IndyTrackFan
-
Posts
20 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by IndyTrackFan
-
-
Great! Thank you - will this post remain open, or should I try to bookmark all the links?
-
Everything ran smoothly, Java is upgraded, and all programs and files/logs appear to be removed. What antimalware software do you recommend? MBAM PRO?
Thank you very, very much for the help. Let me know if there are any other things I need to do daily/weekly to keep things secure and optimized. I will definitely hold onto TFC, thanks.
-Kyle
-
Very happy with how things look, ready to finish up - would you like me to run the TFC?
-
Things seem great - no blue screen errors, no spikes in performance/memory usage, and I haven't seen the winrscmde process appear through all the startups. I haven't seen any signs of the trojan lingering around.
I noticed that OTM was able to remove a lot more from my IE/Chrome caches - I regularly empty them out manually and also through disk cleanup, are those not very thorough/have I missed something?
-
All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Orender Clan\Desktop\cmd.bat deleted successfully.
C:\Users\Orender Clan\Desktop\cmd.txt deleted successfully.
C:\Users\Orender Clan\AppData\Roaming\Mozilla\Firefox\Profiles\f8we4oe0.default\extensions\wyhdyjvgsc@wyhdyjvgsc.org.xpi moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZN67ZVN\submit-a-video[1].htm moved successfully.
File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZN67ZVN\submit-a-video[1].htm not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 58264 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Orender Clan
->Temp folder emptied: 2 bytes
->Temporary Internet Files folder emptied: 321684 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65690367 bytes
->Google Chrome cache emptied: 6664612 bytes
->Flash cache emptied: 58775 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85227546 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 679 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 151.00 mb
Restore point Set: OTM Restore Point
OTM by OldTimer - Version 3.1.21.0 log created on 11262012_105401
Files moved on Reboot...
C:\Users\Orender Clan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
-
ESET threats found text:
C:\Qoobox\Quarantine\C\Users\Orender Clan\AppData\Local\CRE\Apps\jkuzrfrtz.dll.vir a variant of Win32/Kryptik.APAF trojan
C:\TDSSKiller_Quarantine\25.11.2012_21.04.12\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan
C:\Users\Orender Clan\AppData\Roaming\Mozilla\Firefox\Profiles\f8we4oe0.default\extensions\wyhdyjvgsc@wyhdyjvgsc.org.xpi JS/Redirector.NCI trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZN67ZVN\submit-a-video[1].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZN67ZVN\submit-a-video[1].htm HTML/Iframe.B.Gen virus
ESET Log:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c5de0abf261c8543995519dae2523159
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-26 04:52:55
# local_time=2012-11-25 11:52:55 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3589 16777213 100 71 0 104475093 0 0
# compatibility_mode=5893 16776574 66 85 41355377 105442447 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=202333
# found=5
# cleaned=0
# scan_time=6578
C:\Qoobox\Quarantine\C\Users\Orender Clan\AppData\Local\CRE\Apps\jkuzrfrtz.dll.vir a variant of Win32/Kryptik.APAF trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\25.11.2012_21.04.12\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Orender Clan\AppData\Roaming\Mozilla\Firefox\Profiles\f8we4oe0.default\extensions\wyhdyjvgsc@wyhdyjvgsc.org.xpi JS/Redirector.NCI trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZN67ZVN\submit-a-video[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZN67ZVN\submit-a-video[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
-
Thank you, I will post once ESET is complete!
-
results from quick scan:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.24.11
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Orender Clan :: ORENDERCLAN-PC [administrator]
11/25/2012 8:46:31 PM
mbam-log-2012-11-25 (20-46-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206884
Time elapsed: 3 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
-
Results from the unfinished Full Scan:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.24.11
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Orender Clan :: ORENDERCLAN-PC [administrator]
11/25/2012 8:22:38 PM
mbam-log-2012-11-25 (20-22-38).txt
Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 86422
Time elapsed: 17 minute(s), 45 second(s) [aborted]
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\TDSSKiller_Quarantine\25.11.2012_20.02.19\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
(end)
-
Scan is running right now - I assume you'd like a full scan each time, those are taking a while
-
Full log:
20:02:19.0310 6772 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:02:19.0720 6772 ============================================================
20:02:19.0720 6772 Current date / time: 2012/11/25 20:02:19.0720
20:02:19.0720 6772 SystemInfo:
20:02:19.0720 6772
20:02:19.0720 6772 OS Version: 6.1.7601 ServicePack: 1.0
20:02:19.0720 6772 Product type: Workstation
20:02:19.0721 6772 ComputerName: ORENDERCLAN-PC
20:02:19.0721 6772 UserName: Orender Clan
20:02:19.0721 6772 Windows directory: C:\Windows
20:02:19.0721 6772 System windows directory: C:\Windows
20:02:19.0721 6772 Running under WOW64
20:02:19.0721 6772 Processor architecture: Intel x64
20:02:19.0721 6772 Number of processors: 2
20:02:19.0721 6772 Page size: 0x1000
20:02:19.0721 6772 Boot type: Normal boot
20:02:19.0721 6772 ============================================================
20:02:21.0095 6772 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:02:21.0204 6772 ============================================================
20:02:21.0204 6772 \Device\Harddisk0\DR0:
20:02:21.0205 6772 MBR partitions:
20:02:21.0205 6772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x13C3000
20:02:21.0205 6772 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13D7000, BlocksNum 0x5616E800
20:02:21.0205 6772 ============================================================
20:02:21.0226 6772 C: <-> \Device\Harddisk0\DR0\Partition2
20:02:21.0226 6772 ============================================================
20:02:21.0226 6772 Initialize success
20:02:21.0226 6772 ============================================================
20:04:34.0089 6988 ============================================================
20:04:34.0089 6988 Scan started
20:04:34.0089 6988 Mode: Manual; SigCheck; TDLFS;
20:04:34.0089 6988 ============================================================
20:04:34.0743 6988 ================ Scan system memory ========================
20:04:34.0743 6988 System memory - ok
20:04:34.0743 6988 ================ Scan services =============================
20:04:34.0899 6988 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:04:35.0040 6988 1394ohci - ok
20:04:35.0087 6988 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:04:35.0102 6988 ACPI - ok
20:04:35.0133 6988 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:04:35.0227 6988 AcpiPmi - ok
20:04:35.0321 6988 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:04:35.0352 6988 AdobeARMservice - ok
20:04:35.0477 6988 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:04:35.0508 6988 AdobeFlashPlayerUpdateSvc - ok
20:04:35.0555 6988 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:04:35.0586 6988 adp94xx - ok
20:04:35.0601 6988 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:04:35.0617 6988 adpahci - ok
20:04:35.0633 6988 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:04:35.0648 6988 adpu320 - ok
20:04:35.0679 6988 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:04:35.0820 6988 AeLookupSvc - ok
20:04:35.0882 6988 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:04:35.0976 6988 AFD - ok
20:04:35.0991 6988 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:04:36.0023 6988 agp440 - ok
20:04:36.0038 6988 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:04:36.0101 6988 ALG - ok
20:04:36.0116 6988 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:04:36.0132 6988 aliide - ok
20:04:36.0147 6988 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:04:36.0163 6988 amdide - ok
20:04:36.0179 6988 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:04:36.0210 6988 AmdK8 - ok
20:04:36.0225 6988 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:04:36.0272 6988 AmdPPM - ok
20:04:36.0303 6988 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:04:36.0303 6988 amdsata - ok
20:04:36.0319 6988 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:04:36.0335 6988 amdsbs - ok
20:04:36.0350 6988 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:04:36.0366 6988 amdxata - ok
20:04:36.0397 6988 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:04:36.0569 6988 AppID - ok
20:04:36.0569 6988 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:04:36.0615 6988 AppIDSvc - ok
20:04:36.0647 6988 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:04:36.0709 6988 Appinfo - ok
20:04:36.0803 6988 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:04:36.0834 6988 Apple Mobile Device - ok
20:04:36.0865 6988 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:04:36.0912 6988 arc - ok
20:04:36.0912 6988 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:04:36.0927 6988 arcsas - ok
20:04:36.0943 6988 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:04:36.0974 6988 AsyncMac - ok
20:04:37.0005 6988 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:04:37.0021 6988 atapi - ok
20:04:37.0052 6988 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
20:04:37.0068 6988 AtiPcie - ok
20:04:37.0115 6988 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:04:37.0224 6988 AudioEndpointBuilder - ok
20:04:37.0224 6988 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:04:37.0255 6988 AudioSrv - ok
20:04:37.0286 6988 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:04:37.0395 6988 AxInstSV - ok
20:04:37.0411 6988 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:04:37.0473 6988 b06bdrv - ok
20:04:37.0489 6988 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:04:37.0520 6988 b57nd60a - ok
20:04:37.0551 6988 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:04:37.0598 6988 BDESVC - ok
20:04:37.0614 6988 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:04:37.0676 6988 Beep - ok
20:04:37.0739 6988 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:04:37.0801 6988 BFE - ok
20:04:38.0019 6988 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20121106.001\BHDrvx64.sys
20:04:38.0066 6988 BHDrvx64 - ok
20:04:38.0097 6988 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
20:04:38.0175 6988 BITS - ok
20:04:38.0191 6988 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:04:38.0238 6988 blbdrive - ok
20:04:38.0316 6988 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:04:38.0347 6988 Bonjour Service - ok
20:04:38.0378 6988 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:04:38.0441 6988 bowser - ok
20:04:38.0441 6988 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:04:38.0472 6988 BrFiltLo - ok
20:04:38.0487 6988 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:04:38.0503 6988 BrFiltUp - ok
20:04:38.0519 6988 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:04:38.0597 6988 BridgeMP - ok
20:04:38.0659 6988 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:04:38.0721 6988 Browser - ok
20:04:38.0737 6988 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:04:38.0768 6988 Brserid - ok
20:04:38.0784 6988 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:04:38.0815 6988 BrSerWdm - ok
20:04:38.0815 6988 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:04:38.0846 6988 BrUsbMdm - ok
20:04:38.0862 6988 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:04:38.0862 6988 BrUsbSer - ok
20:04:38.0877 6988 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:04:38.0909 6988 BTHMODEM - ok
20:04:38.0924 6988 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:04:38.0987 6988 bthserv - ok
20:04:38.0987 6988 catchme - ok
20:04:39.0080 6988 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys
20:04:39.0111 6988 ccSet_N360 - ok
20:04:39.0127 6988 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:04:39.0205 6988 cdfs - ok
20:04:39.0252 6988 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:04:39.0299 6988 cdrom - ok
20:04:39.0330 6988 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:04:39.0377 6988 CertPropSvc - ok
20:04:39.0392 6988 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:04:39.0408 6988 circlass - ok
20:04:39.0423 6988 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:04:39.0455 6988 CLFS - ok
20:04:39.0501 6988 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:04:39.0533 6988 clr_optimization_v2.0.50727_32 - ok
20:04:39.0564 6988 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:04:39.0595 6988 clr_optimization_v2.0.50727_64 - ok
20:04:39.0657 6988 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:04:39.0689 6988 clr_optimization_v4.0.30319_32 - ok
20:04:39.0720 6988 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:04:39.0720 6988 clr_optimization_v4.0.30319_64 - ok
20:04:39.0735 6988 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:04:39.0782 6988 CmBatt - ok
20:04:39.0813 6988 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:04:39.0845 6988 cmdide - ok
20:04:39.0876 6988 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:04:39.0923 6988 CNG - ok
20:04:39.0923 6988 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:04:39.0923 6988 Compbatt - ok
20:04:39.0954 6988 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:04:40.0032 6988 CompositeBus - ok
20:04:40.0032 6988 COMSysApp - ok
20:04:40.0047 6988 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:04:40.0063 6988 crcdisk - ok
20:04:40.0094 6988 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:04:40.0157 6988 CryptSvc - ok
20:04:40.0250 6988 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:04:40.0266 6988 cvhsvc - ok
20:04:40.0313 6988 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:04:40.0344 6988 DcomLaunch - ok
20:04:40.0375 6988 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:04:40.0437 6988 defragsvc - ok
20:04:40.0469 6988 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:04:40.0531 6988 DfsC - ok
20:04:40.0562 6988 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:04:40.0640 6988 Dhcp - ok
20:04:40.0656 6988 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:04:40.0687 6988 discache - ok
20:04:40.0718 6988 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:04:40.0734 6988 Disk - ok
20:04:40.0781 6988 [ E0D525515537E60ABA8F3E29209F02E8 ] dleaCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
20:04:40.0812 6988 dleaCATSCustConnectService - ok
20:04:40.0812 6988 dlea_device - ok
20:04:40.0859 6988 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:04:40.0905 6988 Dnscache - ok
20:04:40.0937 6988 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
20:04:40.0983 6988 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
20:04:40.0983 6988 DockLoginService - detected UnsignedFile.Multi.Generic (1)
20:04:41.0015 6988 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:04:41.0061 6988 dot3svc - ok
20:04:41.0093 6988 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:04:41.0155 6988 DPS - ok
20:04:41.0171 6988 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:04:41.0217 6988 drmkaud - ok
20:04:41.0280 6988 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:04:41.0311 6988 DXGKrnl - ok
20:04:41.0342 6988 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:04:41.0405 6988 EapHost - ok
20:04:41.0498 6988 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:04:41.0592 6988 ebdrv - ok
20:04:41.0670 6988 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:04:41.0701 6988 eeCtrl - ok
20:04:41.0732 6988 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:04:41.0795 6988 EFS - ok
20:04:41.0841 6988 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:04:41.0935 6988 ehRecvr - ok
20:04:41.0951 6988 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:04:41.0982 6988 ehSched - ok
20:04:42.0013 6988 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:04:42.0029 6988 elxstor - ok
20:04:42.0029 6988 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:04:42.0060 6988 ErrDev - ok
20:04:42.0107 6988 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:04:42.0153 6988 EventSystem - ok
20:04:42.0169 6988 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:04:42.0216 6988 exfat - ok
20:04:42.0231 6988 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:04:42.0278 6988 fastfat - ok
20:04:42.0325 6988 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:04:42.0387 6988 Fax - ok
20:04:42.0403 6988 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:04:42.0434 6988 fdc - ok
20:04:42.0450 6988 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:04:42.0481 6988 fdPHost - ok
20:04:42.0497 6988 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:04:42.0528 6988 FDResPub - ok
20:04:42.0543 6988 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:04:42.0559 6988 FileInfo - ok
20:04:42.0575 6988 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:04:42.0606 6988 Filetrace - ok
20:04:42.0637 6988 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:04:42.0668 6988 flpydisk - ok
20:04:42.0699 6988 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:04:42.0731 6988 FltMgr - ok
20:04:42.0777 6988 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:04:42.0840 6988 FontCache - ok
20:04:42.0933 6988 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:04:42.0949 6988 FontCache3.0.0.0 - ok
20:04:42.0965 6988 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:04:43.0027 6988 FsDepends - ok
20:04:43.0058 6988 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
20:04:43.0105 6988 fssfltr - ok
20:04:43.0214 6988 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:04:43.0292 6988 fsssvc - ok
20:04:43.0323 6988 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:04:43.0355 6988 Fs_Rec - ok
20:04:43.0386 6988 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:04:43.0417 6988 fvevol - ok
20:04:43.0433 6988 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:04:43.0433 6988 gagp30kx - ok
20:04:43.0495 6988 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:04:43.0526 6988 GEARAspiWDM - ok
20:04:43.0557 6988 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
20:04:43.0589 6988 GoToAssist - ok
20:04:43.0635 6988 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:04:43.0682 6988 gpsvc - ok
20:04:43.0698 6988 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:04:43.0745 6988 hcw85cir - ok
20:04:43.0776 6988 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:04:43.0791 6988 HDAudBus - ok
20:04:43.0807 6988 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:04:43.0838 6988 HidBatt - ok
20:04:43.0854 6988 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:04:43.0916 6988 HidBth - ok
20:04:43.0932 6988 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:04:43.0979 6988 HidIr - ok
20:04:43.0994 6988 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:04:44.0041 6988 hidserv - ok
20:04:44.0072 6988 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:04:44.0119 6988 HidUsb - ok
20:04:44.0166 6988 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:04:44.0259 6988 hkmsvc - ok
20:04:44.0291 6988 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:04:44.0337 6988 HomeGroupListener - ok
20:04:44.0369 6988 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:04:44.0415 6988 HomeGroupProvider - ok
20:04:44.0447 6988 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:04:44.0462 6988 HpSAMD - ok
20:04:44.0509 6988 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:04:44.0571 6988 HTTP - ok
20:04:44.0587 6988 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:04:44.0587 6988 hwpolicy - ok
20:04:44.0634 6988 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:04:44.0681 6988 i8042prt - ok
20:04:44.0696 6988 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:04:44.0743 6988 iaStorV - ok
20:04:44.0774 6988 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:04:44.0805 6988 idsvc - ok
20:04:44.0883 6988 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20121123.001\IDSvia64.sys
20:04:44.0915 6988 IDSVia64 - ok
20:04:44.0946 6988 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:04:44.0993 6988 iirsp - ok
20:04:45.0024 6988 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:04:45.0071 6988 IKEEXT - ok
20:04:45.0133 6988 [ 9526F32B8A76F8DC25A1587400E30084 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:04:45.0180 6988 IntcAzAudAddService - ok
20:04:45.0195 6988 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:04:45.0227 6988 intelide - ok
20:04:45.0258 6988 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:04:45.0289 6988 intelppm - ok
20:04:45.0320 6988 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:04:45.0383 6988 IPBusEnum - ok
20:04:45.0414 6988 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:04:45.0461 6988 IpFilterDriver - ok
20:04:45.0507 6988 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:04:45.0539 6988 iphlpsvc - ok
20:04:45.0554 6988 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:04:45.0601 6988 IPMIDRV - ok
20:04:45.0601 6988 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:04:45.0648 6988 IPNAT - ok
20:04:45.0710 6988 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:04:45.0741 6988 iPod Service - ok
20:04:45.0773 6988 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:04:45.0788 6988 IRENUM - ok
20:04:45.0804 6988 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:04:45.0835 6988 isapnp - ok
20:04:45.0851 6988 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:04:45.0882 6988 iScsiPrt - ok
20:04:45.0897 6988 [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
20:04:45.0913 6988 k57nd60a - ok
20:04:45.0913 6988 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:04:45.0929 6988 kbdclass - ok
20:04:45.0960 6988 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:04:46.0007 6988 kbdhid - ok
20:04:46.0038 6988 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:04:46.0069 6988 KeyIso - ok
20:04:46.0100 6988 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:04:46.0131 6988 KSecDD - ok
20:04:46.0147 6988 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:04:46.0163 6988 KSecPkg - ok
20:04:46.0163 6988 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:04:46.0241 6988 ksthunk - ok
20:04:46.0272 6988 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:04:46.0303 6988 KtmRm - ok
20:04:46.0350 6988 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:04:46.0397 6988 LanmanServer - ok
20:04:46.0412 6988 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:04:46.0475 6988 LanmanWorkstation - ok
20:04:46.0506 6988 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:04:46.0537 6988 lltdio - ok
20:04:46.0568 6988 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:04:46.0599 6988 lltdsvc - ok
20:04:46.0615 6988 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:04:46.0646 6988 lmhosts - ok
20:04:46.0677 6988 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:04:46.0693 6988 LSI_FC - ok
20:04:46.0693 6988 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:04:46.0709 6988 LSI_SAS - ok
20:04:46.0709 6988 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:04:46.0724 6988 LSI_SAS2 - ok
20:04:46.0740 6988 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:04:46.0755 6988 LSI_SCSI - ok
20:04:46.0755 6988 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:04:46.0802 6988 luafv - ok
20:04:46.0833 6988 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:04:46.0849 6988 Mcx2Svc - ok
20:04:46.0865 6988 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:04:46.0880 6988 megasas - ok
20:04:46.0880 6988 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:04:46.0896 6988 MegaSR - ok
20:04:46.0911 6988 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:04:46.0943 6988 MMCSS - ok
20:04:46.0958 6988 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:04:47.0021 6988 Modem - ok
20:04:47.0067 6988 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:04:47.0114 6988 monitor - ok
20:04:47.0130 6988 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
20:04:47.0161 6988 mouclass - ok
20:04:47.0177 6988 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:04:47.0192 6988 mouhid - ok
20:04:47.0223 6988 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:04:47.0239 6988 mountmgr - ok
20:04:47.0286 6988 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:04:47.0317 6988 MozillaMaintenance - ok
20:04:47.0348 6988 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:04:47.0379 6988 mpio - ok
20:04:47.0395 6988 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:04:47.0411 6988 mpsdrv - ok
20:04:47.0457 6988 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:04:47.0489 6988 MpsSvc - ok
20:04:47.0520 6988 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:04:47.0582 6988 MRxDAV - ok
20:04:47.0598 6988 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:04:47.0660 6988 mrxsmb - ok
20:04:47.0707 6988 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:04:47.0754 6988 mrxsmb10 - ok
20:04:47.0769 6988 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:04:47.0785 6988 mrxsmb20 - ok
20:04:47.0785 6988 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:04:47.0801 6988 msahci - ok
20:04:47.0832 6988 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:04:47.0847 6988 msdsm - ok
20:04:47.0879 6988 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:04:47.0925 6988 MSDTC - ok
20:04:47.0957 6988 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:04:48.0003 6988 Msfs - ok
20:04:48.0035 6988 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:04:48.0066 6988 mshidkmdf - ok
20:04:48.0097 6988 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:04:48.0113 6988 msisadrv - ok
20:04:48.0144 6988 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:04:48.0175 6988 MSiSCSI - ok
20:04:48.0175 6988 msiserver - ok
20:04:48.0206 6988 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:04:48.0269 6988 MSKSSRV - ok
20:04:48.0284 6988 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:04:48.0331 6988 MSPCLOCK - ok
20:04:48.0362 6988 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:04:48.0393 6988 MSPQM - ok
20:04:48.0440 6988 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:04:48.0456 6988 MsRPC - ok
20:04:48.0487 6988 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:04:48.0503 6988 mssmbios - ok
20:04:48.0503 6988 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:04:48.0549 6988 MSTEE - ok
20:04:48.0549 6988 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:04:48.0581 6988 MTConfig - ok
20:04:48.0612 6988 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:04:48.0643 6988 Mup - ok
20:04:48.0721 6988 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
20:04:48.0752 6988 N360 - ok
20:04:48.0768 6988 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:04:48.0815 6988 napagent - ok
20:04:48.0830 6988 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:04:48.0877 6988 NativeWifiP - ok
20:04:48.0971 6988 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121124.005\ENG64.SYS
20:04:49.0002 6988 NAVENG - ok
20:04:49.0080 6988 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121124.005\EX64.SYS
20:04:49.0127 6988 NAVEX15 - ok
20:04:49.0189 6988 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:04:49.0236 6988 NDIS - ok
20:04:49.0251 6988 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:04:49.0283 6988 NdisCap - ok
20:04:49.0298 6988 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:04:49.0329 6988 NdisTapi - ok
20:04:49.0345 6988 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:04:49.0392 6988 Ndisuio - ok
20:04:49.0423 6988 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:04:49.0485 6988 NdisWan - ok
20:04:49.0501 6988 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:04:49.0532 6988 NDProxy - ok
20:04:49.0548 6988 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:04:49.0595 6988 NetBIOS - ok
20:04:49.0626 6988 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:04:49.0673 6988 NetBT - ok
20:04:49.0673 6988 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:04:49.0688 6988 Netlogon - ok
20:04:49.0735 6988 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:04:49.0766 6988 Netman - ok
20:04:49.0797 6988 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:04:49.0829 6988 netprofm - ok
20:04:49.0860 6988 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:04:49.0891 6988 NetTcpPortSharing - ok
20:04:49.0907 6988 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:04:49.0922 6988 nfrd960 - ok
20:04:49.0953 6988 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:04:49.0985 6988 NlaSvc - ok
20:04:50.0000 6988 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:04:50.0031 6988 Npfs - ok
20:04:50.0031 6988 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:04:50.0078 6988 nsi - ok
20:04:50.0094 6988 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:04:50.0141 6988 nsiproxy - ok
20:04:50.0203 6988 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:04:50.0281 6988 Ntfs - ok
20:04:50.0281 6988 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:04:50.0312 6988 Null - ok
20:04:50.0343 6988 [ CDDD4478757288DF4BB1494BFD084259 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
20:04:50.0359 6988 NVHDA - ok
20:04:50.0562 6988 [ A5D0603CAE6C334B1386204D94393C04 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:04:50.0702 6988 nvlddmkm - ok
20:04:50.0749 6988 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:04:50.0765 6988 nvraid - ok
20:04:50.0780 6988 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:04:50.0796 6988 nvstor - ok
20:04:50.0811 6988 [ 268D382FCC6A8A568AAB7C6DC8C71BB3 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:04:50.0827 6988 nvsvc - ok
20:04:50.0843 6988 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:04:50.0889 6988 nv_agp - ok
20:04:50.0921 6988 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:04:50.0952 6988 ohci1394 - ok
20:04:50.0999 6988 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:04:51.0045 6988 ose - ok
20:04:51.0186 6988 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:04:51.0326 6988 osppsvc - ok
20:04:51.0357 6988 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:04:51.0389 6988 p2pimsvc - ok
20:04:51.0435 6988 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:04:51.0467 6988 p2psvc - ok
20:04:51.0482 6988 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:04:51.0498 6988 Parport - ok
20:04:51.0545 6988 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:04:51.0576 6988 partmgr - ok
20:04:51.0591 6988 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:04:51.0623 6988 PcaSvc - ok
20:04:51.0669 6988 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:04:51.0716 6988 pci - ok
20:04:51.0763 6988 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:04:51.0794 6988 pciide - ok
20:04:51.0810 6988 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:04:51.0825 6988 pcmcia - ok
20:04:51.0825 6988 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:04:51.0857 6988 pcw - ok
20:04:51.0872 6988 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:04:51.0919 6988 PEAUTH - ok
20:04:51.0981 6988 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:04:52.0044 6988 PerfHost - ok
20:04:52.0122 6988 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:04:52.0231 6988 pla - ok
20:04:52.0278 6988 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:04:52.0340 6988 PlugPlay - ok
20:04:52.0371 6988 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:04:52.0387 6988 PNRPAutoReg - ok
20:04:52.0403 6988 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:04:52.0418 6988 PNRPsvc - ok
20:04:52.0434 6988 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:04:52.0465 6988 PolicyAgent - ok
20:04:52.0481 6988 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:04:52.0543 6988 Power - ok
20:04:52.0574 6988 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:04:52.0637 6988 PptpMiniport - ok
20:04:52.0652 6988 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:04:52.0668 6988 Processor - ok
20:04:52.0715 6988 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:04:52.0777 6988 ProfSvc - ok
20:04:52.0793 6988 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:04:52.0808 6988 ProtectedStorage - ok
20:04:52.0839 6988 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:04:52.0871 6988 Psched - ok
20:04:52.0902 6988 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
20:04:52.0917 6988 PxHlpa64 - ok
20:04:52.0980 6988 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:04:53.0058 6988 ql2300 - ok
20:04:53.0073 6988 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:04:53.0089 6988 ql40xx - ok
20:04:53.0089 6988 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:04:53.0120 6988 QWAVE - ok
20:04:53.0136 6988 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:04:53.0151 6988 QWAVEdrv - ok
20:04:53.0167 6988 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:04:53.0198 6988 RasAcd - ok
20:04:53.0229 6988 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:04:53.0292 6988 RasAgileVpn - ok
20:04:53.0323 6988 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:04:53.0354 6988 RasAuto - ok
20:04:53.0385 6988 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:04:53.0432 6988 Rasl2tp - ok
20:04:53.0479 6988 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:04:53.0541 6988 RasMan - ok
20:04:53.0541 6988 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:04:53.0588 6988 RasPppoe - ok
20:04:53.0604 6988 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:04:53.0651 6988 RasSstp - ok
20:04:53.0666 6988 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:04:53.0697 6988 rdbss - ok
20:04:53.0713 6988 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:04:53.0713 6988 rdpbus - ok
20:04:53.0729 6988 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:04:53.0760 6988 RDPCDD - ok
20:04:53.0791 6988 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:04:53.0853 6988 RDPENCDD - ok
20:04:53.0885 6988 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:04:53.0916 6988 RDPREFMP - ok
20:04:53.0947 6988 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:04:53.0978 6988 RDPWD - ok
20:04:54.0009 6988 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:04:54.0041 6988 rdyboost - ok
20:04:54.0056 6988 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:04:54.0103 6988 RemoteAccess - ok
20:04:54.0103 6988 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:04:54.0134 6988 RemoteRegistry - ok
20:04:54.0212 6988 [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
20:04:54.0228 6988 RichVideo - ok
20:04:54.0243 6988 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:04:54.0306 6988 RpcEptMapper - ok
20:04:54.0337 6988 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:04:54.0353 6988 RpcLocator - ok
20:04:54.0368 6988 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:04:54.0415 6988 RpcSs - ok
20:04:54.0415 6988 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:04:54.0446 6988 rspndr - ok
20:04:54.0477 6988 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:04:54.0477 6988 SamSs - ok
20:04:54.0509 6988 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:04:54.0555 6988 sbp2port - ok
20:04:54.0571 6988 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:04:54.0618 6988 SCardSvr - ok
20:04:54.0633 6988 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:04:54.0727 6988 scfilter - ok
20:04:54.0774 6988 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:04:54.0852 6988 Schedule - ok
20:04:54.0883 6988 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:04:54.0914 6988 SCPolicySvc - ok
20:04:54.0945 6988 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:04:54.0977 6988 SDRSVC - ok
20:04:55.0039 6988 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
20:04:55.0086 6988 SeaPort - ok
20:04:55.0101 6988 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:04:55.0164 6988 secdrv - ok
20:04:55.0179 6988 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:04:55.0211 6988 seclogon - ok
20:04:55.0226 6988 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:04:55.0257 6988 SENS - ok
20:04:55.0273 6988 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:04:55.0289 6988 SensrSvc - ok
20:04:55.0304 6988 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:04:55.0320 6988 Serenum - ok
20:04:55.0335 6988 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:04:55.0398 6988 Serial - ok
20:04:55.0429 6988 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:04:55.0476 6988 sermouse - ok
20:04:55.0507 6988 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:04:55.0538 6988 SessionEnv - ok
20:04:55.0569 6988 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:04:55.0585 6988 sffdisk - ok
20:04:55.0616 6988 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:04:55.0663 6988 sffp_mmc - ok
20:04:55.0679 6988 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:04:55.0710 6988 sffp_sd - ok
20:04:55.0725 6988 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:04:55.0741 6988 sfloppy - ok
20:04:55.0788 6988 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
20:04:55.0835 6988 Sftfs - ok
20:04:55.0881 6988 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:04:55.0928 6988 sftlist - ok
20:04:55.0944 6988 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:04:55.0959 6988 Sftplay - ok
20:04:55.0975 6988 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:04:55.0975 6988 Sftredir - ok
20:04:56.0037 6988 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
20:04:56.0084 6988 SftService - ok
20:04:56.0100 6988 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
20:04:56.0100 6988 Sftvol - ok
20:04:56.0115 6988 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:04:56.0147 6988 sftvsa - ok
20:04:56.0178 6988 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:04:56.0240 6988 SharedAccess - ok
20:04:56.0271 6988 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:04:56.0334 6988 ShellHWDetection - ok
20:04:56.0349 6988 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:04:56.0365 6988 SiSRaid2 - ok
20:04:56.0381 6988 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:04:56.0381 6988 SiSRaid4 - ok
20:04:56.0412 6988 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:04:56.0427 6988 SkypeUpdate - ok
20:04:56.0443 6988 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:04:56.0474 6988 Smb - ok
20:04:56.0490 6988 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:04:56.0537 6988 SNMPTRAP - ok
20:04:56.0552 6988 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:04:56.0568 6988 spldr - ok
20:04:56.0599 6988 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:04:56.0646 6988 Spooler - ok
20:04:56.0771 6988 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:04:56.0880 6988 sppsvc - ok
20:04:56.0895 6988 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:04:56.0942 6988 sppuinotify - ok
20:04:57.0036 6988 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS
20:04:57.0067 6988 SRTSP - ok
20:04:57.0083 6988 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS
20:04:57.0098 6988 SRTSPX - ok
20:04:57.0129 6988 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:04:57.0207 6988 srv - ok
20:04:57.0254 6988 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:04:57.0285 6988 srv2 - ok
20:04:57.0301 6988 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:04:57.0317 6988 srvnet - ok
20:04:57.0348 6988 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:04:57.0379 6988 SSDPSRV - ok
20:04:57.0379 6988 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:04:57.0410 6988 SstpSvc - ok
20:04:57.0441 6988 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:04:57.0457 6988 stexstor - ok
20:04:57.0504 6988 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:04:57.0535 6988 stisvc - ok
20:04:57.0566 6988 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:04:57.0597 6988 swenum - ok
20:04:57.0629 6988 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:04:57.0675 6988 swprv - ok
20:04:57.0722 6988 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS
20:04:57.0753 6988 SymDS - ok
20:04:57.0800 6988 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS
20:04:57.0878 6988 SymEFA - ok
20:04:57.0909 6988 [ 894579207E39C465737E850A252CE4F2 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:04:57.0925 6988 SymEvent - ok
20:04:57.0941 6988 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS
20:04:57.0956 6988 SymIRON - ok
20:04:57.0972 6988 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS
20:04:57.0987 6988 SymNetS - ok
20:04:58.0050 6988 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:04:58.0175 6988 SysMain - ok
20:04:58.0206 6988 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:04:58.0221 6988 TabletInputService - ok
20:04:58.0268 6988 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:04:58.0315 6988 TapiSrv - ok
20:04:58.0331 6988 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:04:58.0362 6988 TBS - ok
20:04:58.0409 6988 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:04:58.0487 6988 Tcpip - ok
20:04:58.0549 6988 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:04:58.0580 6988 TCPIP6 - ok
20:04:58.0611 6988 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:04:58.0643 6988 tcpipreg - ok
20:04:58.0674 6988 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:04:58.0705 6988 TDPIPE - ok
20:04:58.0736 6988 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:04:58.0783 6988 TDTCP - ok
20:04:58.0814 6988 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:04:58.0861 6988 tdx - ok
20:04:58.0877 6988 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:04:58.0892 6988 TermDD - ok
20:04:58.0939 6988 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:04:59.0001 6988 TermService - ok
20:04:59.0017 6988 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:04:59.0048 6988 Themes - ok
20:04:59.0079 6988 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:04:59.0111 6988 THREADORDER - ok
20:04:59.0157 6988 [ 0B345FB8427D0DAAD7D82C74B9961C87 ] TridVid C:\Windows\system32\DRIVERS\tridvid6010.sys
20:04:59.0220 6988 TridVid - ok
20:04:59.0235 6988 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:04:59.0282 6988 TrkWks - ok
20:04:59.0329 6988 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:04:59.0391 6988 TrustedInstaller - ok
20:04:59.0423 6988 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:04:59.0485 6988 tssecsrv - ok
20:04:59.0501 6988 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:04:59.0563 6988 TsUsbFlt - ok
20:04:59.0625 6988 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:04:59.0672 6988 tunnel - ok
20:04:59.0688 6988 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:04:59.0703 6988 uagp35 - ok
20:04:59.0750 6988 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:04:59.0781 6988 udfs - ok
20:04:59.0797 6988 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:04:59.0828 6988 UI0Detect - ok
20:04:59.0844 6988 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:04:59.0859 6988 uliagpkx - ok
20:04:59.0906 6988 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:04:59.0937 6988 umbus - ok
20:04:59.0953 6988 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:05:00.0000 6988 UmPass - ok
20:05:00.0031 6988 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:05:00.0093 6988 upnphost - ok
20:05:00.0125 6988 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:05:00.0187 6988 USBAAPL64 - ok
20:05:00.0218 6988 [ C85B8247FADD432FA54FE11667C8D97D ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
20:05:00.0296 6988 usbbus - ok
20:05:00.0312 6988 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:05:00.0359 6988 usbccgp - ok
20:05:00.0390 6988 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:05:00.0405 6988 usbcir - ok
20:05:00.0421 6988 [ D8CDC12F5429878F23DDB3785A0FDF95 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
20:05:00.0468 6988 UsbDiag - ok
20:05:00.0483 6988 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:05:00.0499 6988 usbehci - ok
20:05:00.0515 6988 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:05:00.0546 6988 usbhub - ok
20:05:00.0577 6988 [ 79FA7A22B0F6F0082F640CBC82A00FCE ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
20:05:00.0593 6988 USBModem - ok
20:05:00.0608 6988 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:05:00.0624 6988 usbohci - ok
20:05:00.0655 6988 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:05:00.0702 6988 usbprint - ok
20:05:00.0717 6988 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:05:00.0780 6988 usbscan - ok
20:05:00.0795 6988 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:05:00.0873 6988 USBSTOR - ok
20:05:00.0873 6988 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:05:00.0905 6988 usbuhci - ok
20:05:00.0920 6988 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:05:00.0983 6988 UxSms - ok
20:05:00.0983 6988 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:05:00.0998 6988 VaultSvc - ok
20:05:01.0029 6988 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:05:01.0045 6988 vdrvroot - ok
20:05:01.0076 6988 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:05:01.0107 6988 vds - ok
20:05:01.0123 6988 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:05:01.0139 6988 vga - ok
20:05:01.0139 6988 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:05:01.0185 6988 VgaSave - ok
20:05:01.0217 6988 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:05:01.0263 6988 vhdmp - ok
20:05:01.0279 6988 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:05:01.0279 6988 viaide - ok
20:05:01.0310 6988 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:05:01.0341 6988 volmgr - ok
20:05:01.0373 6988 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:05:01.0419 6988 volmgrx - ok
20:05:01.0435 6988 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:05:01.0451 6988 volsnap - ok
20:05:01.0482 6988 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:05:01.0482 6988 vsmraid - ok
20:05:01.0544 6988 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:05:01.0622 6988 VSS - ok
20:05:01.0638 6988 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:05:01.0653 6988 vwifibus - ok
20:05:01.0685 6988 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:05:01.0716 6988 W32Time - ok
20:05:01.0731 6988 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:05:01.0747 6988 WacomPen - ok
20:05:01.0763 6988 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:05:01.0809 6988 WANARP - ok
20:05:01.0809 6988 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:05:01.0841 6988 Wanarpv6 - ok
20:05:01.0887 6988 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:05:01.0965 6988 WatAdminSvc - ok
20:05:01.0997 6988 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:05:02.0059 6988 wbengine - ok
20:05:02.0075 6988 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:05:02.0121 6988 WbioSrvc - ok
20:05:02.0153 6988 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:05:02.0168 6988 wcncsvc - ok
20:05:02.0184 6988 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:05:02.0215 6988 WcsPlugInService - ok
20:05:02.0231 6988 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:05:02.0262 6988 Wd - ok
20:05:02.0324 6988 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:05:02.0355 6988 Wdf01000 - ok
20:05:02.0371 6988 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:05:02.0449 6988 WdiServiceHost - ok
20:05:02.0465 6988 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:05:02.0480 6988 WdiSystemHost - ok
20:05:02.0511 6988 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:05:02.0558 6988 WebClient - ok
20:05:02.0574 6988 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:05:02.0621 6988 Wecsvc - ok
20:05:02.0636 6988 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:05:02.0667 6988 wercplsupport - ok
20:05:02.0699 6988 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:05:02.0730 6988 WerSvc - ok
20:05:02.0745 6988 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:05:02.0761 6988 WfpLwf - ok
20:05:02.0808 6988 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
20:05:02.0855 6988 WimFltr - ok
20:05:02.0855 6988 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:05:02.0870 6988 WIMMount - ok
20:05:02.0886 6988 WinDefend - ok
20:05:02.0886 6988 WinHttpAutoProxySvc - ok
20:05:02.0917 6988 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:05:02.0948 6988 Winmgmt - ok
20:05:03.0011 6988 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:05:03.0120 6988 WinRM - ok
20:05:03.0182 6988 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:05:03.0245 6988 WinUsb - ok
20:05:03.0260 6988 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:05:03.0291 6988 Wlansvc - ok
20:05:03.0354 6988 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:05:03.0385 6988 wlcrasvc - ok
20:05:03.0479 6988 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:05:03.0541 6988 wlidsvc - ok
20:05:03.0572 6988 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:05:03.0588 6988 WmiAcpi - ok
20:05:03.0588 6988 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:05:03.0619 6988 wmiApSrv - ok
20:05:03.0619 6988 WMPNetworkSvc - ok
20:05:03.0635 6988 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:05:03.0681 6988 WPCSvc - ok
20:05:03.0713 6988 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:05:03.0759 6988 WPDBusEnum - ok
20:05:03.0775 6988 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:05:03.0806 6988 ws2ifsl - ok
20:05:03.0822 6988 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
20:05:03.0853 6988 wscsvc - ok
20:05:03.0869 6988 WSearch - ok
20:05:03.0978 6988 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:05:04.0071 6988 wuauserv - ok
20:05:04.0103 6988 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:05:04.0181 6988 WudfPf - ok
20:05:04.0196 6988 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:05:04.0243 6988 WUDFRd - ok
20:05:04.0274 6988 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:05:04.0305 6988 wudfsvc - ok
20:05:04.0321 6988 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:05:04.0352 6988 WwanSvc - ok
20:05:04.0352 6988 ================ Scan global ===============================
20:05:04.0383 6988 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:05:04.0415 6988 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:05:04.0430 6988 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:05:04.0461 6988 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:05:04.0477 6988 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:05:04.0493 6988 [Global] - ok
20:05:04.0493 6988 ================ Scan MBR ==================================
20:05:04.0493 6988 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
20:05:04.0493 6988 Suspicious mbr (Forged): \Device\Harddisk0\DR0
20:05:04.0539 6988 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
20:05:04.0539 6988 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
20:05:04.0633 6988 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:05:04.0633 6988 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:05:04.0633 6988 ================ Scan VBR ==================================
20:05:04.0633 6988 [ 713A049E5C8278152DC1C28B2C7D051D ] \Device\Harddisk0\DR0\Partition1
20:05:04.0649 6988 \Device\Harddisk0\DR0\Partition1 - ok
20:05:04.0664 6988 [ BA0AB65005EB9E61827AC20B0BF5BF9B ] \Device\Harddisk0\DR0\Partition2
20:05:04.0664 6988 \Device\Harddisk0\DR0\Partition2 - ok
20:05:04.0664 6988 ============================================================
20:05:04.0664 6988 Scan finished
20:05:04.0664 6988 ============================================================
20:05:04.0680 2468 Detected object count: 3
20:05:04.0680 2468 Actual detected object count: 3
20:09:50.0722 2468 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
20:09:50.0722 2468 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:09:51.0294 2468 \Device\Harddisk0\DR0\# - copied to quarantine
20:09:51.0296 2468 \Device\Harddisk0\DR0 - copied to quarantine
20:09:51.0348 2468 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
20:09:51.0351 2468 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:09:51.0373 2468 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:09:51.0383 2468 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:09:51.0385 2468 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
20:09:51.0386 2468 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:09:51.0388 2468 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:09:51.0391 2468 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:09:51.0394 2468 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:09:51.0396 2468 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
20:09:51.0398 2468 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
20:09:51.0399 2468 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
20:09:51.0426 2468 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
20:09:51.0430 2468 \Device\Harddisk0\DR0 - ok
20:09:51.0789 2468 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
20:09:51.0790 2468 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:09:51.0790 2468 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:10:41.0360 5004 Deinitialize success
-
TDSSKiller produced 2 logs, here is the 2nd/more recent log:
20:12:27.0539 2908 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:12:28.0007 2908 ============================================================
20:12:28.0007 2908 Current date / time: 2012/11/25 20:12:28.0007
20:12:28.0007 2908 SystemInfo:
20:12:28.0007 2908
20:12:28.0007 2908 OS Version: 6.1.7601 ServicePack: 1.0
20:12:28.0007 2908 Product type: Workstation
20:12:28.0007 2908 ComputerName: ORENDERCLAN-PC
20:12:28.0007 2908 UserName: Orender Clan
20:12:28.0007 2908 Windows directory: C:\Windows
20:12:28.0007 2908 System windows directory: C:\Windows
20:12:28.0007 2908 Running under WOW64
20:12:28.0007 2908 Processor architecture: Intel x64
20:12:28.0007 2908 Number of processors: 2
20:12:28.0007 2908 Page size: 0x1000
20:12:28.0007 2908 Boot type: Normal boot
20:12:28.0007 2908 ============================================================
20:12:29.0832 2908 BG loaded
20:12:30.0206 2908 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:12:30.0237 2908 ============================================================
20:12:30.0237 2908 \Device\Harddisk0\DR0:
20:12:30.0237 2908 MBR partitions:
20:12:30.0237 2908 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x13C3000
20:12:30.0237 2908 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13D7000, BlocksNum 0x5616E800
20:12:30.0237 2908 ============================================================
20:12:30.0269 2908 C: <-> \Device\Harddisk0\DR0\Partition2
20:12:30.0269 2908 ============================================================
20:12:30.0269 2908 Initialize success
20:12:30.0269 2908 ============================================================
I don't see svchost.exe (winrscmde) running as a system process anymore, thats encouraging.
-
http://www.bleepingcomputer.com/download/tdsskiller/
Is that the correct link to download it?
-
Sorry for the delay, had to go through the motions a second time. winrscmde is still running on my computer after going through everything, using a lot of memory - though my blue error screen problems have stopped, which is nice!
ComboFix.txt:
ComboFix 12-11-25.01 - Orender Clan 11/25/2012 17:01:18.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4771 [GMT -5:00]
Running from: c:\users\Orender Clan\Desktop\ComboFix.exe
Command switches used :: c:\users\Orender Clan\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mapit
c:\program files (x86)\Mapit\GottenAppsContextMenu.xml
c:\program files (x86)\Mapit\ldrtbMapi.dll
c:\program files (x86)\Mapit\MapitToolbarHelper.exe
c:\program files (x86)\Mapit\OtherAppsContextMenu.xml
c:\program files (x86)\Mapit\prxtbMapi.dll
c:\program files (x86)\Mapit\SharedAppsContextMenu.xml
c:\program files (x86)\Mapit\tbMapi.dll
c:\program files (x86)\Mapit\toolbar.cfg
c:\program files (x86)\Mapit\ToolbarContextMenu.xml
c:\program files (x86)\Mapit\uninstall.exe
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-25 to 2012-11-25 )))))))))))))))))))))))))))))))
.
.
2012-11-25 16:25 . 2012-11-25 16:25 -------- d-----w- C:\found.000
2012-11-25 01:53 . 2012-11-25 01:53 -------- d-----w- c:\users\Orender Clan\AppData\Roaming\Malwarebytes
2012-11-25 01:53 . 2012-11-25 01:53 -------- d-----w- c:\programdata\Malwarebytes
2012-11-25 01:53 . 2012-11-25 01:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-25 01:53 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-16 04:34 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 04:34 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 04:34 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 04:34 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 04:26 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 04:26 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 04:26 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 04:26 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 04:26 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 04:26 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 04:26 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 04:26 . 2010-06-26 22:40 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-14 03:18 . 2012-04-05 11:46 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-14 03:18 . 2011-05-19 11:51 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-13 11:01 . 2012-10-13 11:01 98304 ----a-w- c:\users\Orender Clan\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2012-10-13 11:01 . 2012-10-13 11:01 24576 ----a-w- c:\users\Orender Clan\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2012-10-13 11:01 . 2012-10-13 11:01 1347584 ----a-w- c:\users\Orender Clan\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2012-09-21 22:41 . 2011-05-16 14:38 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-21 22:41 . 2011-05-16 14:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-14 19:19 . 2012-10-10 15:23 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 15:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-04 18:40 . 2012-09-04 18:40 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 18:40 . 2012-05-18 22:32 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-04 18:40 . 2010-06-22 06:05 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 18:19 . 2012-10-10 15:24 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 22:45 . 2012-08-30 22:45 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-30 22:45 . 2012-08-30 22:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-30 18:03 . 2012-10-10 15:24 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 15:24 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 15:24 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Orender Clan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-28 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-06 559616]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 TridVid;USB TV Tuner;c:\windows\system32\DRIVERS\tridvid6010.sys [2011-01-21 411648]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20121123.001\IDSvia64.sys [2012-09-06 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [2011-11-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [2011-11-17 405624]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-01-07 1052328]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-01-07 33448]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 03:18]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2509198050-1799770259-3595075597-1000Core.job
- c:\users\Orender Clan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-23 13:42]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2509198050-1799770259-3595075597-1000UA.job
- c:\users\Orender Clan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-23 13:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2010-01-18 770728]
"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2010-01-18 139944]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://myhomepage.genieo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Orender Clan\AppData\Roaming\Mozilla\Firefox\Profiles\f8we4oe0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{46a21652-3f93-437d-aac0-caa1f6713da0} - c:\program files (x86)\Mapit\prxtbMapi.dll
Toolbar-Locked - (no file)
WebBrowser-{46A21652-3F93-437D-AAC0-CAA1F6713DA0} - (no file)
AddRemove-Mapit Toolbar - c:\program files (x86)\Mapit\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{09B71986-2AC5-482D-B6CB-42EA34F4F85B}"=hex:51,66,7a,6c,4c,1d,38,12,e8,1a,a4,
0d,f7,64,43,0d,c9,dd,01,aa,31,aa,bc,4f
"{A8864317-E18B-4292-99D9-E6E65AB905D3}"=hex:51,66,7a,6c,4c,1d,38,12,79,40,95,
ac,b9,af,fc,07,e6,cf,a5,a6,5f,e7,41,c7
"{46A21652-3F93-437D-AAC0-CAA1F6713DA0}"=hex:51,66,7a,6c,4c,1d,38,12,3c,15,b1,
42,a1,71,13,06,d5,d6,89,e1,f3,2f,79,b4
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}"=hex:51,66,7a,6c,4c,1d,38,12,52,5d,bf,
b2,d9,12,1c,0b,cb,47,b3,a1,bf,c6,78,00
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"=hex:51,66,7a,6c,4c,1d,38,12,6c,b9,e1,
ef,a6,de,34,09,fa,9d,f8,59,8a,63,c9,f6
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}"=hex:51,66,7a,6c,4c,1d,38,12,82,eb,dd,
21,02,19,d2,04,f4,4e,61,9d,cd,f5,c8,34
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:53,c0,24,e2,fd,c9,cd,01
.
[HKEY_USERS\S-1-5-21-2509198050-1799770259-3595075597-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2509198050-1799770259-3595075597-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2012-11-25 17:51:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-25 22:51
ComboFix2.txt 2012-11-25 19:35
.
Pre-Run: 611,662,405,632 bytes free
Post-Run: 612,852,359,168 bytes free
.
- - End Of File - - 9E74330D786699F2F90716237ADE41CD
Malwarebytes log:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.24.11
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Orender Clan :: ORENDERCLAN-PC [administrator]
11/25/2012 5:54:53 PM
mbam-log-2012-11-25 (17-54-53).txt
Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 401304
Time elapsed: 56 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
-
Nearly a minute after I posted, ComboFix finally gave me the prompt that it was almost done. I will post both logs ASAP.
-
I've been having some problems running ComboFix successfully. The first time, my computer shutdown and started up on the black screen asking for Safe Mode or normal startup (no ComboFix log in my C:\ directory). I tried going through the process again, and ComboFox has been stuck on the same blue screen that says "Preparing Log Report. Do not run any programs until ComboFix has finished", meanwhile svchost.exe (winrscmde) is running at ~600k in the background, so I decided to write a quick update/post. Any suggestions?
-
ComboFix Log:
ComboFix 12-11-25.01 - Orender Clan 11/25/2012 14:25:26.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4514 [GMT -5:00]
Running from: c:\users\Orender Clan\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL6FFE.tmp
c:\programdata\SPL9974.tmp
c:\users\Orender Clan\AppData\Local\CRE\Apps\jkuzrfrtz.dll
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-25 to 2012-11-25 )))))))))))))))))))))))))))))))
.
.
2012-11-25 19:32 . 2012-11-25 19:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-25 16:25 . 2012-11-25 16:25 -------- d-----w- C:\found.000
2012-11-25 01:53 . 2012-11-25 01:53 -------- d-----w- c:\users\Orender Clan\AppData\Roaming\Malwarebytes
2012-11-25 01:53 . 2012-11-25 01:53 -------- d-----w- c:\programdata\Malwarebytes
2012-11-25 01:53 . 2012-11-25 01:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-25 01:53 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-16 04:34 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 04:34 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 04:34 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 04:34 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 04:26 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 04:26 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 04:26 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 04:26 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 04:26 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 04:26 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 04:26 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 04:26 . 2010-06-26 22:40 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-14 03:18 . 2012-04-05 11:46 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-14 03:18 . 2011-05-19 11:51 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-13 11:01 . 2012-10-13 11:01 98304 ----a-w- c:\users\Orender Clan\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2012-10-13 11:01 . 2012-10-13 11:01 24576 ----a-w- c:\users\Orender Clan\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2012-10-13 11:01 . 2012-10-13 11:01 1347584 ----a-w- c:\users\Orender Clan\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2012-09-21 22:41 . 2011-05-16 14:38 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-21 22:41 . 2011-05-16 14:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-14 19:19 . 2012-10-10 15:23 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 15:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-04 18:40 . 2012-09-04 18:40 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 18:40 . 2012-05-18 22:32 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-04 18:40 . 2010-06-22 06:05 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 18:19 . 2012-10-10 15:24 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 22:45 . 2012-08-30 22:45 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-30 22:45 . 2012-08-30 22:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-30 18:03 . 2012-10-10 15:24 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 15:24 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 15:24 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{46a21652-3f93-437d-aac0-caa1f6713da0}"= "c:\program files (x86)\Mapit\prxtbMapi.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{46a21652-3f93-437d-aac0-caa1f6713da0}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{46a21652-3f93-437d-aac0-caa1f6713da0}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Mapit\prxtbMapi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{46a21652-3f93-437d-aac0-caa1f6713da0}"= "c:\program files (x86)\Mapit\prxtbMapi.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{46a21652-3f93-437d-aac0-caa1f6713da0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Orender Clan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-28 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-06 559616]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 TridVid;USB TV Tuner;c:\windows\system32\DRIVERS\tridvid6010.sys [2011-01-21 411648]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20121123.001\IDSvia64.sys [2012-09-06 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [2011-11-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [2011-11-17 405624]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-01-07 1052328]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-01-07 33448]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 03:18]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2509198050-1799770259-3595075597-1000Core.job
- c:\users\Orender Clan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-23 13:42]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2509198050-1799770259-3595075597-1000UA.job
- c:\users\Orender Clan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-23 13:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2010-01-18 770728]
"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2010-01-18 139944]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://myhomepage.genieo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Orender Clan\AppData\Roaming\Mozilla\Firefox\Profiles\f8we4oe0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{a8864317-e18b-4292-99d9-e6e65ab905d3} - (no file)
URLSearchHooks-{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Apps - c:\users\Orender Clan\AppData\Local\CRE\Apps\jkuzrfrtz.dll
Wow6432Node-HKU-Default-Run-Apps - c:\users\Orender Clan\AppData\Local\CRE\Apps\jkuzrfrtz.dll
Toolbar-Locked - (no file)
WebBrowser-{A8864317-E18B-4292-99D9-E6E65AB905D3} - (no file)
WebBrowser-{46A21652-3F93-437D-AAC0-CAA1F6713DA0} - (no file)
WebBrowser-{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{09B71986-2AC5-482D-B6CB-42EA34F4F85B}"=hex:51,66,7a,6c,4c,1d,38,12,e8,1a,a4,
0d,f7,64,43,0d,c9,dd,01,aa,31,aa,bc,4f
"{A8864317-E18B-4292-99D9-E6E65AB905D3}"=hex:51,66,7a,6c,4c,1d,38,12,79,40,95,
ac,b9,af,fc,07,e6,cf,a5,a6,5f,e7,41,c7
"{46A21652-3F93-437D-AAC0-CAA1F6713DA0}"=hex:51,66,7a,6c,4c,1d,38,12,3c,15,b1,
42,a1,71,13,06,d5,d6,89,e1,f3,2f,79,b4
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}"=hex:51,66,7a,6c,4c,1d,38,12,52,5d,bf,
b2,d9,12,1c,0b,cb,47,b3,a1,bf,c6,78,00
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"=hex:51,66,7a,6c,4c,1d,38,12,6c,b9,e1,
ef,a6,de,34,09,fa,9d,f8,59,8a,63,c9,f6
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}"=hex:51,66,7a,6c,4c,1d,38,12,82,eb,dd,
21,02,19,d2,04,f4,4e,61,9d,cd,f5,c8,34
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:53,c0,24,e2,fd,c9,cd,01
.
[HKEY_USERS\S-1-5-21-2509198050-1799770259-3595075597-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2509198050-1799770259-3595075597-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-25 14:35:14
ComboFix-quarantined-files.txt 2012-11-25 19:35
.
Pre-Run: 613,294,837,760 bytes free
Post-Run: 613,198,045,184 bytes free
.
- - End Of File - - 9A36A741651871CEC67C2F4ADC489910
-
Thanks Kevin -
Here is my most recent Malwarebytes log:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.24.11
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Orender Clan :: ORENDERCLAN-PC [administrator]
11/25/2012 11:14:32 AM
mbam-log-2012-11-25 (11-14-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203511
Time elapsed: 4 minute(s), 45 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4188 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
I should note that I changed the svchost.exe to a Read-only file and that has temporarily stopped it from restarting itself under the list of processes listed by the Task Manager.
-
winrscmde (through system process svchost.exe) Trojan has been detected on my computer by MBAM, however, after I have restarted my computer winrscmde can again be found on my computer.
I have never posted before, so please let me know if anything is incorrect.
Here are my logs:
dds.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
Run by Orender Clan at 12:32:29 on 2012-11-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4293 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe
C:\Windows\system32\dleacoms.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Windows\System32\rundll32.exe
C:\Users\Orender Clan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Orender Clan\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Users\Orender Clan\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://myhomepage.genieo.com/
uURLSearchHooks: {a8864317-e18b-4292-99d9-e6e65ab905d3} - <orphaned>
uURLSearchHooks: Mapit Toolbar: {46a21652-3f93-437d-aac0-caa1f6713da0} - C:\Program Files (x86)\Mapit\prxtbMapi.dll
uURLSearchHooks: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - <orphaned>
mURLSearchHooks: Mapit Toolbar: {46a21652-3f93-437d-aac0-caa1f6713da0} - C:\Program Files (x86)\Mapit\prxtbMapi.dll
mWinlogon: Userinit = userinit.exe,
BHO: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: Mapit Toolbar: {46a21652-3f93-437d-aac0-caa1f6713da0} - C:\Program Files (x86)\Mapit\prxtbMapi.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Mapit Toolbar: {46A21652-3F93-437D-AAC0-CAA1F6713DA0} - C:\Program Files (x86)\Mapit\prxtbMapi.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
TB: Mapit Toolbar: {46a21652-3f93-437d-aac0-caa1f6713da0} - C:\Program Files (x86)\Mapit\prxtbMapi.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
uRun: [Google Update] "C:\Users\Orender Clan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Apps] rundll32.exe "C:\Users\Orender Clan\AppData\Local\CRE\Apps\jkuzrfrtz.dll",RANDOMW
uRun: [spotify Web Helper] "C:\Users\Orender Clan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
dRun: [Apps] rundll32.exe "C:\Users\Orender Clan\AppData\Local\CRE\Apps\jkuzrfrtz.dll",RANDOMW
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{516D7D44-142B-41DB-B0F8-19EF8C88D465} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe"
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Orender Clan\AppData\Roaming\Mozilla\Firefox\Profiles\f8we4oe0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Orender Clan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Orender Clan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Orender Clan\AppData\Roaming\Mozilla\Firefox\Profiles\f8we4oe0.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
FF - plugin: C:\Users\Orender Clan\AppData\Roaming\Mozilla\Firefox\Profiles\f8we4oe0.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-22 55856]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0604000.009\symds64.sys [2012-10-1 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0604000.009\symefa64.sys [2012-10-1 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\0604000.009\ccsetx64.sys [2012-10-1 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20121123.001\IDSviA64.sys [2012-11-23 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0604000.009\ironx64.sys [2012-10-1 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0604000.009\symnets.sys [2012-10-1 405624]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 dlea_device;dlea_device;C:\Windows\System32\dleacoms.exe -service --> C:\Windows\System32\dleacoms.exe -service [?]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe [2010-7-19 33448]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe [2012-10-1 138272]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-22 1692480]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-6-22 320040]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-23 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 TridVid;USB TV Tuner;C:\Windows\System32\drivers\tridvid6010.sys [2011-1-21 411648]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-26 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-25 16:28:11 20480 ----a-r- C:\Windows\svchost.exe
2012-11-25 16:25:06 -------- d-sh--w- C:\found.000
2012-11-25 01:53:51 -------- d-----w- C:\Users\Orender Clan\AppData\Roaming\Malwarebytes
2012-11-25 01:53:33 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-25 01:53:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-25 01:53:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-16 04:34:36 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-16 04:34:36 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-16 04:34:36 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-16 04:34:36 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-16 04:26:10 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-16 04:26:10 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-16 04:26:08 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-16 04:26:08 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-16 04:26:07 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-16 04:26:07 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-16 04:26:07 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-02 01:26:30 212204 ----a-w- C:\ProgramData\SPL9974.tmp
.
==================== Find3M ====================
.
2012-11-14 03:18:27 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 03:18:27 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-04 18:40:25 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 18:40:25 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-04 18:40:25 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 12:33:15.09 ===============
attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/25/2010 5:48:07 PM
System Uptime: 11/25/2012 11:26:27 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 04GJJT
Processor: AMD Athlon™ II X2 240 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 689 GiB total, 574.151 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP186: 11/24/2012 5:47:04 PM - Removed RuneScape Launcher 1.2
RP187: 11/24/2012 5:47:55 PM - Removed RuneScape Launcher 1.2.2
RP188: 11/24/2012 8:23:03 PM - Installed RuneScape Launcher 1.2.2
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Age of Empires III: Complete Collection
Age of Empires III: The Asian Dynasties
Age of Empires III: The War Chiefs
Amazon Kindle
Amazon MP3 Downloader 1.0.17
Amazon Music Importer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Consumer In-Home Service Agreement
ConvertHelper 2.2
Coupon Printer for Windows
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Toolbar
Dell V310-V510 Series
Driver Setup
GameStop App
GEAR driver installer for x86 and x64
Google Chrome
GoToAssist 8.0.0.514
iTunes
Java 7 Update 7
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
LG United Mobile Drivers
Malwarebytes Anti-Malware version 1.65.1.1000
Mapit Toolbar
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Norton 360
NVIDIA Drivers
Power2Go 5.0
PowerDirector
PowerDVD DX
PowerProducer
QuickTime
Realtek High Definition Audio Driver
Roxio Burn
RuneScape Launcher 1.2.2
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Skype Toolbars
Skype™ 5.10
Sony Pictures Download Manager
Spotify
Star Wars Empire at War
Star Wars Empire at War Forces of Corruption
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VoiceOver Kit
Winamp
Winamp Detector Plug-in
Winamp Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
11/25/2012 11:08:40 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
11/25/2012 11:08:14 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
11/25/2012 11:01:00 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff8000310e16a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112512-71089-01.
11/25/2012 10:41:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect.
11/25/2012 10:41:41 AM, Error: Service Control Manager [7000] - The Client Virtualization Handler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/25/2012 10:41:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
11/24/2012 8:24:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800030bb16a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112412-44444-01.
11/24/2012 6:10:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
11/23/2012 8:29:41 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
11/23/2012 8:29:38 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/23/2012 8:29:38 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/23/2012 8:29:38 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/23/2012 8:29:38 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
11/23/2012 8:29:38 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
11/23/2012 8:29:38 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
11/23/2012 8:29:37 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The operation completed successfully.
11/23/2012 8:29:35 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
11/23/2012 8:28:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033bf63a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-42104-01.
11/23/2012 8:23:00 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
11/23/2012 8:21:43 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8006ad6bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-46129-01.
11/23/2012 8:17:15 AM, Error: Service Control Manager [7034] - The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).
11/23/2012 6:05:10 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/23/2012 1:11:02 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033be63a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-44195-01.
11/22/2012 10:15:31 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: A specified authentication package is unknown.
11/22/2012 10:13:35 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
.
==== End Of File ===========================
winrscmde Trojan detected by MBAM
in Resolved Malware Removal Logs
Posted
That'll be fine, Kevin. Thanks again for all your help - we are ok to close out!
Appreciate it and have a wonderful holidays!
- Kyle