Jump to content

trojan svchost.exe? o.o


Recommended Posts

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: Brain [Admin rights]

Mode: Scan -- Date: 07/16/2012 05:11:27

¤¤¤ Bad processes: 2 ¤¤¤

[sUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤

[bLACKLIST DLL] HKLM\[...]\Wow6432Node\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-22M2B0 +++++

--- User ---

[MBR] 0c898e100c3b2950351c772d7f1474a2

[bSP] 66d1f7ecc3e693a6352f817c263da771 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 940455 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] fdb1d65e1a7a156d68a9bc4f2568df97

[bSP] 389e77b865d11f71bf84d53a4e19548b : PiHar MBR Code!

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 940455 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] fdb1d65e1a7a156d68a9bc4f2568df97

[bSP] 389e77b865d11f71bf84d53a4e19548b : PiHar MBR Code!

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 940455 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

As you can see you're still infected!

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

05:32:43.0179 5728 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35

05:32:44.0214 5728 ============================================================

05:32:44.0214 5728 Current date / time: 2012/07/16 05:32:44.0214

05:32:44.0214 5728 SystemInfo:

05:32:44.0214 5728

05:32:44.0214 5728 OS Version: 6.1.7600 ServicePack: 0.0

05:32:44.0214 5728 Product type: Workstation

05:32:44.0214 5728 ComputerName: BRAIN-PC

05:32:44.0214 5728 UserName: Brain

05:32:44.0214 5728 Windows directory: C:\Windows

05:32:44.0214 5728 System windows directory: C:\Windows

05:32:44.0214 5728 Running under WOW64

05:32:44.0214 5728 Processor architecture: Intel x64

05:32:44.0214 5728 Number of processors: 4

05:32:44.0214 5728 Page size: 0x1000

05:32:44.0214 5728 Boot type: Normal boot

05:32:44.0214 5728 ============================================================

05:32:44.0701 5728 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

05:32:44.0738 5728 ============================================================

05:32:44.0738 5728 \Device\Harddisk0\DR0:

05:32:44.0738 5728 MBR partitions:

05:32:44.0738 5728 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000

05:32:44.0738 5728 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x72CD3800

05:32:44.0738 5728 ============================================================

05:32:44.0792 5728 C: <-> \Device\Harddisk0\DR0\Partition1

05:32:44.0792 5728 ============================================================

05:32:44.0792 5728 Initialize success

05:32:44.0792 5728 ============================================================

05:33:26.0931 4564 ============================================================

05:33:26.0931 4564 Scan started

05:33:26.0931 4564 Mode: Manual; SigCheck; TDLFS;

05:33:26.0931 4564 ============================================================

05:33:27.0368 4564 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

05:33:27.0493 4564 1394ohci - ok

05:33:27.0524 4564 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

05:33:27.0540 4564 ACPI - ok

05:33:27.0571 4564 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

05:33:27.0586 4564 AcpiPmi - ok

05:33:27.0696 4564 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

05:33:27.0727 4564 AdobeFlashPlayerUpdateSvc - ok

05:33:27.0758 4564 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

05:33:27.0789 4564 adp94xx - ok

05:33:27.0820 4564 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

05:33:27.0836 4564 adpahci - ok

05:33:27.0852 4564 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

05:33:27.0867 4564 adpu320 - ok

05:33:27.0898 4564 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

05:33:27.0945 4564 AeLookupSvc - ok

05:33:28.0008 4564 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

05:33:28.0054 4564 AFD - ok

05:33:28.0101 4564 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

05:33:28.0132 4564 agp440 - ok

05:33:28.0132 4564 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

05:33:28.0195 4564 ALG - ok

05:33:28.0210 4564 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

05:33:28.0226 4564 aliide - ok

05:33:28.0273 4564 AMD External Events Utility (6626d03567106689bf877504612f2c89) C:\Windows\system32\atiesrxx.exe

05:33:28.0304 4564 AMD External Events Utility - ok

05:33:28.0304 4564 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

05:33:28.0335 4564 amdide - ok

05:33:28.0335 4564 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

05:33:28.0351 4564 AmdK8 - ok

05:33:28.0366 4564 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

05:33:28.0382 4564 AmdPPM - ok

05:33:28.0398 4564 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

05:33:28.0398 4564 amdsata - ok

05:33:28.0413 4564 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

05:33:28.0429 4564 amdsbs - ok

05:33:28.0444 4564 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

05:33:28.0444 4564 amdxata - ok

05:33:28.0476 4564 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

05:33:28.0491 4564 AppID - ok

05:33:28.0522 4564 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

05:33:28.0569 4564 AppIDSvc - ok

05:33:28.0585 4564 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

05:33:28.0616 4564 Appinfo - ok

05:33:28.0616 4564 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

05:33:28.0632 4564 arc - ok

05:33:28.0647 4564 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

05:33:28.0647 4564 arcsas - ok

05:33:28.0663 4564 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

05:33:28.0710 4564 AsyncMac - ok

05:33:28.0710 4564 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

05:33:28.0725 4564 atapi - ok

05:33:28.0756 4564 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys

05:33:28.0772 4564 AtiHdmiService - ok

05:33:29.0022 4564 atikmdag (2263eafcf5add181b7fd47b78ae6d3e3) C:\Windows\system32\DRIVERS\atikmdag.sys

05:33:29.0224 4564 atikmdag - ok

05:33:29.0349 4564 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

05:33:29.0458 4564 AudioEndpointBuilder - ok

05:33:29.0458 4564 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

05:33:29.0490 4564 AudioSrv - ok

05:33:29.0552 4564 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys

05:33:29.0568 4564 Avgfwfd - ok

05:33:29.0833 4564 avgfws (bd5d11cedbcde4fa97d2387e7069b1ff) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

05:33:29.0880 4564 avgfws - ok

05:33:30.0129 4564 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

05:33:30.0207 4564 AVGIDSAgent - ok

05:33:30.0270 4564 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys

05:33:30.0285 4564 AVGIDSDriver - ok

05:33:30.0301 4564 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys

05:33:30.0316 4564 AVGIDSFilter - ok

05:33:30.0348 4564 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys

05:33:30.0348 4564 AVGIDSHA - ok

05:33:30.0394 4564 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys

05:33:30.0410 4564 Avgldx64 - ok

05:33:30.0426 4564 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys

05:33:30.0441 4564 Avgmfx64 - ok

05:33:30.0472 4564 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys

05:33:30.0488 4564 Avgrkx64 - ok

05:33:30.0519 4564 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys

05:33:30.0550 4564 Avgtdia - ok

05:33:30.0722 4564 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

05:33:30.0738 4564 avgwd - ok

05:33:30.0784 4564 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

05:33:30.0862 4564 AxInstSV - ok

05:33:30.0925 4564 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

05:33:30.0972 4564 b06bdrv - ok

05:33:31.0003 4564 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

05:33:31.0034 4564 b57nd60a - ok

05:33:31.0065 4564 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

05:33:31.0081 4564 BDESVC - ok

05:33:31.0081 4564 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

05:33:31.0128 4564 Beep - ok

05:33:31.0174 4564 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll

05:33:31.0252 4564 BFE - ok

05:33:31.0455 4564 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys

05:33:31.0502 4564 BHDrvx64 - ok

05:33:31.0627 4564 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll

05:33:31.0705 4564 BITS - ok

05:33:31.0752 4564 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

05:33:31.0783 4564 blbdrive - ok

05:33:31.0830 4564 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

05:33:31.0876 4564 bowser - ok

05:33:31.0876 4564 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

05:33:31.0908 4564 BrFiltLo - ok

05:33:31.0908 4564 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

05:33:31.0939 4564 BrFiltUp - ok

05:33:31.0970 4564 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

05:33:32.0017 4564 Browser - ok

05:33:32.0032 4564 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

05:33:32.0095 4564 Brserid - ok

05:33:32.0095 4564 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

05:33:32.0142 4564 BrSerWdm - ok

05:33:32.0142 4564 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

05:33:32.0188 4564 BrUsbMdm - ok

05:33:32.0188 4564 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

05:33:32.0204 4564 BrUsbSer - ok

05:33:32.0204 4564 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

05:33:32.0251 4564 BTHMODEM - ok

05:33:32.0266 4564 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

05:33:32.0329 4564 bthserv - ok

05:33:32.0422 4564 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys

05:33:32.0438 4564 ccSet_N360 - ok

05:33:32.0454 4564 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

05:33:32.0500 4564 cdfs - ok

05:33:32.0547 4564 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

05:33:32.0610 4564 cdrom - ok

05:33:32.0625 4564 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

05:33:32.0688 4564 CertPropSvc - ok

05:33:32.0719 4564 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

05:33:32.0750 4564 circlass - ok

05:33:32.0781 4564 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

05:33:32.0812 4564 CLFS - ok

05:33:32.0890 4564 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

05:33:32.0922 4564 clr_optimization_v2.0.50727_32 - ok

05:33:32.0968 4564 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

05:33:32.0984 4564 clr_optimization_v2.0.50727_64 - ok

05:33:33.0218 4564 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

05:33:33.0249 4564 clr_optimization_v4.0.30319_32 - ok

05:33:33.0374 4564 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

05:33:33.0405 4564 clr_optimization_v4.0.30319_64 - ok

05:33:33.0436 4564 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

05:33:33.0452 4564 CmBatt - ok

05:33:33.0468 4564 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

05:33:33.0483 4564 cmdide - ok

05:33:33.0530 4564 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys

05:33:33.0561 4564 CNG - ok

05:33:33.0577 4564 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

05:33:33.0592 4564 Compbatt - ok

05:33:33.0592 4564 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

05:33:33.0624 4564 CompositeBus - ok

05:33:33.0639 4564 COMSysApp - ok

05:33:33.0639 4564 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

05:33:33.0655 4564 crcdisk - ok

05:33:33.0702 4564 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll

05:33:33.0733 4564 CryptSvc - ok

05:33:33.0795 4564 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

05:33:33.0858 4564 DcomLaunch - ok

05:33:33.0904 4564 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

05:33:33.0951 4564 defragsvc - ok

05:33:33.0982 4564 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

05:33:34.0014 4564 DfsC - ok

05:33:34.0045 4564 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

05:33:34.0092 4564 Dhcp - ok

05:33:34.0123 4564 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

05:33:34.0154 4564 discache - ok

05:33:34.0170 4564 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

05:33:34.0185 4564 Disk - ok

05:33:34.0216 4564 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

05:33:34.0263 4564 Dnscache - ok

05:33:34.0294 4564 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

05:33:34.0388 4564 dot3svc - ok

05:33:34.0388 4564 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

05:33:34.0435 4564 DPS - ok

05:33:34.0450 4564 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

05:33:34.0466 4564 drmkaud - ok

05:33:34.0544 4564 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

05:33:34.0606 4564 DXGKrnl - ok

05:33:34.0653 4564 e1kexpress (52a482dc61f24b498c8268866b90bb44) C:\Windows\system32\DRIVERS\e1k62x64.sys

05:33:34.0731 4564 e1kexpress - ok

05:33:34.0747 4564 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

05:33:34.0794 4564 EapHost - ok

05:33:34.0965 4564 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

05:33:35.0121 4564 ebdrv - ok

05:33:35.0215 4564 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

05:33:35.0246 4564 eeCtrl - ok

05:33:35.0355 4564 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe

05:33:35.0386 4564 EFS - ok

05:33:35.0496 4564 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe

05:33:35.0558 4564 ehRecvr - ok

05:33:35.0605 4564 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

05:33:35.0636 4564 ehSched - ok

05:33:35.0730 4564 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

05:33:35.0792 4564 elxstor - ok

05:33:35.0886 4564 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

05:33:35.0917 4564 EraserUtilRebootDrv - ok

05:33:35.0917 4564 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

05:33:35.0948 4564 ErrDev - ok

05:33:35.0995 4564 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

05:33:36.0073 4564 EventSystem - ok

05:33:36.0088 4564 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

05:33:36.0135 4564 exfat - ok

05:33:36.0135 4564 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

05:33:36.0182 4564 fastfat - ok

05:33:36.0244 4564 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

05:33:36.0291 4564 Fax - ok

05:33:36.0307 4564 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

05:33:36.0338 4564 fdc - ok

05:33:36.0369 4564 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

05:33:36.0432 4564 fdPHost - ok

05:33:36.0447 4564 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

05:33:36.0478 4564 FDResPub - ok

05:33:36.0494 4564 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

05:33:36.0510 4564 FileInfo - ok

05:33:36.0510 4564 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

05:33:36.0541 4564 Filetrace - ok

05:33:36.0556 4564 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

05:33:36.0556 4564 flpydisk - ok

05:33:36.0572 4564 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

05:33:36.0588 4564 FltMgr - ok

05:33:36.0666 4564 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll

05:33:36.0759 4564 FontCache - ok

05:33:36.0837 4564 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

05:33:36.0853 4564 FontCache3.0.0.0 - ok

05:33:36.0868 4564 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

05:33:36.0884 4564 FsDepends - ok

05:33:36.0915 4564 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys

05:33:36.0931 4564 Fs_Rec - ok

05:33:36.0978 4564 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

05:33:37.0009 4564 fvevol - ok

05:33:37.0024 4564 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

05:33:37.0040 4564 gagp30kx - ok

05:33:37.0102 4564 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

05:33:37.0165 4564 gpsvc - ok

05:33:37.0305 4564 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

05:33:37.0368 4564 Greg_Service - ok

05:33:37.0430 4564 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

05:33:37.0446 4564 gupdate - ok

05:33:37.0461 4564 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

05:33:37.0461 4564 gupdatem - ok

05:33:37.0492 4564 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

05:33:37.0508 4564 gusvc - ok

05:33:37.0617 4564 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

05:33:37.0680 4564 hcw85cir - ok

05:33:37.0711 4564 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

05:33:37.0758 4564 HdAudAddService - ok

05:33:37.0773 4564 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

05:33:37.0804 4564 HDAudBus - ok

05:33:37.0851 4564 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

05:33:37.0867 4564 HECIx64 - ok

05:33:37.0867 4564 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

05:33:37.0898 4564 HidBatt - ok

05:33:37.0898 4564 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

05:33:37.0929 4564 HidBth - ok

05:33:37.0945 4564 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

05:33:37.0960 4564 HidIr - ok

05:33:37.0992 4564 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

05:33:38.0023 4564 hidserv - ok

05:33:38.0038 4564 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

05:33:38.0038 4564 HidUsb - ok

05:33:38.0054 4564 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

05:33:38.0101 4564 hkmsvc - ok

05:33:38.0132 4564 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

05:33:38.0163 4564 HomeGroupListener - ok

05:33:38.0413 4564 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

05:33:38.0444 4564 HomeGroupProvider - ok

05:33:38.0475 4564 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

05:33:38.0491 4564 HpSAMD - ok

05:33:38.0553 4564 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

05:33:38.0600 4564 HTTP - ok

05:33:38.0600 4564 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

05:33:38.0616 4564 hwpolicy - ok

05:33:38.0616 4564 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

05:33:38.0631 4564 i8042prt - ok

05:33:38.0740 4564 IAANTMON (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

05:33:38.0756 4564 IAANTMON - ok

05:33:38.0818 4564 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys

05:33:38.0850 4564 iaStor - ok

05:33:38.0865 4564 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

05:33:38.0881 4564 iaStorV - ok

05:33:39.0021 4564 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

05:33:39.0068 4564 idsvc - ok

05:33:39.0208 4564 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120713.001\IDSvia64.sys

05:33:39.0255 4564 IDSVia64 - ok

05:33:39.0333 4564 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

05:33:39.0364 4564 iirsp - ok

05:33:39.0427 4564 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

05:33:39.0505 4564 IKEEXT - ok

05:33:39.0645 4564 IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys

05:33:39.0723 4564 IntcAzAudAddService - ok

05:33:39.0786 4564 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

05:33:39.0801 4564 intelide - ok

05:33:39.0817 4564 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

05:33:39.0832 4564 intelppm - ok

05:33:39.0864 4564 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

05:33:39.0942 4564 IPBusEnum - ok

05:33:39.0942 4564 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

05:33:39.0973 4564 IpFilterDriver - ok

05:33:40.0004 4564 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll

05:33:40.0051 4564 iphlpsvc - ok

05:33:40.0066 4564 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

05:33:40.0066 4564 IPMIDRV - ok

05:33:40.0082 4564 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

05:33:40.0113 4564 IPNAT - ok

05:33:40.0129 4564 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

05:33:40.0144 4564 IRENUM - ok

05:33:40.0160 4564 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

05:33:40.0160 4564 isapnp - ok

05:33:40.0191 4564 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

05:33:40.0207 4564 iScsiPrt - ok

05:33:40.0254 4564 JRAID (2224abc439d115a44edb5630a92c1d7e) C:\Windows\system32\DRIVERS\jraid.sys

05:33:40.0269 4564 JRAID - ok

05:33:40.0269 4564 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

05:33:40.0285 4564 kbdclass - ok

05:33:40.0285 4564 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

05:33:40.0300 4564 kbdhid - ok

05:33:40.0332 4564 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

05:33:40.0347 4564 KeyIso - ok

05:33:40.0394 4564 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys

05:33:40.0410 4564 KSecDD - ok

05:33:40.0441 4564 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys

05:33:40.0456 4564 KSecPkg - ok

05:33:40.0488 4564 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

05:33:40.0550 4564 ksthunk - ok

05:33:40.0628 4564 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

05:33:40.0737 4564 KtmRm - ok

05:33:40.0784 4564 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll

05:33:40.0831 4564 LanmanServer - ok

05:33:40.0862 4564 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

05:33:40.0909 4564 LanmanWorkstation - ok

05:33:40.0924 4564 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

05:33:40.0971 4564 lltdio - ok

05:33:41.0002 4564 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

05:33:41.0080 4564 lltdsvc - ok

05:33:41.0096 4564 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

05:33:41.0127 4564 lmhosts - ok

05:33:41.0143 4564 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

05:33:41.0143 4564 LSI_FC - ok

05:33:41.0158 4564 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

05:33:41.0174 4564 LSI_SAS - ok

05:33:41.0174 4564 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

05:33:41.0190 4564 LSI_SAS2 - ok

05:33:41.0205 4564 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

05:33:41.0205 4564 LSI_SCSI - ok

05:33:41.0221 4564 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

05:33:41.0268 4564 luafv - ok

05:33:41.0299 4564 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

05:33:41.0299 4564 MBAMProtector - ok

05:33:41.0408 4564 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

05:33:41.0439 4564 MBAMService - ok

05:33:41.0455 4564 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

05:33:41.0470 4564 Mcx2Svc - ok

05:33:41.0486 4564 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

05:33:41.0502 4564 megasas - ok

05:33:41.0517 4564 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

05:33:41.0611 4564 MegaSR - ok

05:33:41.0642 4564 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

05:33:41.0689 4564 MMCSS - ok

05:33:41.0689 4564 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

05:33:41.0736 4564 Modem - ok

05:33:41.0751 4564 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

05:33:41.0767 4564 monitor - ok

05:33:41.0782 4564 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

05:33:41.0798 4564 mouclass - ok

05:33:41.0798 4564 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

05:33:41.0814 4564 mouhid - ok

05:33:41.0814 4564 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

05:33:41.0829 4564 mountmgr - ok

05:33:41.0845 4564 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

05:33:41.0860 4564 mpio - ok

05:33:41.0860 4564 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

05:33:41.0892 4564 mpsdrv - ok

05:33:41.0938 4564 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll

05:33:42.0032 4564 MpsSvc - ok

05:33:42.0048 4564 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

05:33:42.0079 4564 MRxDAV - ok

05:33:42.0110 4564 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

05:33:42.0126 4564 mrxsmb - ok

05:33:42.0157 4564 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

05:33:42.0188 4564 mrxsmb10 - ok

05:33:42.0204 4564 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

05:33:42.0235 4564 mrxsmb20 - ok

05:33:42.0235 4564 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

05:33:42.0250 4564 msahci - ok

05:33:42.0266 4564 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

05:33:42.0266 4564 msdsm - ok

05:33:42.0282 4564 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

05:33:42.0313 4564 MSDTC - ok

05:33:42.0328 4564 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

05:33:42.0360 4564 Msfs - ok

05:33:42.0360 4564 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

05:33:42.0391 4564 mshidkmdf - ok

05:33:42.0391 4564 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

05:33:42.0406 4564 msisadrv - ok

05:33:42.0438 4564 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

05:33:42.0484 4564 MSiSCSI - ok

05:33:42.0484 4564 msiserver - ok

05:33:42.0500 4564 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

05:33:42.0547 4564 MSKSSRV - ok

05:33:42.0547 4564 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

05:33:42.0594 4564 MSPCLOCK - ok

05:33:42.0594 4564 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

05:33:42.0625 4564 MSPQM - ok

05:33:42.0656 4564 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

05:33:42.0672 4564 MsRPC - ok

05:33:42.0672 4564 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

05:33:42.0687 4564 mssmbios - ok

05:33:42.0687 4564 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

05:33:42.0734 4564 MSTEE - ok

05:33:42.0734 4564 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

05:33:42.0765 4564 MTConfig - ok

05:33:42.0765 4564 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

05:33:42.0781 4564 Mup - ok

05:33:42.0890 4564 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe

05:33:42.0906 4564 N360 - ok

05:33:42.0952 4564 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

05:33:43.0030 4564 napagent - ok

05:33:43.0062 4564 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

05:33:43.0108 4564 NativeWifiP - ok

05:33:43.0233 4564 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120715.009\ENG64.SYS

05:33:43.0264 4564 NAVENG - ok

05:33:43.0374 4564 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120715.009\EX64.SYS

05:33:43.0420 4564 NAVEX15 - ok

05:33:43.0576 4564 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

05:33:43.0608 4564 NDIS - ok

05:33:43.0623 4564 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

05:33:43.0654 4564 NdisCap - ok

05:33:43.0670 4564 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

05:33:43.0717 4564 NdisTapi - ok

05:33:43.0717 4564 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

05:33:43.0779 4564 Ndisuio - ok

05:33:43.0779 4564 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

05:33:43.0826 4564 NdisWan - ok

05:33:43.0826 4564 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

05:33:43.0857 4564 NDProxy - ok

05:33:43.0857 4564 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

05:33:43.0904 4564 NetBIOS - ok

05:33:43.0904 4564 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

05:33:43.0966 4564 NetBT - ok

05:33:43.0998 4564 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

05:33:44.0013 4564 Netlogon - ok

05:33:44.0076 4564 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

05:33:44.0154 4564 Netman - ok

05:33:44.0185 4564 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

05:33:44.0232 4564 netprofm - ok

05:33:44.0325 4564 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

05:33:44.0356 4564 NetTcpPortSharing - ok

05:33:44.0372 4564 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

05:33:44.0388 4564 nfrd960 - ok

05:33:44.0434 4564 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

05:33:44.0512 4564 NlaSvc - ok

05:33:44.0512 4564 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

05:33:44.0559 4564 Npfs - ok

05:33:44.0559 4564 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

05:33:44.0606 4564 nsi - ok

05:33:44.0606 4564 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

05:33:44.0653 4564 nsiproxy - ok

05:33:44.0746 4564 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

05:33:44.0840 4564 Ntfs - ok

05:33:44.0918 4564 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

05:33:44.0965 4564 Null - ok

05:33:44.0996 4564 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

05:33:44.0996 4564 nvraid - ok

05:33:45.0012 4564 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

05:33:45.0027 4564 nvstor - ok

05:33:45.0043 4564 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

05:33:45.0058 4564 nv_agp - ok

05:33:45.0136 4564 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

05:33:45.0168 4564 odserv - ok

05:33:45.0183 4564 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

05:33:45.0199 4564 ohci1394 - ok

05:33:45.0246 4564 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

05:33:45.0277 4564 ose - ok

05:33:45.0324 4564 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

05:33:45.0355 4564 p2pimsvc - ok

05:33:45.0402 4564 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

05:33:45.0433 4564 p2psvc - ok

05:33:45.0433 4564 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

05:33:45.0464 4564 Parport - ok

05:33:45.0495 4564 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys

05:33:45.0511 4564 partmgr - ok

05:33:45.0573 4564 Partner Service (9665402b7fa59302d520ad845ddfc026) C:\ProgramData\Partner\Partner.exe

05:33:45.0604 4564 Partner Service - ok

05:33:45.0620 4564 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

05:33:45.0651 4564 PcaSvc - ok

05:33:45.0682 4564 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

05:33:45.0698 4564 pci - ok

05:33:45.0698 4564 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

05:33:45.0714 4564 pciide - ok

05:33:45.0729 4564 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

05:33:45.0745 4564 pcmcia - ok

05:33:45.0745 4564 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

05:33:45.0760 4564 pcw - ok

05:33:45.0792 4564 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

05:33:45.0854 4564 PEAUTH - ok

05:33:45.0916 4564 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

05:33:45.0963 4564 PerfHost - ok

05:33:46.0057 4564 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

05:33:46.0119 4564 pla - ok

05:33:46.0182 4564 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll

05:33:46.0213 4564 PlugPlay - ok

05:33:46.0228 4564 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

05:33:46.0244 4564 PNRPAutoReg - ok

05:33:46.0260 4564 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

05:33:46.0275 4564 PNRPsvc - ok

05:33:46.0322 4564 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

05:33:46.0384 4564 PolicyAgent - ok

05:33:46.0416 4564 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

05:33:46.0447 4564 Power - ok

05:33:46.0540 4564 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

05:33:46.0618 4564 PptpMiniport - ok

05:33:46.0634 4564 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

05:33:46.0665 4564 Processor - ok

05:33:46.0696 4564 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll

05:33:46.0743 4564 ProfSvc - ok

05:33:46.0774 4564 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

05:33:46.0806 4564 ProtectedStorage - ok

05:33:46.0837 4564 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

05:33:46.0868 4564 Psched - ok

05:33:46.0915 4564 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

05:33:46.0946 4564 PxHlpa64 - ok

05:33:47.0008 4564 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

05:33:47.0086 4564 ql2300 - ok

05:33:50.0472 4564 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

05:33:50.0534 4564 ql40xx - ok

05:33:52.0531 4564 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

05:33:52.0593 4564 QWAVE - ok

05:33:52.0640 4564 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

05:33:52.0671 4564 QWAVEdrv - ok

05:33:52.0671 4564 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

05:33:52.0718 4564 RasAcd - ok

05:33:52.0734 4564 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

05:33:52.0796 4564 RasAgileVpn - ok

05:33:52.0827 4564 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

05:33:52.0874 4564 RasAuto - ok

05:33:52.0890 4564 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

05:33:52.0952 4564 Rasl2tp - ok

05:33:52.0999 4564 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

05:33:53.0030 4564 RasMan - ok

05:33:53.0046 4564 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

05:33:53.0077 4564 RasPppoe - ok

05:33:53.0092 4564 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

05:33:53.0170 4564 RasSstp - ok

05:33:53.0186 4564 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

05:33:53.0217 4564 rdbss - ok

05:33:53.0233 4564 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

05:33:53.0248 4564 rdpbus - ok

05:33:53.0264 4564 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

05:33:53.0295 4564 RDPCDD - ok

05:33:53.0295 4564 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

05:33:53.0326 4564 RDPENCDD - ok

05:33:53.0342 4564 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

05:33:53.0373 4564 RDPREFMP - ok

05:33:53.0404 4564 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys

05:33:53.0451 4564 RDPWD - ok

05:33:53.0482 4564 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

05:33:53.0576 4564 rdyboost - ok

05:33:53.0623 4564 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

05:33:53.0685 4564 RemoteAccess - ok

05:33:53.0701 4564 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

05:33:53.0748 4564 RemoteRegistry - ok

05:33:53.0779 4564 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

05:33:53.0826 4564 RpcEptMapper - ok

05:33:53.0857 4564 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

05:33:53.0888 4564 RpcLocator - ok

05:33:53.0935 4564 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

05:33:53.0997 4564 RpcSs - ok

05:33:54.0028 4564 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

05:33:54.0060 4564 rspndr - ok

05:33:54.0106 4564 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

05:33:54.0122 4564 SamSs - ok

05:33:54.0138 4564 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

05:33:54.0153 4564 sbp2port - ok

05:33:54.0184 4564 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

05:33:54.0216 4564 SCardSvr - ok

05:33:54.0231 4564 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

05:33:54.0262 4564 scfilter - ok

05:33:54.0340 4564 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

05:33:54.0403 4564 Schedule - ok

05:33:54.0434 4564 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

05:33:54.0465 4564 SCPolicySvc - ok

05:33:54.0481 4564 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

05:33:54.0512 4564 SDRSVC - ok

05:33:54.0559 4564 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

05:33:54.0637 4564 secdrv - ok

05:33:54.0652 4564 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

05:33:54.0699 4564 seclogon - ok

05:33:54.0715 4564 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

05:33:54.0762 4564 SENS - ok

05:33:54.0762 4564 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

05:33:54.0808 4564 SensrSvc - ok

05:33:54.0824 4564 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

05:33:54.0840 4564 Serenum - ok

05:33:54.0840 4564 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

05:33:54.0855 4564 Serial - ok

05:33:54.0855 4564 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

05:33:54.0886 4564 sermouse - ok

05:33:54.0902 4564 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

05:33:54.0933 4564 SessionEnv - ok

05:33:54.0933 4564 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

05:33:54.0949 4564 sffdisk - ok

05:33:54.0964 4564 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

05:33:54.0980 4564 sffp_mmc - ok

05:33:54.0980 4564 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

05:33:54.0996 4564 sffp_sd - ok

05:33:54.0996 4564 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

05:33:55.0011 4564 sfloppy - ok

05:33:55.0058 4564 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

05:33:55.0105 4564 SharedAccess - ok

05:33:55.0136 4564 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

05:33:55.0183 4564 ShellHWDetection - ok

05:33:55.0183 4564 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

05:33:55.0198 4564 SiSRaid2 - ok

05:33:55.0214 4564 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

05:33:55.0230 4564 SiSRaid4 - ok

05:33:55.0417 4564 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

05:33:55.0464 4564 Skype C2C Service - ok

05:33:55.0526 4564 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe

05:33:55.0557 4564 SkypeUpdate - ok

05:33:55.0620 4564 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

05:33:55.0682 4564 Smb - ok

05:33:55.0713 4564 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

05:33:55.0729 4564 SNMPTRAP - ok

05:33:55.0729 4564 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

05:33:55.0744 4564 spldr - ok

05:33:55.0807 4564 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

05:33:55.0869 4564 Spooler - ok

05:33:56.0041 4564 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

05:33:56.0150 4564 sppsvc - ok

05:33:56.0228 4564 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

05:33:56.0259 4564 sppuinotify - ok

05:33:56.0368 4564 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS

05:33:56.0415 4564 SRTSP - ok

05:33:56.0431 4564 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS

05:33:56.0431 4564 SRTSPX - ok

05:33:56.0478 4564 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

05:33:56.0493 4564 srv - ok

05:33:56.0540 4564 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

05:33:56.0571 4564 srv2 - ok

05:33:56.0618 4564 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

05:33:56.0634 4564 srvnet - ok

05:33:56.0680 4564 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

05:33:56.0743 4564 SSDPSRV - ok

05:33:56.0758 4564 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

05:33:56.0790 4564 SstpSvc - ok

05:33:56.0836 4564 Steam Client Service - ok

05:33:56.0883 4564 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

05:33:56.0914 4564 stexstor - ok

05:33:56.0977 4564 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

05:33:57.0039 4564 stisvc - ok

05:33:57.0039 4564 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

05:33:57.0055 4564 swenum - ok

05:33:57.0102 4564 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

05:33:57.0164 4564 swprv - ok

05:33:57.0273 4564 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS

05:33:57.0304 4564 SymDS - ok

05:33:57.0382 4564 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS

05:33:57.0429 4564 SymEFA - ok

05:33:57.0460 4564 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

05:33:57.0476 4564 SymEvent - ok

05:33:57.0507 4564 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS

05:33:57.0523 4564 SymIRON - ok

05:33:57.0570 4564 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS

05:33:57.0601 4564 SymNetS - ok

05:33:57.0710 4564 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

05:33:57.0772 4564 SysMain - ok

05:33:57.0866 4564 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

05:33:57.0913 4564 TabletInputService - ok

05:33:57.0928 4564 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

05:33:57.0991 4564 TapiSrv - ok

05:33:57.0991 4564 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

05:33:58.0038 4564 TBS - ok

05:33:58.0178 4564 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys

05:33:58.0240 4564 Tcpip - ok

05:33:58.0396 4564 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys

05:33:58.0443 4564 TCPIP6 - ok

05:33:58.0506 4564 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

05:33:58.0552 4564 tcpipreg - ok

05:33:58.0552 4564 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

05:33:58.0584 4564 TDPIPE - ok

05:33:58.0599 4564 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

05:33:58.0646 4564 TDTCP - ok

05:33:58.0646 4564 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

05:33:58.0708 4564 tdx - ok

05:33:58.0724 4564 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

05:33:58.0724 4564 TermDD - ok

05:33:58.0802 4564 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

05:33:58.0896 4564 TermService - ok

05:33:58.0896 4564 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

05:33:58.0927 4564 Themes - ok

05:33:58.0958 4564 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

05:33:58.0989 4564 THREADORDER - ok

05:33:59.0005 4564 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

05:33:59.0052 4564 TrkWks - ok

05:33:59.0083 4564 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

05:33:59.0114 4564 TrustedInstaller - ok

05:33:59.0114 4564 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

05:33:59.0176 4564 tssecsrv - ok

05:33:59.0208 4564 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

05:33:59.0254 4564 tunnel - ok

05:33:59.0254 4564 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

05:33:59.0270 4564 uagp35 - ok

05:33:59.0286 4564 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

05:33:59.0332 4564 udfs - ok

05:33:59.0332 4564 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

05:33:59.0348 4564 UI0Detect - ok

05:33:59.0364 4564 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

05:33:59.0379 4564 uliagpkx - ok

05:33:59.0395 4564 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

05:33:59.0395 4564 umbus - ok

05:33:59.0410 4564 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

05:33:59.0426 4564 UmPass - ok

05:33:59.0488 4564 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

05:33:59.0520 4564 Updater Service - ok

05:33:59.0551 4564 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

05:33:59.0598 4564 upnphost - ok

05:33:59.0613 4564 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

05:33:59.0629 4564 usbccgp - ok

05:33:59.0660 4564 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

05:33:59.0754 4564 usbcir - ok

05:33:59.0754 4564 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

05:33:59.0769 4564 usbehci - ok

05:33:59.0785 4564 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

05:33:59.0816 4564 usbhub - ok

05:33:59.0816 4564 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

05:33:59.0832 4564 usbohci - ok

05:33:59.0832 4564 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

05:33:59.0863 4564 usbprint - ok

05:33:59.0863 4564 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

05:33:59.0878 4564 USBSTOR - ok

05:33:59.0878 4564 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

05:33:59.0894 4564 usbuhci - ok

05:33:59.0910 4564 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

05:33:59.0941 4564 UxSms - ok

05:33:59.0972 4564 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

05:34:00.0003 4564 VaultSvc - ok

05:34:00.0019 4564 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

05:34:00.0034 4564 vdrvroot - ok

05:34:00.0081 4564 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

05:34:00.0112 4564 vds - ok

05:34:00.0112 4564 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

05:34:00.0128 4564 vga - ok

05:34:00.0128 4564 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

05:34:00.0175 4564 VgaSave - ok

05:34:00.0190 4564 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

05:34:00.0206 4564 vhdmp - ok

05:34:00.0206 4564 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

05:34:00.0222 4564 viaide - ok

05:34:00.0222 4564 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

05:34:00.0237 4564 volmgr - ok

05:34:00.0253 4564 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

05:34:00.0268 4564 volmgrx - ok

05:34:00.0284 4564 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

05:34:00.0300 4564 volsnap - ok

05:34:00.0315 4564 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

05:34:00.0331 4564 vsmraid - ok

05:34:00.0409 4564 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

05:34:00.0456 4564 VSS - ok

05:34:00.0580 4564 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

05:34:00.0627 4564 vToolbarUpdater11.2.0 - ok

05:34:00.0705 4564 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

05:34:00.0736 4564 vwifibus - ok

05:34:00.0768 4564 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

05:34:00.0900 4564 W32Time - ok

05:34:00.0905 4564 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

05:34:00.0934 4564 WacomPen - ok

05:34:00.0948 4564 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

05:34:00.0985 4564 WANARP - ok

05:34:00.0988 4564 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

05:34:01.0022 4564 Wanarpv6 - ok

05:34:01.0115 4564 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

05:34:01.0174 4564 WatAdminSvc - ok

05:34:01.0268 4564 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

05:34:01.0325 4564 wbengine - ok

05:34:01.0405 4564 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

05:34:01.0435 4564 WbioSrvc - ok

05:34:01.0483 4564 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll

05:34:01.0530 4564 wcncsvc - ok

05:34:01.0542 4564 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

05:34:01.0578 4564 WcsPlugInService - ok

05:34:01.0618 4564 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

05:34:01.0636 4564 Wd - ok

05:34:01.0669 4564 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

05:34:01.0697 4564 Wdf01000 - ok

05:34:01.0705 4564 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

05:34:01.0737 4564 WdiServiceHost - ok

05:34:01.0739 4564 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

05:34:01.0759 4564 WdiSystemHost - ok

05:34:01.0812 4564 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll

05:34:01.0860 4564 WebClient - ok

05:34:01.0887 4564 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

05:34:01.0945 4564 Wecsvc - ok

05:34:01.0968 4564 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

05:34:02.0008 4564 wercplsupport - ok

05:34:02.0016 4564 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

05:34:02.0050 4564 WerSvc - ok

05:34:02.0059 4564 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

05:34:02.0095 4564 WfpLwf - ok

05:34:02.0098 4564 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

05:34:02.0109 4564 WIMMount - ok

05:34:02.0160 4564 WinDefend - ok

05:34:02.0164 4564 WinHttpAutoProxySvc - ok

05:34:02.0231 4564 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

05:34:02.0287 4564 Winmgmt - ok

05:34:02.0398 4564 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

05:34:02.0499 4564 WinRM - ok

05:34:04.0070 4564 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

05:34:04.0196 4564 Wlansvc - ok

05:34:04.0858 4564 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

05:34:04.0878 4564 WmiAcpi - ok

05:34:05.0347 4564 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

05:34:05.0394 4564 wmiApSrv - ok

05:34:05.0441 4564 WMPNetworkSvc - ok

05:34:05.0472 4564 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

05:34:05.0503 4564 WPCSvc - ok

05:34:05.0519 4564 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

05:34:05.0550 4564 WPDBusEnum - ok

05:34:05.0566 4564 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

05:34:05.0597 4564 ws2ifsl - ok

05:34:05.0644 4564 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll

05:34:05.0675 4564 wscsvc - ok

05:34:05.0675 4564 WSearch - ok

05:34:05.0831 4564 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

05:34:05.0940 4564 wuauserv - ok

05:34:06.0049 4564 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

05:34:06.0127 4564 WudfPf - ok

05:34:06.0143 4564 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

05:34:06.0205 4564 WUDFRd - ok

05:34:06.0252 4564 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll

05:34:06.0283 4564 wudfsvc - ok

05:34:06.0315 4564 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

05:34:06.0346 4564 WwanSvc - ok

05:34:06.0361 4564 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0

05:34:06.0377 4564 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

05:34:06.0377 4564 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

05:34:06.0408 4564 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

05:34:06.0408 4564 \Device\Harddisk0\DR0 - detected TDSS File System (1)

05:34:06.0439 4564 Boot (0x1200) (e201a20d7abd060531baa2a0d097021d) \Device\Harddisk0\DR0\Partition0

05:34:06.0439 4564 \Device\Harddisk0\DR0\Partition0 - ok

05:34:06.0455 4564 Boot (0x1200) (797d653e6d49347f539fc9115fd6890a) \Device\Harddisk0\DR0\Partition1

05:34:06.0455 4564 \Device\Harddisk0\DR0\Partition1 - ok

05:34:06.0455 4564 ============================================================

05:34:06.0455 4564 Scan finished

05:34:06.0455 4564 ============================================================

05:34:06.0471 2384 Detected object count: 2

05:34:06.0471 2384 Actual detected object count: 2

05:35:06.0202 2384 \Device\Harddisk0\DR0\# - copied to quarantine

05:35:06.0202 2384 \Device\Harddisk0\DR0 - copied to quarantine

05:35:06.0249 2384 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

05:35:06.0264 2384 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

05:35:06.0264 2384 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

05:35:06.0280 2384 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

05:35:06.0280 2384 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

05:35:06.0280 2384 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

05:35:06.0280 2384 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

05:35:06.0280 2384 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

05:35:06.0280 2384 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

05:35:06.0280 2384 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

05:35:06.0296 2384 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

05:35:06.0296 2384 \Device\Harddisk0\DR0 - ok

05:35:06.0561 2384 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

05:35:06.0576 2384 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

05:35:06.0576 2384 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

05:35:06.0592 2384 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

05:35:06.0608 2384 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

05:35:06.0608 2384 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

05:35:06.0608 2384 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

05:35:06.0608 2384 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

05:35:06.0608 2384 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

05:35:06.0608 2384 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

05:35:06.0623 2384 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

05:35:06.0623 2384 \Device\Harddisk0\DR0\TDLFS - deleted

05:35:06.0623 2384 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

05:35:08.0651 5000 Deinitialize success

Link to post
Share on other sites

so i had ran the scan and rebooted..couldetn find the report so iran the scan again and it found the same \Device\Harddisk0\DR0 but not the other file it cured. the last time i ran the scan ( a total 3 ) ddint find anything so im not sure why the first 2 did. (i had to reboot the first scan but the second time didnt ask me to so between the second and 3rd can i did not reboot)

Link to post
Share on other sites

TDSSKiller found and cured the infection....next.....

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-07-16.01 - Brain 07/16/2012 6:29.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6071.4195 [GMT -7:00]

Running from: c:\users\Brain\Downloads\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))

.

.

2012-07-16 12:35 . 2012-07-16 12:44 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-16 10:00 . 2012-07-16 10:11 -------- d-----w- C:\4082a86e889baf927f

2012-07-16 09:46 . 2012-07-16 09:46 -------- d-----w- c:\programdata\AVG Secure Search

2012-07-16 09:46 . 2012-07-16 09:46 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2012-07-16 09:46 . 2012-07-16 09:46 -------- d-----w- c:\program files (x86)\AVG Secure Search

2012-07-16 09:45 . 2012-07-16 09:45 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-07-16 09:44 . 2012-07-16 09:44 -------- d-----w- C:\$AVG

2012-07-16 09:44 . 2012-07-16 12:36 -------- d-----w- c:\programdata\AVG2012

2012-07-16 09:44 . 2012-07-16 09:48 -------- d-----w- c:\windows\system32\drivers\AVG

2012-07-16 09:43 . 2012-07-16 09:55 -------- d-----w- c:\program files (x86)\AVG

2012-07-16 09:42 . 2012-07-16 09:48 -------- d-----w- c:\programdata\MFAData

2012-07-16 09:42 . 2012-07-16 09:42 -------- d--h--w- c:\programdata\Common Files

2012-07-16 08:25 . 2012-07-16 08:25 -------- d-----w- C:\N360_BACKUP

2012-07-16 08:23 . 2012-07-16 08:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-16 08:23 . 2012-07-16 08:23 -------- d-----w- c:\programdata\Malwarebytes

2012-07-16 08:23 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-16 08:02 . 2012-07-16 08:02 -------- d-----w- c:\windows\SysWow64\Wat

2012-07-16 08:02 . 2012-07-16 08:02 -------- d-----w- c:\windows\system32\Wat

2012-07-16 07:56 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2012-07-16 07:56 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2012-07-16 07:53 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-07-16 07:42 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll

2012-07-16 07:42 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll

2012-07-16 07:30 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2012-07-16 07:30 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2012-07-16 07:30 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

2012-07-16 07:30 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2012-07-16 07:30 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2012-07-16 07:30 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2012-07-16 07:30 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2012-07-16 07:30 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll

2012-07-16 07:30 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2012-07-16 07:30 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

2012-07-16 07:20 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-07-16 07:20 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-07-16 07:20 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll

2012-07-16 07:20 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll

2012-07-16 07:20 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-07-16 07:20 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-07-16 07:20 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-07-16 07:18 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys

2012-07-15 10:09 . 2011-05-04 05:30 2326016 ----a-w- c:\windows\system32\tquery.dll

2012-07-15 10:08 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2012-07-15 10:07 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll

2012-07-15 10:06 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll

2012-07-15 10:06 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-07-15 09:26 . 2012-07-16 13:23 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2012-07-15 07:30 . 2008-07-31 17:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll

2012-07-15 07:30 . 2008-07-31 17:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll

2012-07-15 07:30 . 2008-07-12 15:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2012-07-15 07:30 . 2008-07-12 15:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2012-07-15 07:30 . 2008-07-12 15:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2012-07-15 07:28 . 2012-07-15 07:28 -------- d-----w- C:\Riot Games

2012-07-15 05:25 . 2012-07-15 21:31 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-07-15 05:25 . 2012-07-16 13:24 -------- d-----w- c:\program files (x86)\Steam

2012-07-15 05:19 . 2012-07-15 05:19 -------- d-----w- c:\windows\NAPP_Dism_Log

2012-07-15 05:19 . 2012-07-15 05:19 -------- d-----w- c:\program files (x86)\Pando Networks

2012-07-15 05:13 . 2012-07-15 05:14 -------- d-----r- c:\program files (x86)\Skype

2012-07-15 05:13 . 2012-07-15 05:13 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-07-15 05:13 . 2012-07-15 05:14 -------- d-----w- c:\programdata\Skype

2012-07-15 05:11 . 2012-07-15 05:11 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-15 05:11 . 2012-07-15 05:11 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-15 05:11 . 2012-07-15 05:11 -------- d-----w- c:\windows\system32\Macromed

2012-07-15 05:07 . 2012-07-16 13:24 -------- d-----w- c:\program files (x86)\Norton Security Suite

2012-07-15 05:04 . 2012-07-15 05:04 -------- d-----w- c:\programdata\PCSettings

2012-07-15 04:52 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll

2012-07-15 04:52 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll

2012-07-15 04:51 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-07-15 04:51 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-07-15 04:51 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-07-15 04:49 . 2012-07-15 04:49 -------- d-----w- c:\programdata\ATI

2012-07-15 04:44 . 2012-07-15 04:44 -------- d-----w- c:\users\Public\Symantec

2012-07-15 04:44 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-07-15 04:44 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-07-15 04:44 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-07-15 04:44 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-07-15 04:44 . 2012-07-15 04:44 -------- d-----w- c:\programdata\OEM

2012-07-15 04:44 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-07-15 04:44 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-07-15 04:44 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-07-15 04:43 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-15 04:43 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-07-15 04:43 . 2012-07-15 04:47 -------- d-----w- c:\users\Brain

2012-07-15 04:43 . 2012-07-15 04:43 -------- d-----w- C:\Recovery

2012-07-15 04:39 . 2012-07-15 04:39 3 ----a-w- c:\windows\system32\PLD_Framework.cmd

2012-07-15 04:38 . 2012-07-15 04:38 -------- d-----w- c:\windows\SysWow64\RTCOM

2012-07-15 04:38 . 2012-07-15 04:38 -------- d-----w- c:\program files\Realtek

2012-07-15 04:36 . 2009-10-13 18:16 409624 ----a-w- c:\windows\system32\drivers\iaStor.sys

2012-07-15 04:35 . 2009-08-03 11:51 540192 ----a-w- c:\windows\system32\NVUNINST.EXE

2012-07-15 04:34 . 2012-07-15 04:34 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-07-15 04:33 . 2012-07-15 04:33 -------- d-----w- c:\program files\ATI

2012-07-15 04:33 . 2012-07-15 04:34 -------- d-----w- c:\program files (x86)\ATI Technologies

2012-07-15 04:31 . 2012-07-15 04:31 0 ----a-w- c:\windows\ativpsrm.bin

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-19 11:50 . 2012-04-19 11:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2009-11-16 10:19 433648 ----a-w- c:\programdata\Partner\Partner.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-16 09:46 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-16 2074208]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-16 39408]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-07-15 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-08-03 498160]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-26 98304]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-16 1107552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-15 135664]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 250056]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-15 135664]

R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-11-16 332272]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-16 1255736]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-23 202752]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-05 5160568]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-06 3048136]

S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]

S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-16 935008]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-23 283824]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 05:11]

.

2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-15 04:53]

.

2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-15 04:53]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2009-11-16 10:19 750064 ----a-w- c:\programdata\Partner\Partner64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]

"OOTag"="c:\windows\oobeoffer\oobeoffer\ootag.exe" [2009-09-28 23072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360712p106p0455v185k45j1r279

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360712p106p0455v185k45j1r279

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Internet Explorer\IELowutil.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

.

**************************************************************************

.

Completion time: 2012-07-16 06:40:49 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-16 13:40

.

Pre-Run: 923,395,534,848 bytes free

Post-Run: 923,241,717,760 bytes free

.

- - End Of File - - 7D285B2F4C496E6A5512B87A36478CDC

Link to post
Share on other sites

i have ran a quick scan with malwarebytes and befor it found 2 viruses and now it finds none. i also did a full system scann with avg and it has turned up clean.. i however have no performace issues (when i had it befor or now) execpt that i have had random blue screen so i cannot tell if thats fixxed. but the scanns are clean now.

Link to post
Share on other sites

Blue screens can be caused by many things, from your DDS scan..here's the recent events:

==== Event Viewer Messages From Past Week ========

.

7/16/2012 2:18:55 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

7/16/2012 12:12:46 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c70047, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071612-36083-01.

7/16/2012 12:08:14 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c58047, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071612-38438-01.

7/16/2012 1:09:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2703157).

7/16/2012 1:09:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).

7/16/2012 1:09:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2544521).

7/16/2012 1:06:32 AM, Error: Service Control Manager [7023] -

7/16/2012 1:04:15 AM, Error: Service Control Manager [7034] - The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).

7/16/2012 1:04:09 AM, Error: Service Control Manager [7031] - The Norton Security Suite service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

7/16/2012 1:04:08 AM, Error: Service Control Manager [7034] - The Updater Service service terminated unexpectedly. It has done this 1 time(s).

7/16/2012 1:04:07 AM, Error: Service Control Manager [7034] - The Skype Updater service terminated unexpectedly. It has done this 1 time(s).

7/16/2012 1:04:04 AM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).

7/16/2012 1:03:43 AM, Error: Service Control Manager [7034] - The GRegService service terminated unexpectedly. It has done this 1 time(s).

7/15/2012 2:27:50 PM, Error: Service Control Manager [7024] - The Power service terminated with service-specific error The operation completed successfully..

7/15/2012 2:27:50 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.

7/14/2012 9:32:14 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.

7/14/2012 9:32:07 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: The system cannot find the file specified.

7/14/2012 10:25:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

7/14/2012 10:25:55 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

MrC

.

Link to post
Share on other sites

Yes I do.

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.