
16:57:23.0038 4328 Deinitialize success
-
The Combofix program rebooted on its own and did not reopen an admin window when Windows restarted. We're guessing the program is working in the background. ??? After that we did get a popup that one of the Norton processes had stopped working, but that issue apparently has resolved as the popup is gone. Nonetheless, the CPU seems mostly idle. The "winrscmde stopped working and was closed" window continues to open everytime you close it.
Recommendations?
-
Good news. The admin window says the scan could take 10 to 20 minutes, so at least know what to expect.
-
It had been going for perhaps 20 minutes; restarted and now the admin window has opened and it is in fact running.
-
FYI we signed onto another computer while ComboFix does its work to give you a status update. We've had one blue screen of death, but recovered from that, and ComboFix said it was detecting Norton 360's background scan even though we put everything in a delay mode (max allowed). The Norton help site said you cannot turn off scanning in 360, only extend the time of the delay. We let ComboFix proceed and it said it would. But we haven't heard from it in a while. Does this typically take a long time?
Standing by for ComboFix to finish.
-
RogueKiller V8.3.0 [Nov 17 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Vince [Admin rights]
Mode : Remove -- Date : 11/17/2012 14:18:47
¤¤¤ Bad processes : 4 ¤¤¤
[sUSP PATH] RAVCpl64.exe -- C:\Windows\RAVCpl64.exe -> KILLED [TermProc]
[sUSP PATH] GoogleCrashHandler.exe -- C:\Users\Vince\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe -> KILLED [TermProc]
[sUSP PATH] GoogleCrashHandler64.exe -- C:\Users\Vince\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe -> KILLED [TermProc]
[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermThr]
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-75A7B0 ATA Device +++++
--- User ---
[MBR] f6d056e782c2b823983a84ee88fa9f63
[bSP] 9ca88377777070f4140b4b7266a7a7e9 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 595439 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] da088a57642c2de403e38999ea1b980e
[bSP] 9ca88377777070f4140b4b7266a7a7e9 : Windows Vista MBR Code
Partition table:
1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
3 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 595439 Mo
Finished : << RKreport[2]_D_11172012_02d1418.txt >>
RKreport[1]_S_11172012_02d1418.txt ; RKreport[2]_D_11172012_02d1418.txt
-
# AdwCleaner v2.007 - Logfile created 11/17/2012 at 14:05:46
# Updated 06/11/2012 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)
# User : Vince - VINCE-PC
# Boot Mode : Normal
# Running from : C:\Users\Vince\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Program Files (x86)\Ask.com
Deleted on reboot : C:\ProgramData\Ask
Deleted on reboot : C:\Users\Gina\AppData\LocalLow\AskToolbar
Deleted on reboot : C:\Users\Vince\AppData\LocalLow\AskToolbar
Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Users\Public\Desktop\eBay.lnk
***** [Registry] *****
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.19328
[OK] Registry is clean.
-\\ Mozilla Firefox v16.0.2 (en-US)
Profile name : default
File : C:\Users\Vince\AppData\Roaming\Mozilla\Firefox\Profiles\q2dnqsfh.default\prefs.js
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Profile name : default
File : C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\8woer8b1.default\prefs.js
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
-\\ Google Chrome v23.0.1271.64
File : C:\Users\Vince\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\Gina\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[s1].txt - [4483 octets] - [17/11/2012 14:05:46]
########## EOF - C:\AdwCleaner[s1].txt - [4543 octets] ##########
Maywarebytes removes Trojan.Agent and it comes back on reboot
in Resolved Malware Removal Logs
Posted
Removals completed. Everything seems to be back in order and we have visited Paypal.
Thanks for all your help and expertise. Hopefully we won't be writing you back in the next three days, but it's good to know Malwarebytes forums have such helpful and dedicated experts.