Jump to content

Need help with a couple of trojans including bc miner


Recommended Posts

18:24:57.0365 39228 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11

18:24:57.0693 39228 ============================================================

18:24:57.0693 39228 Current date / time: 2012/07/19 18:24:57.0693

18:24:57.0693 39228 SystemInfo:

18:24:57.0693 39228

18:24:57.0694 39228 OS Version: 6.0.6002 ServicePack: 2.0

18:24:57.0694 39228 Product type: Workstation

18:24:57.0694 39228 ComputerName: TIM-PC

18:24:57.0694 39228 UserName: tim

18:24:57.0694 39228 Windows directory: C:\Windows

18:24:57.0694 39228 System windows directory: C:\Windows

18:24:57.0694 39228 Running under WOW64

18:24:57.0694 39228 Processor architecture: Intel x64

18:24:57.0694 39228 Number of processors: 4

18:24:57.0694 39228 Page size: 0x1000

18:24:57.0694 39228 Boot type: Normal boot

18:24:57.0694 39228 ============================================================

18:25:00.0792 39228 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:25:00.0797 39228 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

18:25:01.0258 39228 Drive \Device\Harddisk6\DR6 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

18:25:01.0817 39228 Drive \Device\Harddisk7\DR7 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

18:25:02.0200 39228 ============================================================

18:25:02.0200 39228 \Device\Harddisk0\DR0:

18:25:02.0216 39228 MBR partitions:

18:25:02.0216 39228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1389000, BlocksNum 0x494CE800

18:25:02.0217 39228 \Device\Harddisk1\DR1:

18:25:02.0218 39228 MBR partitions:

18:25:02.0218 39228 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982

18:25:02.0218 39228 \Device\Harddisk6\DR6:

18:25:02.0219 39228 MBR partitions:

18:25:02.0219 39228 \Device\Harddisk6\DR6\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x575452C2

18:25:02.0219 39228 \Device\Harddisk7\DR7:

18:25:02.0220 39228 MBR partitions:

18:25:02.0220 39228 \Device\Harddisk7\DR7\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02

18:25:02.0220 39228 ============================================================

18:25:02.0239 39228 C: <-> \Device\Harddisk0\DR0\Partition0

18:25:02.0240 39228 I: <-> \Device\Harddisk1\DR1\Partition0

18:25:02.0241 39228 K: <-> \Device\Harddisk6\DR6\Partition0

18:25:02.0242 39228 L: <-> \Device\Harddisk7\DR7\Partition0

18:25:02.0242 39228 ============================================================

18:25:02.0242 39228 Initialize success

18:25:02.0242 39228 ============================================================

18:25:15.0345 41052 ============================================================

18:25:15.0345 41052 Scan started

18:25:15.0345 41052 Mode: Manual;

18:25:15.0345 41052 ============================================================

18:25:20.0391 41052 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

18:25:20.0396 41052 ACPI - ok

18:25:20.0477 41052 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

18:25:20.0479 41052 AdobeARMservice - ok

18:25:20.0556 41052 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

18:25:20.0560 41052 AdobeFlashPlayerUpdateSvc - ok

18:25:20.0635 41052 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

18:25:20.0652 41052 adp94xx - ok

18:25:20.0722 41052 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

18:25:20.0733 41052 adpahci - ok

18:25:20.0762 41052 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

18:25:20.0773 41052 adpu160m - ok

18:25:20.0802 41052 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

18:25:20.0829 41052 adpu320 - ok

18:25:20.0868 41052 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll

18:25:20.0869 41052 AeLookupSvc - ok

18:25:21.0378 41052 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys

18:25:21.0385 41052 AFD - ok

18:25:21.0437 41052 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe

18:25:21.0438 41052 AgereModemAudio - ok

18:25:22.0564 41052 AgereSoftModem (385471f8147e1bd6a08c031e3aad3910) C:\Windows\system32\DRIVERS\agrsm64.sys

18:25:22.0631 41052 AgereSoftModem - ok

18:25:22.0681 41052 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

18:25:22.0683 41052 agp440 - ok

18:25:22.0718 41052 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

18:25:22.0723 41052 aic78xx - ok

18:25:22.0748 41052 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe

18:25:22.0753 41052 ALG - ok

18:25:22.0774 41052 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

18:25:22.0776 41052 aliide - ok

18:25:22.0794 41052 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

18:25:22.0796 41052 amdide - ok

18:25:22.0814 41052 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

18:25:22.0817 41052 AmdK8 - ok

18:25:22.0923 41052 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll

18:25:22.0924 41052 Appinfo - ok

18:25:23.0256 41052 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

18:25:23.0260 41052 Apple Mobile Device - ok

18:25:23.0309 41052 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

18:25:23.0311 41052 arc - ok

18:25:23.0353 41052 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

18:25:23.0364 41052 arcsas - ok

18:25:23.0441 41052 aspnet_state - ok

18:25:23.0469 41052 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

18:25:23.0471 41052 AsyncMac - ok

18:25:23.0486 41052 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

18:25:23.0487 41052 atapi - ok

18:25:23.0561 41052 Ati External Event Utility (5a208b1d4aa1736e195be9dbb31db382) C:\Windows\system32\Ati2evxx.exe

18:25:23.0577 41052 Ati External Event Utility - ok

18:25:25.0487 41052 atikmdag (0746ea434a4693251c7d3be3cccc77d6) C:\Windows\system32\DRIVERS\atikmdag.sys

18:25:25.0600 41052 atikmdag - ok

18:25:26.0416 41052 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys

18:25:26.0417 41052 AtiPcie - ok

18:25:26.0763 41052 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

18:25:26.0918 41052 AudioEndpointBuilder - ok

18:25:26.0924 41052 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

18:25:26.0928 41052 AudioSrv - ok

18:25:27.0372 41052 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll

18:25:27.0393 41052 BFE - ok

18:25:28.0418 41052 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111221.003\BHDrvx64.sys

18:25:28.0469 41052 BHDrvx64 - ok

18:25:30.0360 41052 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll

18:25:30.0406 41052 BITS - ok

18:25:30.0467 41052 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

18:25:30.0469 41052 blbdrive - ok

18:25:30.0566 41052 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

18:25:30.0582 41052 Bonjour Service - ok

18:25:30.0608 41052 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

18:25:30.0613 41052 bowser - ok

18:25:30.0640 41052 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

18:25:30.0641 41052 BrFiltLo - ok

18:25:30.0651 41052 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

18:25:30.0653 41052 BrFiltUp - ok

18:25:30.0681 41052 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll

18:25:30.0686 41052 Browser - ok

18:25:30.0704 41052 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

18:25:30.0709 41052 Brserid - ok

18:25:30.0724 41052 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

18:25:30.0725 41052 BrSerWdm - ok

18:25:30.0743 41052 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

18:25:30.0745 41052 BrUsbMdm - ok

18:25:30.0755 41052 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

18:25:30.0756 41052 BrUsbSer - ok

18:25:30.0774 41052 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

18:25:30.0775 41052 BTHMODEM - ok

18:25:30.0832 41052 CAXHWBS2 (551be1536b27dc056ea4d48275efb089) C:\Windows\system32\DRIVERS\CAXHWBS2.sys

18:25:30.0844 41052 CAXHWBS2 - ok

18:25:30.0916 41052 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys

18:25:30.0929 41052 ccHP - ok

18:25:30.0944 41052 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

18:25:30.0949 41052 cdfs - ok

18:25:30.0976 41052 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

18:25:30.0978 41052 cdrom - ok

18:25:31.0016 41052 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

18:25:31.0018 41052 CertPropSvc - ok

18:25:31.0031 41052 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

18:25:31.0032 41052 circlass - ok

18:25:31.0071 41052 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

18:25:31.0090 41052 CLFS - ok

18:25:31.0300 41052 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:25:31.0303 41052 clr_optimization_v2.0.50727_32 - ok

18:25:31.0334 41052 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

18:25:31.0339 41052 clr_optimization_v2.0.50727_64 - ok

18:25:31.0400 41052 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:25:31.0403 41052 clr_optimization_v4.0.30319_32 - ok

18:25:31.0448 41052 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

18:25:31.0459 41052 clr_optimization_v4.0.30319_64 - ok

18:25:31.0482 41052 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

18:25:31.0484 41052 cmdide - ok

18:25:31.0501 41052 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

18:25:31.0502 41052 Compbatt - ok

18:25:31.0507 41052 COMSysApp - ok

18:25:31.0515 41052 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

18:25:31.0516 41052 crcdisk - ok

18:25:31.0545 41052 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll

18:25:31.0564 41052 CryptSvc - ok

18:25:31.0632 41052 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

18:25:31.0647 41052 DcomLaunch - ok

18:25:31.0683 41052 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

18:25:31.0688 41052 DfsC - ok

18:25:33.0400 41052 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe

18:25:33.0495 41052 DFSR - ok

18:25:33.0718 41052 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll

18:25:33.0726 41052 Dhcp - ok

18:25:33.0781 41052 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

18:25:33.0783 41052 disk - ok

18:25:33.0828 41052 DLABMFSE (e85b7e377a86a4afb8221206630b2afe) C:\Windows\system32\DLA\DLABMFSE.SYS

18:25:33.0830 41052 DLABMFSE - ok

18:25:33.0858 41052 DLABOIOE (125a225750bdc2db64434aff4908e6fb) C:\Windows\system32\DLA\DLABOIOE.SYS

18:25:33.0860 41052 DLABOIOE - ok

18:25:33.0883 41052 DLACDBHE (a5715479ce737cdd67136c970c9b0d1f) C:\Windows\system32\Drivers\DLACDBHE.SYS

18:25:33.0884 41052 DLACDBHE - ok

18:25:33.0906 41052 DLADResE (f0bdde819b02a288130ba87ebf2fe67e) C:\Windows\system32\DLA\DLADResE.SYS

18:25:33.0907 41052 DLADResE - ok

18:25:33.0926 41052 DLAIFS_E (4935547c237007afc4ea3fc60e987e81) C:\Windows\system32\DLA\DLAIFS_E.SYS

18:25:33.0937 41052 DLAIFS_E - ok

18:25:33.0962 41052 DLAOPIOE (476775ef0f04a511515066d54a0e56b7) C:\Windows\system32\DLA\DLAOPIOE.SYS

18:25:33.0963 41052 DLAOPIOE - ok

18:25:33.0977 41052 DLAPoolE (60b61e2faf5d2f70550aaabc5ca45f03) C:\Windows\system32\DLA\DLAPoolE.SYS

18:25:33.0979 41052 DLAPoolE - ok

18:25:34.0019 41052 DLARTL_E (fb65f6a2e2555162a7d8caacf4af47db) C:\Windows\system32\Drivers\DLARTL_E.SYS

18:25:34.0021 41052 DLARTL_E - ok

18:25:34.0038 41052 DLAUDFAE (bb6a99680b79acfeab94c4c042f42b07) C:\Windows\system32\DLA\DLAUDFAE.SYS

18:25:34.0049 41052 DLAUDFAE - ok

18:25:34.0069 41052 DLAUDF_E (3c2d9bbd91e2ec75757b25ebda26d093) C:\Windows\system32\DLA\DLAUDF_E.SYS

18:25:34.0080 41052 DLAUDF_E - ok

18:25:34.0109 41052 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll

18:25:34.0112 41052 Dnscache - ok

18:25:34.0150 41052 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll

18:25:34.0154 41052 dot3svc - ok

18:25:34.0182 41052 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll

18:25:34.0193 41052 DPS - ok

18:25:34.0220 41052 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

18:25:34.0222 41052 drmkaud - ok

18:25:34.0417 41052 DRVECDB (ba1383de7eabd669e1e0e28f1bef0968) C:\Windows\system32\Drivers\DRVECDB.SYS

18:25:34.0482 41052 DRVECDB - ok

18:25:34.0500 41052 DRVEDDM (af88a16db83d7433c341cdabb26e1eb8) C:\Windows\system32\Drivers\DRVEDDM.SYS

18:25:34.0503 41052 DRVEDDM - ok

18:25:34.0579 41052 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

18:25:34.0595 41052 DXGKrnl - ok

18:25:34.0613 41052 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

18:25:34.0624 41052 E1G60 - ok

18:25:34.0645 41052 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll

18:25:34.0647 41052 EapHost - ok

18:25:34.0671 41052 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

18:25:34.0682 41052 Ecache - ok

18:25:34.0950 41052 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

18:25:34.0966 41052 eeCtrl - ok

18:25:35.0017 41052 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe

18:25:35.0023 41052 ehRecvr - ok

18:25:35.0042 41052 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe

18:25:35.0053 41052 ehSched - ok

18:25:35.0062 41052 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll

18:25:35.0062 41052 ehstart - ok

18:25:35.0098 41052 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

18:25:35.0109 41052 elxstor - ok

18:25:35.0148 41052 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll

18:25:35.0160 41052 EMDMgmt - ok

18:25:35.0236 41052 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

18:25:35.0247 41052 EraserUtilRebootDrv - ok

18:25:35.0262 41052 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

18:25:35.0264 41052 ErrDev - ok

18:25:35.0327 41052 ETService (4d06d9a26227ac485305133916888df1) C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe

18:25:35.0328 41052 ETService - ok

18:25:35.0378 41052 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll

18:25:35.0389 41052 EventSystem - ok

18:25:35.0427 41052 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

18:25:35.0436 41052 exfat - ok

18:25:35.0479 41052 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

18:25:35.0488 41052 fastfat - ok

18:25:35.0515 41052 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

18:25:35.0516 41052 fdc - ok

18:25:35.0537 41052 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll

18:25:35.0538 41052 fdPHost - ok

18:25:35.0547 41052 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll

18:25:35.0548 41052 FDResPub - ok

18:25:35.0565 41052 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

18:25:35.0567 41052 FileInfo - ok

18:25:35.0592 41052 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

18:25:35.0593 41052 Filetrace - ok

18:25:35.0605 41052 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

18:25:35.0606 41052 flpydisk - ok

18:25:35.0640 41052 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

18:25:35.0647 41052 FltMgr - ok

18:25:35.0775 41052 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll

18:25:35.0814 41052 FontCache - ok

18:25:35.0866 41052 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

18:25:35.0867 41052 FontCache3.0.0.0 - ok

18:25:35.0903 41052 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys

18:25:35.0905 41052 Fs_Rec - ok

18:25:35.0927 41052 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

18:25:35.0929 41052 gagp30kx - ok

18:25:35.0960 41052 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys

18:25:35.0962 41052 GEARAspiWDM - ok

18:25:36.0147 41052 GoogleDesktopManager (66f74ac56ee6ac980ed662b54788ccc1) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe

18:25:36.0225 41052 GoogleDesktopManager - ok

18:25:36.0376 41052 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll

18:25:36.0392 41052 gpsvc - ok

18:25:36.0480 41052 gupdate1ca6d577e060a90 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:25:36.0491 41052 gupdate1ca6d577e060a90 - ok

18:25:36.0506 41052 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:25:36.0508 41052 gupdatem - ok

18:25:36.0529 41052 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

18:25:36.0539 41052 gusvc - ok

18:25:36.0599 41052 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

18:25:36.0606 41052 HdAudAddService - ok

18:25:36.0690 41052 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

18:25:36.0720 41052 HDAudBus - ok

18:25:36.0745 41052 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

18:25:36.0746 41052 HidBth - ok

18:25:36.0763 41052 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

18:25:36.0765 41052 HidIr - ok

18:25:36.0791 41052 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll

18:25:36.0792 41052 hidserv - ok

18:25:36.0819 41052 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

18:25:36.0820 41052 HidUsb - ok

18:25:36.0841 41052 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll

18:25:36.0846 41052 hkmsvc - ok

18:25:36.0865 41052 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

18:25:36.0867 41052 HpCISSs - ok

18:25:36.0987 41052 HSF_DPV (9c369cbc5f19da9968223197b5205f68) C:\Windows\system32\DRIVERS\CAX_DPV.sys

18:25:37.0016 41052 HSF_DPV - ok

18:25:37.0136 41052 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

18:25:37.0162 41052 HTTP - ok

18:25:37.0189 41052 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

18:25:37.0191 41052 i2omp - ok

18:25:37.0207 41052 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

18:25:37.0210 41052 i8042prt - ok

18:25:37.0249 41052 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

18:25:37.0256 41052 iaStorV - ok

18:25:37.0362 41052 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

18:25:37.0383 41052 IDriverT - ok

18:25:37.0501 41052 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

18:25:37.0529 41052 idsvc - ok

18:25:37.0689 41052 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111223.001\IDSvia64.sys

18:25:37.0698 41052 IDSVia64 - ok

18:25:37.0767 41052 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

18:25:37.0769 41052 iirsp - ok

18:25:37.0903 41052 IJPLMSVC (755519f49906b73c1fe9cbbf75e347ea) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

18:25:37.0905 41052 IJPLMSVC - ok

18:25:37.0949 41052 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll

18:25:37.0968 41052 IKEEXT - ok

18:25:38.0037 41052 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys

18:25:38.0039 41052 int15 - ok

18:25:38.0137 41052 IntcAzAudAddService (6fdf709500c20362ffc5057f0d1e0c8d) C:\Windows\system32\drivers\RTKVHD64.sys

18:25:38.0175 41052 IntcAzAudAddService - ok

18:25:38.0288 41052 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

18:25:38.0290 41052 intelide - ok

18:25:38.0314 41052 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

18:25:38.0316 41052 intelppm - ok

18:25:38.0344 41052 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll

18:25:38.0348 41052 IPBusEnum - ok

18:25:38.0386 41052 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:25:38.0388 41052 IpFilterDriver - ok

18:25:38.0428 41052 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll

18:25:38.0444 41052 iphlpsvc - ok

18:25:38.0448 41052 IpInIp - ok

18:25:38.0475 41052 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

18:25:38.0478 41052 IPMIDRV - ok

18:25:38.0491 41052 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

18:25:38.0503 41052 IPNAT - ok

18:25:38.0681 41052 iPod Service (d38469601b72d2da4f847fc642174e21) C:\Program Files\iPod\bin\iPodService.exe

18:25:38.0712 41052 iPod Service - ok

18:25:38.0735 41052 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

18:25:38.0737 41052 IRENUM - ok

18:25:38.0763 41052 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

18:25:38.0765 41052 isapnp - ok

18:25:38.0796 41052 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

18:25:38.0800 41052 iScsiPrt - ok

18:25:38.0817 41052 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

18:25:38.0818 41052 iteatapi - ok

18:25:38.0839 41052 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

18:25:38.0841 41052 iteraid - ok

18:25:38.0854 41052 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

18:25:38.0855 41052 kbdclass - ok

18:25:38.0878 41052 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

18:25:38.0879 41052 kbdhid - ok

18:25:38.0901 41052 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

18:25:38.0903 41052 KeyIso - ok

18:25:38.0956 41052 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys

18:25:38.0989 41052 KSecDD - ok

18:25:39.0033 41052 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

18:25:39.0034 41052 ksthunk - ok

18:25:39.0075 41052 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll

18:25:39.0094 41052 KtmRm - ok

18:25:39.0135 41052 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll

18:25:39.0154 41052 LanmanServer - ok

18:25:39.0236 41052 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll

18:25:39.0253 41052 LanmanWorkstation - ok

18:25:39.0310 41052 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

18:25:39.0312 41052 LightScribeService - ok

18:25:39.0333 41052 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

18:25:39.0334 41052 lltdio - ok

18:25:39.0382 41052 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll

18:25:39.0389 41052 lltdsvc - ok

18:25:39.0403 41052 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll

18:25:39.0405 41052 lmhosts - ok

18:25:39.0431 41052 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

18:25:39.0442 41052 LSI_FC - ok

18:25:39.0465 41052 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

18:25:39.0469 41052 LSI_SAS - ok

18:25:39.0883 41052 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

18:25:39.0885 41052 LSI_SCSI - ok

18:25:39.0905 41052 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

18:25:39.0917 41052 luafv - ok

18:25:39.0922 41052 LVPr2M64 - ok

18:25:39.0953 41052 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

18:25:39.0954 41052 MBAMProtector - ok

18:25:40.0029 41052 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

18:25:40.0041 41052 MBAMService - ok

18:25:40.0062 41052 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll

18:25:40.0065 41052 Mcx2Svc - ok

18:25:40.0091 41052 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

18:25:40.0093 41052 mdmxsdk - ok

18:25:40.0115 41052 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

18:25:40.0117 41052 megasas - ok

18:25:40.0160 41052 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

18:25:40.0170 41052 MegaSR - ok

18:25:40.0219 41052 mfeavfk (4a1c21576fb7f96f4dbdea627ffda775) C:\Windows\system32\drivers\mfeavfk.sys

18:25:40.0224 41052 mfeavfk - ok

18:25:40.0261 41052 mfehidk (9e0ac52b3232ff8dc65fee1a9c2fe8d1) C:\Windows\system32\drivers\mfehidk.sys

18:25:40.0275 41052 mfehidk - ok

18:25:40.0293 41052 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys

18:25:40.0295 41052 mferkdk - ok

18:25:40.0331 41052 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys

18:25:40.0333 41052 mfesmfk - ok

18:25:40.0357 41052 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

18:25:40.0359 41052 MMCSS - ok

18:25:40.0373 41052 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

18:25:40.0374 41052 Modem - ok

18:25:40.0398 41052 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

18:25:40.0399 41052 monitor - ok

18:25:40.0409 41052 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

18:25:40.0411 41052 mouclass - ok

18:25:40.0436 41052 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

18:25:40.0437 41052 mouhid - ok

18:25:40.0451 41052 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

18:25:40.0453 41052 MountMgr - ok

18:25:40.0508 41052 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

18:25:40.0520 41052 MozillaMaintenance - ok

18:25:40.0552 41052 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

18:25:40.0563 41052 mpio - ok

18:25:40.0598 41052 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

18:25:40.0600 41052 mpsdrv - ok

18:25:40.0614 41052 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

18:25:40.0616 41052 Mraid35x - ok

18:25:40.0648 41052 MRV6X64U (7e997df71cd2dd5cf0d3d07b8d8e798c) C:\Windows\system32\DRIVERS\MRVW24C.sys

18:25:40.0695 41052 MRV6X64U - ok

18:25:41.0360 41052 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

18:25:41.0363 41052 MRxDAV - ok

18:25:41.0395 41052 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

18:25:41.0406 41052 mrxsmb - ok

18:25:41.0453 41052 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:25:41.0460 41052 mrxsmb10 - ok

18:25:41.0471 41052 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:25:41.0473 41052 mrxsmb20 - ok

18:25:41.0492 41052 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

18:25:41.0494 41052 msahci - ok

18:25:41.0550 41052 MSCamSvc (a2f24ce648f4b790607d264aaa895936) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

18:25:41.0557 41052 MSCamSvc - ok

18:25:42.0072 41052 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

18:25:42.0100 41052 msdsm - ok

18:25:42.0140 41052 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe

18:25:42.0152 41052 MSDTC - ok

18:25:42.0177 41052 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

18:25:42.0178 41052 Msfs - ok

18:25:42.0208 41052 MSHUSBVideo (956e3c9aca0ccec254dcc76811e89c11) C:\Windows\system32\Drivers\nx6000.sys

18:25:42.0210 41052 MSHUSBVideo - ok

18:25:42.0245 41052 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

18:25:42.0247 41052 msisadrv - ok

18:25:42.0273 41052 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll

18:25:42.0292 41052 MSiSCSI - ok

18:25:42.0296 41052 msiserver - ok

18:25:42.0328 41052 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

18:25:42.0329 41052 MSKSSRV - ok

18:25:42.0337 41052 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

18:25:42.0339 41052 MSPCLOCK - ok

18:25:42.0366 41052 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

18:25:42.0368 41052 MSPQM - ok

18:25:42.0420 41052 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

18:25:42.0426 41052 MsRPC - ok

18:25:42.0440 41052 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

18:25:42.0441 41052 mssmbios - ok

18:25:42.0458 41052 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

18:25:42.0459 41052 MSTEE - ok

18:25:42.0466 41052 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

18:25:42.0469 41052 Mup - ok

18:25:42.0547 41052 N360 (b4187346f54e362daffe647b25a58d50) C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe

18:25:42.0559 41052 N360 - ok

18:25:42.0605 41052 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll

18:25:42.0624 41052 napagent - ok

18:25:42.0680 41052 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

18:25:42.0689 41052 NativeWifiP - ok

18:25:42.0927 41052 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe

18:25:42.0936 41052 NAUpdate - ok

18:25:43.0045 41052 NAVENG - ok

18:25:43.0051 41052 NAVEX15 - ok

18:25:43.0410 41052 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

18:25:43.0433 41052 NDIS - ok

18:25:43.0497 41052 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

18:25:43.0528 41052 NdisTapi - ok

18:25:43.0545 41052 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

18:25:43.0546 41052 Ndisuio - ok

18:25:43.0921 41052 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

18:25:43.0929 41052 NdisWan - ok

18:25:43.0942 41052 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

18:25:43.0944 41052 NDProxy - ok

18:25:43.0952 41052 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

18:25:43.0954 41052 NetBIOS - ok

18:25:43.0989 41052 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

18:25:43.0996 41052 netbt - ok

18:25:44.0026 41052 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

18:25:44.0027 41052 Netlogon - ok

18:25:44.0066 41052 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll

18:25:44.0073 41052 Netman - ok

18:25:44.0103 41052 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll

18:25:44.0126 41052 netprofm - ok

18:25:44.0188 41052 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:25:44.0200 41052 NetTcpPortSharing - ok

18:25:44.0222 41052 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

18:25:44.0224 41052 nfrd960 - ok

18:25:44.0245 41052 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll

18:25:44.0250 41052 NlaSvc - ok

18:25:44.0271 41052 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

18:25:44.0273 41052 Npfs - ok

18:25:44.0311 41052 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll

18:25:44.0322 41052 nsi - ok

18:25:44.0336 41052 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

18:25:44.0337 41052 nsiproxy - ok

18:25:45.0523 41052 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

18:25:45.0565 41052 Ntfs - ok

18:25:46.0501 41052 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

18:25:46.0512 41052 Null - ok

18:25:46.0534 41052 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

18:25:46.0546 41052 nvraid - ok

18:25:46.0562 41052 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

18:25:46.0564 41052 nvstor - ok

18:25:46.0599 41052 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

18:25:46.0603 41052 nv_agp - ok

18:25:46.0607 41052 NwlnkFlt - ok

18:25:46.0615 41052 NwlnkFwd - ok

18:25:47.0737 41052 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

18:25:47.0854 41052 odserv - ok

18:25:47.0990 41052 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

18:25:47.0993 41052 ohci1394 - ok

18:25:48.0173 41052 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:25:48.0181 41052 ose - ok

18:25:48.0561 41052 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

18:25:48.0786 41052 p2pimsvc - ok

18:25:48.0796 41052 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

18:25:48.0804 41052 p2psvc - ok

18:25:49.0861 41052 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys

18:25:49.0872 41052 Parport - ok

18:25:49.0919 41052 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys

18:25:49.0921 41052 partmgr - ok

18:25:49.0949 41052 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll

18:25:49.0962 41052 PcaSvc - ok

18:25:50.0149 41052 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

18:25:50.0192 41052 pci - ok

18:25:50.0297 41052 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys

18:25:50.0332 41052 pciide - ok

18:25:51.0387 41052 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

18:25:51.0420 41052 pcmcia - ok

18:25:52.0128 41052 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

18:25:52.0147 41052 PEAUTH - ok

18:25:52.0414 41052 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe

18:25:52.0446 41052 PerfHost - ok

18:25:52.0902 41052 PID_0928 (b47dee29b5e6e1939567a926c7a3e6a4) C:\Windows\system32\DRIVERS\LV561V64.SYS

18:25:52.0960 41052 PID_0928 - ok

18:25:54.0417 41052 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll

18:25:54.0485 41052 pla - ok

18:25:54.0543 41052 PLTurbh (3be92b7432bc07ad1e88260c1e1c60f5) C:\Windows\system32\drivers\plturbh.sys

18:25:54.0559 41052 PLTurbh - ok

18:25:54.0589 41052 PLTurbo (7e75ec3c77a4158d92d1c27bd221412d) C:\Windows\system32\drivers\plturbo.sys

18:25:54.0590 41052 PLTurbo - ok

18:25:55.0214 41052 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll

18:25:55.0231 41052 PlugPlay - ok

18:25:55.0392 41052 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

18:25:55.0400 41052 PNRPAutoReg - ok

18:25:55.0411 41052 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

18:25:55.0419 41052 PNRPsvc - ok

18:25:56.0790 41052 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll

18:25:56.0799 41052 PolicyAgent - ok

18:25:57.0421 41052 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

18:25:57.0437 41052 PptpMiniport - ok

18:25:57.0456 41052 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys

18:25:57.0457 41052 Processor - ok

18:25:57.0491 41052 PROCEXP113 (c56a9ed0192c5a2b39691e54f2132a2f) C:\Windows\system32\Drivers\PROCEXP113.SYS

18:25:57.0515 41052 PROCEXP113 - ok

18:25:57.0545 41052 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll

18:25:57.0555 41052 ProfSvc - ok

18:25:57.0583 41052 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

18:25:57.0584 41052 ProtectedStorage - ok

18:25:57.0970 41052 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

18:25:57.0972 41052 PSched - ok

18:25:58.0011 41052 PxHlpa64 (24dd667d22dbd29618947c804e23aa03) C:\Windows\system32\Drivers\PxHlpa64.sys

18:25:58.0013 41052 PxHlpa64 - ok

18:25:58.0433 41052 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

18:25:58.0485 41052 ql2300 - ok

18:25:58.0512 41052 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

18:25:58.0523 41052 ql40xx - ok

18:25:58.0978 41052 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll

18:25:59.0008 41052 QWAVE - ok

18:25:59.0029 41052 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

18:25:59.0032 41052 QWAVEdrv - ok

18:25:59.0050 41052 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

18:25:59.0052 41052 RasAcd - ok

18:25:59.0084 41052 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll

18:25:59.0087 41052 RasAuto - ok

18:25:59.0115 41052 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

18:25:59.0127 41052 Rasl2tp - ok

18:25:59.0410 41052 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll

18:25:59.0430 41052 RasMan - ok

18:25:59.0708 41052 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

18:25:59.0714 41052 RasPppoe - ok

18:25:59.0740 41052 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

18:25:59.0743 41052 RasSstp - ok

18:25:59.0783 41052 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

18:25:59.0797 41052 rdbss - ok

18:25:59.0817 41052 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

18:25:59.0818 41052 RDPCDD - ok

18:25:59.0852 41052 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

18:25:59.0875 41052 rdpdr - ok

18:25:59.0880 41052 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

18:25:59.0882 41052 RDPENCDD - ok

18:25:59.0919 41052 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys

18:25:59.0930 41052 RDPWD - ok

18:25:59.0960 41052 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll

18:25:59.0965 41052 RemoteAccess - ok

18:26:00.0003 41052 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll

18:26:00.0012 41052 RemoteRegistry - ok

18:26:00.0087 41052 RichVideo (d1f1d0ee50f8c070a612796676971699) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

18:26:00.0095 41052 RichVideo - ok

18:26:00.0130 41052 Roxio UPnP Renderer 9 (a189a928896f240fe5247be60623fc07) C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe

18:26:00.0131 41052 Roxio UPnP Renderer 9 - ok

18:26:00.0158 41052 Roxio Upnp Server 9 (fdd632f943f2650ee7928ff6841cb6b2) C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe

18:26:00.0179 41052 Roxio Upnp Server 9 - ok

18:26:00.0402 41052 RoxLiveShare9 (a6a0c81e275ae2eba46dde1216a9e557) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

18:26:00.0423 41052 RoxLiveShare9 - ok

18:26:01.0617 41052 RoxMediaDB9 (b3868bb4948d1f6579fa1906c038424e) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

18:26:01.0642 41052 RoxMediaDB9 - ok

18:26:01.0685 41052 RoxWatch9 (3c2449d45aede29b06050557efa2f5e1) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

18:26:01.0720 41052 RoxWatch9 - ok

18:26:02.0465 41052 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe

18:26:02.0466 41052 RpcLocator - ok

18:26:03.0043 41052 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

18:26:03.0050 41052 RpcSs - ok

18:26:03.0480 41052 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

18:26:03.0486 41052 rspndr - ok

18:26:03.0522 41052 RTHDMIAzAudService (f8da8fc39ce5859c0d8c0fe6524ce465) C:\Windows\system32\drivers\RtHDMIVX.sys

18:26:03.0531 41052 RTHDMIAzAudService - ok

18:26:03.0554 41052 RTSTOR (b6b74a05f4da0231d5d275568a104f89) C:\Windows\system32\drivers\RTSTOR64.SYS

18:26:03.0557 41052 RTSTOR - ok

18:26:03.0579 41052 RxFilter (24a20afab6fd388fd2f4ddc3a5b6d8b1) C:\Windows\system32\DRIVERS\RxFilter.sys

18:26:03.0580 41052 RxFilter - ok

18:26:03.0607 41052 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

18:26:03.0609 41052 SamSs - ok

18:26:04.0150 41052 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

18:26:04.0162 41052 sbp2port - ok

18:26:04.0193 41052 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll

18:26:04.0212 41052 SCardSvr - ok

18:26:04.0247 41052 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys

18:26:04.0249 41052 SCDEmu - ok

18:26:04.0428 41052 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll

18:26:04.0456 41052 Schedule - ok

18:26:04.0774 41052 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

18:26:04.0775 41052 SCPolicySvc - ok

18:26:05.0375 41052 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll

18:26:05.0382 41052 SDRSVC - ok

18:26:05.0395 41052 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

18:26:05.0397 41052 secdrv - ok

18:26:05.0418 41052 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll

18:26:05.0421 41052 seclogon - ok

18:26:05.0451 41052 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll

18:26:05.0457 41052 SENS - ok

18:26:05.0471 41052 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys

18:26:05.0472 41052 Serenum - ok

18:26:05.0491 41052 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys

18:26:05.0496 41052 Serial - ok

18:26:05.0509 41052 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

18:26:05.0510 41052 sermouse - ok

18:26:06.0031 41052 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll

18:26:06.0102 41052 SessionEnv - ok

18:26:06.0133 41052 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

18:26:06.0134 41052 sffdisk - ok

18:26:06.0148 41052 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

18:26:06.0150 41052 sffp_mmc - ok

18:26:06.0166 41052 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

18:26:06.0167 41052 sffp_sd - ok

18:26:06.0187 41052 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

18:26:06.0189 41052 sfloppy - ok

18:26:06.0232 41052 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll

18:26:06.0255 41052 ShellHWDetection - ok

18:26:06.0282 41052 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

18:26:06.0284 41052 SiSRaid2 - ok

18:26:06.0307 41052 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

18:26:06.0313 41052 SiSRaid4 - ok

18:26:06.0721 41052 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe

18:26:06.0982 41052 slsvc - ok

18:26:08.0396 41052 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll

18:26:08.0402 41052 SLUINotify - ok

18:26:08.0650 41052 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

18:26:08.0664 41052 Smb - ok

18:26:08.0700 41052 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe

18:26:08.0702 41052 SNMPTRAP - ok

18:26:08.0724 41052 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

18:26:08.0726 41052 spldr - ok

18:26:08.0758 41052 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe

18:26:08.0807 41052 Spooler - ok

18:26:08.0883 41052 sptd (9ab59cf736981ed1f83c6ab5faa8ba5c) C:\Windows\system32\Drivers\sptd.sys

18:26:08.0883 41052 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 9ab59cf736981ed1f83c6ab5faa8ba5c

18:26:08.0886 41052 sptd ( LockedFile.Multi.Generic ) - warning

18:26:08.0886 41052 sptd - detected LockedFile.Multi.Generic (1)

18:26:09.0421 41052 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS

18:26:09.0436 41052 SRTSP - ok

18:26:09.0499 41052 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS

18:26:09.0499 41052 SRTSPX - ok

18:26:09.0546 41052 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

18:26:09.0577 41052 srv - ok

18:26:09.0592 41052 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

18:26:09.0592 41052 srv2 - ok

18:26:09.0624 41052 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

18:26:09.0639 41052 srvnet - ok

18:26:09.0655 41052 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll

18:26:09.0670 41052 SSDPSRV - ok

18:26:09.0702 41052 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll

18:26:09.0717 41052 SstpSvc - ok

18:26:09.0733 41052 StarOpen - ok

18:26:09.0780 41052 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll

18:26:09.0795 41052 stisvc - ok

18:26:09.0835 41052 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

18:26:09.0845 41052 stllssvr - ok

18:26:09.0865 41052 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

18:26:09.0865 41052 swenum - ok

18:26:09.0905 41052 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll

18:26:09.0925 41052 swprv - ok

18:26:09.0945 41052 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

18:26:09.0955 41052 Symc8xx - ok

18:26:10.0025 41052 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS

18:26:10.0035 41052 SymDS - ok

18:26:10.0075 41052 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS

18:26:10.0085 41052 SymEFA - ok

18:26:10.0125 41052 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

18:26:10.0135 41052 SymEvent - ok

18:26:10.0165 41052 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS

18:26:10.0185 41052 SymIRON - ok

18:26:10.0225 41052 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS

18:26:10.0245 41052 SYMTDIv - ok

18:26:10.0265 41052 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

18:26:10.0265 41052 Sym_hi - ok

18:26:10.0275 41052 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

18:26:10.0285 41052 Sym_u3 - ok

18:26:10.0425 41052 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll

18:26:10.0455 41052 SysMain - ok

18:26:10.0515 41052 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll

18:26:10.0535 41052 TabletInputService - ok

18:26:10.0565 41052 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll

18:26:10.0575 41052 TapiSrv - ok

18:26:10.0585 41052 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll

18:26:10.0595 41052 TBS - ok

18:26:11.0427 41052 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys

18:26:11.0487 41052 Tcpip - ok

18:26:11.0503 41052 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys

18:26:11.0515 41052 Tcpip6 - ok

18:26:11.0701 41052 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

18:26:11.0758 41052 tcpipreg - ok

18:26:11.0783 41052 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

18:26:11.0785 41052 TDPIPE - ok

18:26:11.0799 41052 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

18:26:11.0801 41052 TDTCP - ok

18:26:11.0828 41052 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

18:26:11.0833 41052 tdx - ok

18:26:11.0850 41052 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

18:26:11.0852 41052 TermDD - ok

18:26:12.0432 41052 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll

18:26:12.0442 41052 TermService - ok

18:26:13.0177 41052 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll

18:26:13.0181 41052 Themes - ok

18:26:13.0201 41052 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

18:26:13.0203 41052 THREADORDER - ok

18:26:13.0269 41052 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

18:26:13.0274 41052 TomTomHOMEService - ok

18:26:13.0304 41052 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll

18:26:13.0316 41052 TrkWks - ok

18:26:13.0351 41052 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe

18:26:13.0353 41052 TrustedInstaller - ok

18:26:13.0396 41052 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

18:26:13.0398 41052 tssecsrv - ok

18:26:13.0423 41052 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

18:26:13.0424 41052 tunmp - ok

18:26:13.0447 41052 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

18:26:13.0448 41052 tunnel - ok

18:26:13.0464 41052 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

18:26:13.0467 41052 uagp35 - ok

18:26:13.0501 41052 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

18:26:13.0540 41052 udfs - ok

18:26:13.0561 41052 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe

18:26:13.0564 41052 UI0Detect - ok

18:26:13.0590 41052 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

18:26:13.0592 41052 uliagpkx - ok

18:26:13.0623 41052 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

18:26:13.0629 41052 uliahci - ok

18:26:13.0657 41052 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

18:26:13.0668 41052 UlSata - ok

18:26:13.0691 41052 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

18:26:13.0701 41052 ulsata2 - ok

18:26:13.0714 41052 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

18:26:13.0716 41052 umbus - ok

18:26:13.0743 41052 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll

18:26:13.0757 41052 upnphost - ok

18:26:13.0786 41052 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

18:26:13.0788 41052 USBAAPL64 - ok

18:26:13.0822 41052 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys

18:26:13.0827 41052 usbaudio - ok

18:26:13.0860 41052 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

18:26:13.0863 41052 usbccgp - ok

18:26:13.0885 41052 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

18:26:13.0887 41052 usbcir - ok

18:26:13.0914 41052 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

18:26:13.0916 41052 usbehci - ok

18:26:13.0950 41052 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

18:26:13.0957 41052 usbhub - ok

18:26:13.0974 41052 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys

18:26:13.0975 41052 usbohci - ok

18:26:13.0995 41052 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

18:26:13.0997 41052 usbprint - ok

18:26:14.0036 41052 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

18:26:14.0038 41052 usbscan - ok

18:26:14.0058 41052 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:26:14.0060 41052 USBSTOR - ok

18:26:14.0074 41052 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

18:26:14.0076 41052 usbuhci - ok

18:26:14.0122 41052 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys

18:26:14.0132 41052 usbvideo - ok

18:26:14.0181 41052 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll

18:26:14.0183 41052 UxSms - ok

18:26:14.0230 41052 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe

18:26:14.0265 41052 vds - ok

18:26:14.0283 41052 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

18:26:14.0284 41052 vga - ok

18:26:14.0300 41052 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

18:26:14.0302 41052 VgaSave - ok

18:26:14.0318 41052 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

18:26:14.0320 41052 viaide - ok

18:26:14.0339 41052 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

18:26:14.0341 41052 volmgr - ok

18:26:14.0388 41052 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

18:26:14.0440 41052 volmgrx - ok

18:26:14.0485 41052 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

18:26:14.0507 41052 volsnap - ok

18:26:14.0530 41052 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

18:26:14.0541 41052 vsmraid - ok

18:26:15.0004 41052 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe

18:26:15.0047 41052 VSS - ok

18:26:15.0407 41052 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll

18:26:15.0445 41052 W32Time - ok

18:26:15.0541 41052 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

18:26:15.0543 41052 WacomPen - ok

18:26:15.0578 41052 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

18:26:15.0583 41052 Wanarp - ok

18:26:15.0588 41052 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

18:26:15.0589 41052 Wanarpv6 - ok

18:26:15.0633 41052 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll

18:26:15.0652 41052 wcncsvc - ok

18:26:15.0683 41052 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll

18:26:15.0686 41052 WcsPlugInService - ok

18:26:15.0697 41052 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

18:26:15.0698 41052 Wd - ok

18:26:15.0729 41052 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys

18:26:15.0730 41052 WDC_SAM - ok

18:26:15.0819 41052 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

18:26:15.0835 41052 Wdf01000 - ok

18:26:15.0854 41052 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

18:26:15.0859 41052 WdiServiceHost - ok

18:26:15.0863 41052 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

18:26:15.0866 41052 WdiSystemHost - ok

18:26:15.0900 41052 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll

18:26:15.0926 41052 WebClient - ok

18:26:15.0970 41052 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll

18:26:16.0011 41052 Wecsvc - ok

18:26:16.0029 41052 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll

18:26:16.0033 41052 wercplsupport - ok

18:26:16.0047 41052 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll

18:26:16.0051 41052 WerSvc - ok

18:26:16.0422 41052 winachsf (d36af55c2c09b55aacf4a65c7fea9c37) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

18:26:16.0448 41052 winachsf - ok

18:26:16.0483 41052 WinDefend - ok

18:26:16.0493 41052 WinHttpAutoProxySvc - ok

18:26:17.0274 41052 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll

18:26:17.0296 41052 Winmgmt - ok

18:26:17.0485 41052 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll

18:26:17.0552 41052 WinRM - ok

18:26:18.0216 41052 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll

18:26:18.0246 41052 Wlansvc - ok

18:26:18.0409 41052 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

18:26:18.0410 41052 WmiAcpi - ok

18:26:18.0471 41052 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe

18:26:18.0497 41052 wmiApSrv - ok

18:26:18.0643 41052 WMPNetworkSvc - ok

18:26:19.0079 41052 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll

18:26:19.0090 41052 WPCSvc - ok

18:26:19.0173 41052 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll

18:26:19.0235 41052 WPDBusEnum - ok

18:26:19.0273 41052 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

18:26:19.0275 41052 WpdUsb - ok

18:26:19.0428 41052 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

18:26:19.0452 41052 WPFFontCache_v0400 - ok

18:26:19.0486 41052 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

18:26:19.0488 41052 ws2ifsl - ok

18:26:19.0519 41052 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll

18:26:19.0532 41052 wscsvc - ok

18:26:19.0536 41052 WSearch - ok

18:26:21.0427 41052 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

18:26:21.0505 41052 wuauserv - ok

18:26:21.0610 41052 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

18:26:21.0663 41052 WUDFRd - ok

18:26:21.0927 41052 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll

18:26:21.0937 41052 wudfsvc - ok

18:26:21.0963 41052 XAudio (e288fa83c178a3458bac1fa80b346c06) C:\Windows\system32\DRIVERS\xaudio64.sys

18:26:21.0964 41052 XAudio - ok

18:26:22.0009 41052 XAudioService (510652a925b5d6c3892379d263a87f00) C:\Windows\system32\DRIVERS\xaudio64.exe

18:26:22.0020 41052 XAudioService - ok

18:26:22.0437 41052 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

18:26:22.0448 41052 YahooAUService - ok

18:26:22.0452 41052 yksvc - ok

18:26:22.0646 41052 yukonx64 (b681cadb266b151061e7baa82b0d77b7) C:\Windows\system32\DRIVERS\yk60x64.sys

18:26:22.0664 41052 yukonx64 - ok

18:26:22.0692 41052 MBR (0x1B8) (b751af1acddd7a1a71313731839f4ecb) \Device\Harddisk0\DR0

18:26:25.0790 41052 \Device\Harddisk0\DR0 - ok

18:26:25.0795 41052 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1

18:26:25.0801 41052 \Device\Harddisk1\DR1 - ok

18:26:26.0354 41052 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR6

18:26:26.0359 41052 \Device\Harddisk6\DR6 - ok

18:26:26.0365 41052 MBR (0x1B8) (31cfc50fbd443daeec9a5c7ae8da8f6d) \Device\Harddisk7\DR7

18:26:41.0417 41052 \Device\Harddisk7\DR7 - ok

18:26:41.0432 41052 Boot (0x1200) (4095eb59d8b26087687d26edc79b90c5) \Device\Harddisk0\DR0\Partition0

18:26:41.0434 41052 \Device\Harddisk0\DR0\Partition0 - ok

18:26:41.0439 41052 Boot (0x1200) (8d4488fe63027fa039c6b8112d8bd108) \Device\Harddisk1\DR1\Partition0

18:26:41.0813 41052 \Device\Harddisk1\DR1\Partition0 - ok

18:26:42.0374 41052 Boot (0x1200) (561173cbcbb415f3d048e76ae60094bd) \Device\Harddisk6\DR6\Partition0

18:26:42.0405 41052 \Device\Harddisk6\DR6\Partition0 - ok

18:26:42.0410 41052 Boot (0x1200) (b5c2a5fae437632f43a2d997ba3bfe93) \Device\Harddisk7\DR7\Partition0

18:26:42.0412 41052 \Device\Harddisk7\DR7\Partition0 - ok

18:26:42.0412 41052 ============================================================

18:26:42.0412 41052 Scan finished

18:26:42.0412 41052 ============================================================

18:26:42.0426 40608 Detected object count: 1

18:26:42.0426 40608 Actual detected object count: 1

18:40:51.0225 40608 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine

18:40:51.0242 40608 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot

18:40:51.0259 40608 HKLM\SYSTEM\controlset002\services\sptd - will be deleted on reboot

18:40:51.0461 40608 C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot

18:40:51.0461 40608 sptd ( LockedFile.Multi.Generic ) - User select action: Delete

18:40:57.0140 38216 Deinitialize success

Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-19 19:10:41

-----------------------------

19:10:41.978 OS Version: Windows x64 6.0.6002 Service Pack 2

19:10:41.978 Number of processors: 4 586 0x203

19:10:41.978 ComputerName: TIM-PC UserName: tim

19:10:52.515 Initialize success

19:11:15.987 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

19:11:15.990 Disk 0 Vendor: WDC_WD6400AAKS-22A7B2 01.03B01 Size: 610480MB BusType: 3

19:11:16.030 Disk 0 MBR read successfully

19:11:16.032 Disk 0 MBR scan

19:11:16.035 Disk 0 unknown MBR code

19:11:16.047 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10001 MB offset 63

19:11:16.137 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 600477 MB offset 20484096

19:11:16.156 Disk 0 scanning C:\Windows\system32\drivers

19:11:46.372 Service scanning

19:13:01.738 Modules scanning

19:13:01.745 Disk 0 trace - called modules:

19:13:01.878 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys

19:13:01.882 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005282790]

19:13:01.887 3 CLASSPNP.SYS[fffffa60011cdc33] -> nt!IofCallDriver -> [0xfffffa800484f760]

19:13:01.893 5 acpi.sys[fffffa6000b80fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800483f940]

19:13:01.898 Scan finished successfully

19:14:35.099 Disk 0 MBR has been saved successfully to "C:\Users\tim\Desktop\MBR.dat"

19:14:35.114 The log file has been saved successfully to "C:\Users\tim\Desktop\aswMBR.txt"

Link to post
Share on other sites

I'm still experiencing the symptoms with random sites popping up and sites redirrecting when I click on a link on google.

I ran combofix again and it did the same thing. It's freezing on an output folder from the c drive. The part that I could see is C:\32788R22FWJFW\N

It freezes and then suddenly finishes.

iexplore.exe and svchost.exe seem to be using the most average cpu

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.21.12

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

tim :: TIM-PC [administrator]

Protection: Disabled

7/22/2012 6:20:48 PM

mbam-log-2012-07-22 (18-20-48).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 216341

Time elapsed: 8 minute(s), 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 4

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\catchme.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dumphive.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Detected: 2

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\tim\LOCALS~1\Temp\mscikzd.bat -> Delete on reboot.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|15129 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msnrjo.exe -> Delete on reboot.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{a7afd095-2f9b-9866-4f86-15b4904e357d}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.