Jump to content

Smitfraud-c next step...?

sloanie81
 Share

Recommended Posts

sloanie81

sloanie81

Posted
Posted

I got the dreaded Smitfraud 2 days ago, and although malwarebytes and spybot detect it, they do not seem able to eliminate it. I found another thread about smitfraud-c on this forum so I followed some steps (TDDSkiller and Combofix). Could someone review this log and tell me if 1) I need to do anything else, and 2) was there any backdoor elements I should be concerned about?

Any help is truly appreciated. The combofix log is below:

ComboFix 12-07-18.04 - Madcow 07/18/2012 20:33:23.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4333 [GMT -4:00]

Running from: c:\users\Madcow\Desktop\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Search Toolbar

c:\program files (x86)\Search Toolbar\icon.ico

c:\program files (x86)\Search Toolbar\SearchToolbar.dll

c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe

c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe

c:\users\Madcow\GoToAssistDownloadHelper.exe

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))

.

.

2012-07-19 00:38 . 2012-07-19 00:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-19 00:14 . 2012-07-19 00:14 -------- d-----w- c:\program files (x86)\7-zip

2012-07-19 00:14 . 2012-07-19 00:14 -------- d-----w- c:\program files (x86)\Freeze.com

2012-07-19 00:14 . 2012-07-19 00:14 -------- d-----w- c:\programdata\Yahoo!

2012-07-19 00:14 . 2012-07-19 00:14 -------- d-----w- c:\programdata\Yahoo! Companion

2012-07-19 00:14 . 2012-07-19 00:14 -------- d-----w- c:\program files (x86)\Yahoo!

2012-07-19 00:14 . 2012-07-19 00:14 -------- d-----w- c:\users\Madcow\AppData\Roaming\Yahoo!

2012-07-19 00:06 . 2012-07-19 00:06 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-18 23:11 . 2012-07-18 23:11 110080 ----a-r- c:\users\Madcow\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe

2012-07-18 23:11 . 2012-07-18 23:11 110080 ----a-r- c:\users\Madcow\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconD7F16134.exe

2012-07-18 23:11 . 2012-07-18 23:11 110080 ----a-r- c:\users\Madcow\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\Icon1226A4C5.exe

2012-07-18 23:11 . 2012-07-18 23:14 -------- d-----w- C:\sh4ldr

2012-07-18 23:11 . 2012-07-18 23:11 -------- d-----w- c:\program files\Enigma Software Group

2012-07-18 23:10 . 2012-07-18 23:11 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP

2012-07-18 05:45 . 2012-07-18 23:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-07-18 05:45 . 2012-07-18 22:54 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-07-18 05:43 . 2012-07-18 05:43 -------- d-----w- c:\users\Madcow\AppData\Local\Giant Savings

2012-07-18 05:43 . 2012-07-18 21:06 -------- d-----w- c:\program files (x86)\Giant Savings

2012-07-17 22:47 . 2012-07-17 22:49 -------- d-----w- c:\users\Madcow\AppData\Roaming\AVG

2012-07-17 22:27 . 2012-07-17 22:27 -------- d-----w- c:\users\Madcow\AppData\Local\AVG Secure Search

2012-07-17 22:27 . 2012-07-17 22:28 -------- d-----w- c:\programdata\AVG Secure Search

2012-07-17 22:27 . 2012-07-18 21:06 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2012-07-17 22:27 . 2012-07-18 21:06 -------- d-----w- c:\program files (x86)\AVG Secure Search

2012-07-17 22:25 . 2012-07-18 21:05 -------- d-----w- c:\programdata\AVG2012

2012-07-17 22:25 . 2012-07-17 22:25 -------- d-----w- C:\$AVG

2012-07-17 22:24 . 2012-07-17 22:46 -------- d-----w- c:\program files (x86)\AVG

2012-07-17 22:19 . 2012-07-18 21:05 -------- d-----w- c:\programdata\MFAData

2012-07-17 22:19 . 2012-07-17 22:19 -------- d--h--w- c:\programdata\Common Files

2012-07-17 19:53 . 2012-07-17 19:53 -------- d-----w- c:\programdata\Kaspersky Lab

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-18 21:58 . 2012-04-07 21:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-18 21:58 . 2011-07-22 20:00 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-13 07:06 . 2010-02-14 14:59 58957832 ----a-w- c:\windows\system32\MRT.exe

2012-05-18 02:47 . 2012-06-13 07:00 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-05-18 02:16 . 2012-06-13 07:00 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-05-18 02:06 . 2012-06-13 07:00 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-05-18 01:59 . 2012-06-13 07:00 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-05-18 01:59 . 2012-06-13 07:00 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-05-18 01:58 . 2012-06-13 07:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-18 01:58 . 2012-06-13 07:00 237056 ----a-w- c:\windows\system32\url.dll

2012-05-18 01:56 . 2012-06-13 07:00 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-05-18 01:55 . 2012-06-13 07:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-05-18 01:55 . 2012-06-13 07:00 818688 ----a-w- c:\windows\system32\jscript.dll

2012-05-18 01:54 . 2012-06-13 07:00 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-05-18 01:51 . 2012-06-13 07:00 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-05-18 01:51 . 2012-06-13 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-18 01:47 . 2012-06-13 07:00 248320 ----a-w- c:\windows\system32\ieui.dll

2012-05-17 22:45 . 2012-06-13 07:00 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-05-17 22:35 . 2012-06-13 07:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-05-17 22:35 . 2012-06-13 07:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-05-17 22:29 . 2012-06-13 07:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-05-17 22:24 . 2012-06-13 07:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-05-15 01:32 . 2012-06-12 19:30 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-05-06 02:56 . 2011-04-29 01:11 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-05-04 11:06 . 2012-06-12 19:30 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-12 19:30 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-12 19:30 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40 . 2012-06-12 19:30 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:55 . 2012-06-12 19:30 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:41 . 2012-06-12 19:30 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 05:41 . 2012-06-12 19:30 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:34 . 2012-06-12 19:30 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-24 05:37 . 2012-06-12 19:30 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-24 05:37 . 2012-06-12 19:30 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-04-24 05:37 . 2012-06-12 19:30 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-04-24 04:36 . 2012-06-12 19:30 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-04-24 04:36 . 2012-06-12 19:30 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-04-24 04:36 . 2012-06-12 19:30 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-02-03 237693]

"SPIRunE"="SPIRunE.dll" [2010-02-17 18432]

"AutoTask"="c:\program files (x86)\AutoTask\AutoTask.exe" [2009-06-22 335872]

"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SGETask.lnk - c:\program files\SIMU\SGE\SGETask.Exe [2010-9-24 91720]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 250056]

R3 AllShare;SAMSUNG AllShare Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-02-14 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-04 79360]

R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-02-14 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]

R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-02-17 38536]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2010-02-17 639512]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2012-03-29 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2012-03-29 1092728]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120711.002_b67\BHDrvx64.sys [2012-07-11 1161376]

S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-29 167048]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120717.003_b7e\IDSvia64.sys [2012-07-17 509088]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2012-03-29 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2012-03-29 405624]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [2010-02-12 1101600]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-13 138912]

S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 21:58]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=type=W3i_SP,204,0_0,StartPage,20120729,16897,0,6,0

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: play.net\*

TCP: DhcpNameServer = 192.168.0.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} - hxxps://www.play.net/components/activex/AXSAL.ocx

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe

c:\windows\SysWOW64\rundll32.exe

c:\windows\SysWOW64\Ctxfihlp.exe

c:\windows\SysWOW64\CTXFISPI.EXE

.

**************************************************************************

.

Completion time: 2012-07-18 20:45:40 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-19 00:45

.

Pre-Run: 662,897,065,984 bytes free

Post-Run: 662,337,064,960 bytes free

.

- - End Of File - - 4275DA58F6B02F3D160352FBC27BC399

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

You shouldn't be running these tools with being instructed to by an expert helper.

Can you post the log from TDSSKiller?

Also.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites
sloanie81

sloanie81

Posted
  • Author
Posted

New TDDS report:

20:17:26.0680 4400 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11

20:17:26.0914 4400 ============================================================

20:17:26.0914 4400 Current date / time: 2012/07/19 20:17:26.0914

20:17:26.0914 4400 SystemInfo:

20:17:26.0914 4400

20:17:26.0914 4400 OS Version: 6.1.7601 ServicePack: 1.0

20:17:26.0914 4400 Product type: Workstation

20:17:26.0914 4400 ComputerName: MADCOW-PC

20:17:26.0914 4400 UserName: Madcow

20:17:26.0914 4400 Windows directory: C:\Windows

20:17:26.0914 4400 System windows directory: C:\Windows

20:17:26.0914 4400 Running under WOW64

20:17:26.0914 4400 Processor architecture: Intel x64

20:17:26.0914 4400 Number of processors: 4

20:17:26.0914 4400 Page size: 0x1000

20:17:26.0914 4400 Boot type: Normal boot

20:17:26.0914 4400 ============================================================

20:17:29.0036 4400 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:17:29.0051 4400 ============================================================

20:17:29.0051 4400 \Device\Harddisk0\DR0:

20:17:29.0051 4400 MBR partitions:

20:17:29.0051 4400 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

20:17:29.0051 4400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x557E5EF0

20:17:29.0051 4400 ============================================================

20:17:29.0098 4400 C: <-> \Device\Harddisk0\DR0\Partition1

20:17:29.0098 4400 ============================================================

20:17:29.0098 4400 Initialize success

20:17:29.0098 4400 ============================================================

20:17:34.0574 4696 ============================================================

20:17:34.0574 4696 Scan started

20:17:34.0574 4696 Mode: Manual; SigCheck; TDLFS;

20:17:34.0574 4696 ============================================================

20:17:36.0945 4696 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

20:17:37.0007 4696 1394ohci - ok

20:17:37.0038 4696 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

20:17:37.0038 4696 ACPI - ok

20:17:37.0070 4696 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

20:17:37.0132 4696 AcpiPmi - ok

20:17:37.0226 4696 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:17:37.0241 4696 AdobeFlashPlayerUpdateSvc - ok

20:17:37.0272 4696 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

20:17:37.0288 4696 adp94xx - ok

20:17:37.0335 4696 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

20:17:37.0350 4696 adpahci - ok

20:17:37.0366 4696 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

20:17:37.0382 4696 adpu320 - ok

20:17:37.0428 4696 AE1000 (e005682ae8f8ec4eb05f2a70a16ea1c5) C:\Windows\system32\DRIVERS\ae1000w7.sys

20:17:37.0444 4696 AE1000 - ok

20:17:37.0475 4696 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

20:17:37.0553 4696 AeLookupSvc - ok

20:17:37.0600 4696 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

20:17:37.0631 4696 AFD - ok

20:17:37.0678 4696 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

20:17:37.0694 4696 agp440 - ok

20:17:37.0694 4696 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

20:17:37.0740 4696 ALG - ok

20:17:37.0772 4696 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

20:17:37.0787 4696 aliide - ok

20:17:38.0208 4696 AllShare (aaa1f9d4cf4c976c21bca8afa2bae6a4) C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe

20:17:38.0364 4696 AllShare ( UnsignedFile.Multi.Generic ) - warning

20:17:38.0364 4696 AllShare - detected UnsignedFile.Multi.Generic (1)

20:17:38.0458 4696 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

20:17:38.0458 4696 amdide - ok

20:17:38.0489 4696 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

20:17:38.0520 4696 AmdK8 - ok

20:17:38.0536 4696 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

20:17:38.0567 4696 AmdPPM - ok

20:17:38.0598 4696 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

20:17:38.0614 4696 amdsata - ok

20:17:38.0630 4696 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

20:17:38.0645 4696 amdsbs - ok

20:17:38.0645 4696 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

20:17:38.0661 4696 amdxata - ok

20:17:38.0708 4696 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

20:17:38.0848 4696 AppID - ok

20:17:38.0879 4696 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

20:17:38.0910 4696 AppIDSvc - ok

20:17:38.0957 4696 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

20:17:38.0988 4696 Appinfo - ok

20:17:39.0066 4696 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:17:39.0082 4696 Apple Mobile Device - ok

20:17:39.0098 4696 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

20:17:39.0113 4696 arc - ok

20:17:39.0129 4696 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

20:17:39.0144 4696 arcsas - ok

20:17:39.0144 4696 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

20:17:39.0191 4696 AsyncMac - ok

20:17:39.0222 4696 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

20:17:39.0238 4696 atapi - ok

20:17:39.0300 4696 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:17:39.0332 4696 AudioEndpointBuilder - ok

20:17:39.0347 4696 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:17:39.0378 4696 AudioSrv - ok

20:17:39.0410 4696 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

20:17:39.0472 4696 AxInstSV - ok

20:17:39.0488 4696 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

20:17:39.0534 4696 b06bdrv - ok

20:17:39.0566 4696 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

20:17:39.0597 4696 b57nd60a - ok

20:17:39.0628 4696 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

20:17:39.0659 4696 BDESVC - ok

20:17:39.0675 4696 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

20:17:39.0690 4696 Beep - ok

20:17:39.0768 4696 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

20:17:41.0734 4696 BFE - ok

20:17:42.0545 4696 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120711.002_b67\BHDrvx64.sys

20:17:42.0576 4696 BHDrvx64 - ok

20:17:42.0717 4696 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

20:17:42.0779 4696 BITS - ok

20:17:42.0826 4696 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

20:17:42.0842 4696 blbdrive - ok

20:17:42.0935 4696 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

20:17:42.0951 4696 Bonjour Service - ok

20:17:42.0982 4696 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

20:17:42.0998 4696 bowser - ok

20:17:43.0013 4696 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:17:43.0060 4696 BrFiltLo - ok

20:17:43.0076 4696 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:17:43.0091 4696 BrFiltUp - ok

20:17:43.0138 4696 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

20:17:43.0185 4696 BridgeMP - ok

20:17:43.0200 4696 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

20:17:43.0232 4696 Browser - ok

20:17:43.0263 4696 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

20:17:43.0294 4696 Brserid - ok

20:17:43.0310 4696 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

20:17:43.0341 4696 BrSerWdm - ok

20:17:43.0356 4696 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:17:43.0372 4696 BrUsbMdm - ok

20:17:43.0388 4696 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

20:17:43.0419 4696 BrUsbSer - ok

20:17:43.0419 4696 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

20:17:43.0450 4696 BTHMODEM - ok

20:17:43.0497 4696 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

20:17:43.0528 4696 bthserv - ok

20:17:43.0559 4696 catchme - ok

20:17:43.0700 4696 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys

20:17:43.0700 4696 ccSet_N360 - ok

20:17:43.0731 4696 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

20:17:43.0762 4696 cdfs - ok

20:17:43.0793 4696 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

20:17:43.0809 4696 cdrom - ok

20:17:43.0856 4696 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:17:43.0887 4696 CertPropSvc - ok

20:17:43.0902 4696 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

20:17:43.0918 4696 circlass - ok

20:17:43.0934 4696 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

20:17:43.0949 4696 CLFS - ok

20:17:43.0980 4696 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:17:43.0996 4696 clr_optimization_v2.0.50727_32 - ok

20:17:44.0043 4696 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:17:44.0043 4696 clr_optimization_v2.0.50727_64 - ok

20:17:44.0105 4696 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:17:44.0121 4696 clr_optimization_v4.0.30319_32 - ok

20:17:44.0152 4696 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:17:44.0168 4696 clr_optimization_v4.0.30319_64 - ok

20:17:44.0168 4696 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

20:17:44.0183 4696 CmBatt - ok

20:17:44.0214 4696 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

20:17:44.0230 4696 cmdide - ok

20:17:44.0261 4696 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

20:17:44.0292 4696 CNG - ok

20:17:44.0308 4696 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

20:17:44.0308 4696 Compbatt - ok

20:17:44.0370 4696 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

20:17:44.0402 4696 CompositeBus - ok

20:17:44.0433 4696 COMSysApp - ok

20:17:44.0448 4696 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

20:17:44.0448 4696 crcdisk - ok

20:17:44.0526 4696 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

20:17:44.0542 4696 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning

20:17:44.0542 4696 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)

20:17:44.0573 4696 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

20:17:44.0604 4696 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning

20:17:44.0604 4696 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)

20:17:44.0620 4696 Creative Media Toolbox 6 Licensing Service (d03466c36ef0e5c7694ff38b45271d9d) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe

20:17:44.0636 4696 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning

20:17:44.0636 4696 Creative Media Toolbox 6 Licensing Service - detected UnsignedFile.Multi.Generic (1)

20:17:44.0698 4696 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

20:17:44.0729 4696 CryptSvc - ok

20:17:44.0807 4696 CT20XUT (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\system32\drivers\CT20XUT.SYS

20:17:44.0823 4696 CT20XUT - ok

20:17:44.0823 4696 CT20XUT.SYS (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\System32\drivers\CT20XUT.SYS

20:17:44.0838 4696 CT20XUT.SYS - ok

20:17:44.0854 4696 ctac32k (397fbd4454e5b2fb77e55d1013df548c) C:\Windows\system32\drivers\ctac32k.sys

20:17:44.0885 4696 ctac32k - ok

20:17:44.0932 4696 ctaud2k (50a8cd4df066fe57d0c473a2645988cc) C:\Windows\system32\drivers\ctaud2k.sys

20:17:44.0948 4696 ctaud2k - ok

20:17:45.0010 4696 CTAudSvcService (5ce3d0e1d1b3832ee052cfc442eee0fa) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

20:17:45.0041 4696 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning

20:17:45.0041 4696 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)

20:17:45.0072 4696 CTEXFIFX (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\system32\drivers\CTEXFIFX.SYS

20:17:45.0104 4696 CTEXFIFX - ok

20:17:45.0244 4696 CTEXFIFX.SYS (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\System32\drivers\CTEXFIFX.SYS

20:17:45.0260 4696 CTEXFIFX.SYS - ok

20:17:45.0306 4696 CTHWIUT (ae78ca7ee865a28ac841211db655acf3) C:\Windows\system32\drivers\CTHWIUT.SYS

20:17:45.0306 4696 CTHWIUT - ok

20:17:45.0306 4696 CTHWIUT.SYS (ae78ca7ee865a28ac841211db655acf3) C:\Windows\System32\drivers\CTHWIUT.SYS

20:17:45.0322 4696 CTHWIUT.SYS - ok

20:17:45.0338 4696 ctprxy2k (757776e207ca5e71e4a16bd1260ae1f2) C:\Windows\system32\drivers\ctprxy2k.sys

20:17:45.0353 4696 ctprxy2k - ok

20:17:45.0416 4696 ctsfm2k (9b111ee2f488a8d9c21a13ed4c777795) C:\Windows\system32\drivers\ctsfm2k.sys

20:17:45.0431 4696 ctsfm2k - ok

20:17:45.0462 4696 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:17:45.0509 4696 DcomLaunch - ok

20:17:45.0540 4696 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

20:17:45.0587 4696 defragsvc - ok

20:17:45.0603 4696 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

20:17:45.0634 4696 DfsC - ok

20:17:45.0665 4696 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

20:17:45.0696 4696 Dhcp - ok

20:17:45.0728 4696 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

20:17:45.0759 4696 discache - ok

20:17:45.0774 4696 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

20:17:45.0790 4696 Disk - ok

20:17:45.0837 4696 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

20:17:45.0884 4696 Dnscache - ok

20:17:45.0915 4696 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe

20:17:45.0930 4696 DockLoginService ( UnsignedFile.Multi.Generic ) - warning

20:17:45.0930 4696 DockLoginService - detected UnsignedFile.Multi.Generic (1)

20:17:45.0962 4696 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

20:17:45.0993 4696 dot3svc - ok

20:17:46.0024 4696 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

20:17:46.0055 4696 DPS - ok

20:17:46.0086 4696 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

20:17:46.0118 4696 drmkaud - ok

20:17:46.0149 4696 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

20:17:46.0164 4696 DXGKrnl - ok

20:17:46.0196 4696 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

20:17:46.0211 4696 EapHost - ok

20:17:46.0398 4696 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

20:17:46.0476 4696 ebdrv - ok

20:17:46.0539 4696 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

20:17:46.0554 4696 eeCtrl - ok

20:17:46.0664 4696 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

20:17:46.0695 4696 EFS - ok

20:17:46.0773 4696 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

20:17:46.0820 4696 ehRecvr - ok

20:17:46.0820 4696 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

20:17:46.0851 4696 ehSched - ok

20:17:46.0866 4696 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

20:17:46.0882 4696 elxstor - ok

20:17:46.0913 4696 emupia (683dcaf0d4efc3f95a32e8924849202d) C:\Windows\system32\drivers\emupia2k.sys

20:17:46.0929 4696 emupia - ok

20:17:47.0069 4696 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

20:17:47.0100 4696 EPSON_EB_RPCV4_01 - ok

20:17:47.0132 4696 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

20:17:47.0147 4696 EPSON_PM_RPCV4_01 - ok

20:17:47.0256 4696 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

20:17:47.0272 4696 EraserUtilRebootDrv - ok

20:17:47.0288 4696 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

20:17:47.0319 4696 ErrDev - ok

20:17:47.0366 4696 esgiguard - ok

20:17:47.0397 4696 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

20:17:47.0444 4696 EventSystem - ok

20:17:47.0475 4696 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

20:17:47.0506 4696 exfat - ok

20:17:47.0522 4696 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

20:17:47.0537 4696 fastfat - ok

20:17:47.0584 4696 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

20:17:47.0615 4696 Fax - ok

20:17:47.0631 4696 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

20:17:47.0662 4696 fdc - ok

20:17:47.0709 4696 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

20:17:47.0756 4696 fdPHost - ok

20:17:47.0771 4696 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

20:17:47.0818 4696 FDResPub - ok

20:17:47.0834 4696 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

20:17:47.0849 4696 FileInfo - ok

20:17:47.0865 4696 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

20:17:47.0912 4696 Filetrace - ok

20:17:47.0927 4696 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

20:17:47.0927 4696 flpydisk - ok

20:17:47.0974 4696 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

20:17:47.0990 4696 FltMgr - ok

20:17:48.0021 4696 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

20:17:48.0083 4696 FontCache - ok

20:17:48.0161 4696 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:17:48.0177 4696 FontCache3.0.0.0 - ok

20:17:48.0208 4696 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

20:17:48.0208 4696 FsDepends - ok

20:17:48.0239 4696 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

20:17:48.0239 4696 Fs_Rec - ok

20:17:48.0270 4696 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

20:17:48.0286 4696 fvevol - ok

20:17:48.0302 4696 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

20:17:48.0317 4696 gagp30kx - ok

20:17:48.0348 4696 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:17:48.0348 4696 GEARAspiWDM - ok

20:17:48.0395 4696 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

20:17:48.0411 4696 GoToAssist - ok

20:17:48.0442 4696 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

20:17:48.0489 4696 gpsvc - ok

20:17:48.0551 4696 ha20x22k (076f366b87575adc7d152c7a34acb3dc) C:\Windows\system32\drivers\ha20x22k.sys

20:17:48.0567 4696 ha20x22k - ok

20:17:48.0848 4696 ha20x2k (4a7533eb52dc9d1847e7f78dee1ce322) C:\Windows\system32\drivers\ha20x2k.sys

20:17:48.0910 4696 ha20x2k - ok

20:17:48.0941 4696 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

20:17:48.0988 4696 hcw85cir - ok

20:17:49.0035 4696 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

20:17:49.0050 4696 HdAudAddService - ok

20:17:49.0066 4696 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

20:17:49.0097 4696 HDAudBus - ok

20:17:49.0128 4696 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

20:17:49.0128 4696 HidBatt - ok

20:17:49.0144 4696 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

20:17:49.0175 4696 HidBth - ok

20:17:49.0191 4696 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

20:17:49.0206 4696 HidIr - ok

20:17:49.0222 4696 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

20:17:49.0253 4696 hidserv - ok

20:17:49.0284 4696 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

20:17:49.0300 4696 HidUsb - ok

20:17:49.0316 4696 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

20:17:49.0347 4696 hkmsvc - ok

20:17:49.0394 4696 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

20:17:49.0440 4696 HomeGroupListener - ok

20:17:49.0456 4696 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

20:17:49.0487 4696 HomeGroupProvider - ok

20:17:49.0503 4696 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

20:17:49.0503 4696 HpSAMD - ok

20:17:49.0581 4696 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

20:17:49.0628 4696 HTTP - ok

20:17:49.0643 4696 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

20:17:49.0659 4696 hwpolicy - ok

20:17:49.0659 4696 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

20:17:49.0674 4696 i8042prt - ok

20:17:49.0706 4696 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys

20:17:49.0721 4696 iaStor - ok

20:17:49.0752 4696 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

20:17:49.0768 4696 iaStorV - ok

20:17:49.0862 4696 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:17:49.0893 4696 idsvc - ok

20:17:50.0049 4696 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120719.002\IDSvia64.sys

20:17:50.0049 4696 IDSVia64 - ok

20:17:50.0142 4696 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

20:17:50.0158 4696 iirsp - ok

20:17:50.0236 4696 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

20:17:50.0298 4696 IKEEXT - ok

20:17:50.0314 4696 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

20:17:50.0330 4696 intelide - ok

20:17:50.0345 4696 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

20:17:50.0376 4696 intelppm - ok

20:17:50.0408 4696 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

20:17:50.0439 4696 IPBusEnum - ok

20:17:50.0454 4696 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:17:50.0486 4696 IpFilterDriver - ok

20:17:50.0564 4696 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

20:17:50.0595 4696 iphlpsvc - ok

20:17:50.0626 4696 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

20:17:50.0657 4696 IPMIDRV - ok

20:17:50.0673 4696 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

20:17:50.0704 4696 IPNAT - ok

20:17:50.0813 4696 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

20:17:50.0844 4696 iPod Service - ok

20:17:50.0860 4696 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

20:17:50.0922 4696 IRENUM - ok

20:17:50.0938 4696 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

20:17:50.0954 4696 isapnp - ok

20:17:50.0969 4696 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

20:17:50.0969 4696 iScsiPrt - ok

20:17:51.0016 4696 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys

20:17:51.0032 4696 k57nd60a - ok

20:17:51.0047 4696 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

20:17:51.0063 4696 kbdclass - ok

20:17:51.0063 4696 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

20:17:51.0094 4696 kbdhid - ok

20:17:51.0125 4696 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:17:51.0141 4696 KeyIso - ok

20:17:51.0172 4696 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

20:17:51.0172 4696 KSecDD - ok

20:17:51.0188 4696 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

20:17:51.0203 4696 KSecPkg - ok

20:17:51.0203 4696 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

20:17:51.0250 4696 ksthunk - ok

20:17:51.0266 4696 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

20:17:51.0312 4696 KtmRm - ok

20:17:51.0344 4696 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

20:17:51.0375 4696 LanmanServer - ok

20:17:51.0437 4696 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

20:17:51.0468 4696 LanmanWorkstation - ok

20:17:51.0500 4696 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

20:17:51.0531 4696 lltdio - ok

20:17:51.0562 4696 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

20:17:51.0593 4696 lltdsvc - ok

20:17:51.0593 4696 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

20:17:51.0624 4696 lmhosts - ok

20:17:51.0734 4696 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

20:17:51.0734 4696 LSI_FC - ok

20:17:51.0765 4696 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

20:17:51.0765 4696 LSI_SAS - ok

20:17:51.0780 4696 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:17:51.0796 4696 LSI_SAS2 - ok

20:17:51.0812 4696 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:17:51.0812 4696 LSI_SCSI - ok

20:17:51.0827 4696 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

20:17:51.0858 4696 luafv - ok

20:17:51.0890 4696 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

20:17:51.0921 4696 Mcx2Svc - ok

20:17:51.0936 4696 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

20:17:51.0952 4696 megasas - ok

20:17:51.0983 4696 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

20:17:51.0999 4696 MegaSR - ok

20:17:52.0014 4696 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:17:52.0046 4696 MMCSS - ok

20:17:52.0061 4696 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

20:17:52.0092 4696 Modem - ok

20:17:52.0124 4696 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

20:17:52.0139 4696 monitor - ok

20:17:52.0170 4696 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

20:17:52.0186 4696 mouclass - ok

20:17:52.0186 4696 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

20:17:52.0217 4696 mouhid - ok

20:17:52.0248 4696 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

20:17:52.0264 4696 mountmgr - ok

20:17:52.0311 4696 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

20:17:52.0326 4696 mpio - ok

20:17:52.0358 4696 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

20:17:52.0373 4696 mpsdrv - ok

20:17:52.0654 4696 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

20:17:52.0701 4696 MpsSvc - ok

20:17:52.0732 4696 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

20:17:52.0748 4696 MRxDAV - ok

20:17:52.0779 4696 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:17:52.0826 4696 mrxsmb - ok

20:17:52.0857 4696 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:17:52.0888 4696 mrxsmb10 - ok

20:17:52.0904 4696 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:17:52.0919 4696 mrxsmb20 - ok

20:17:52.0935 4696 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

20:17:52.0950 4696 msahci - ok

20:17:52.0982 4696 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

20:17:52.0997 4696 msdsm - ok

20:17:53.0028 4696 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

20:17:53.0060 4696 MSDTC - ok

20:17:53.0091 4696 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

20:17:53.0122 4696 Msfs - ok

20:17:53.0138 4696 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

20:17:53.0169 4696 mshidkmdf - ok

20:17:53.0200 4696 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

20:17:53.0216 4696 msisadrv - ok

20:17:53.0231 4696 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

20:17:53.0262 4696 MSiSCSI - ok

20:17:53.0262 4696 msiserver - ok

20:17:53.0309 4696 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

20:17:53.0340 4696 MSKSSRV - ok

20:17:53.0356 4696 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

20:17:53.0403 4696 MSPCLOCK - ok

20:17:53.0418 4696 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

20:17:53.0450 4696 MSPQM - ok

20:17:53.0481 4696 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

20:17:53.0496 4696 MsRPC - ok

20:17:53.0528 4696 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

20:17:53.0528 4696 mssmbios - ok

20:17:53.0543 4696 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

20:17:53.0574 4696 MSTEE - ok

20:17:53.0590 4696 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

20:17:53.0606 4696 MTConfig - ok

20:17:53.0621 4696 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

20:17:53.0621 4696 Mup - ok

20:17:53.0793 4696 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe

20:17:53.0793 4696 N360 - ok

20:17:53.0840 4696 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

20:17:53.0886 4696 napagent - ok

20:17:53.0933 4696 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

20:17:53.0964 4696 NativeWifiP - ok

20:17:54.0120 4696 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120719.006\ENG64.SYS

20:17:54.0136 4696 NAVENG - ok

20:17:54.0245 4696 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120719.006\EX64.SYS

20:17:54.0292 4696 NAVEX15 - ok

20:17:54.0401 4696 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

20:17:54.0417 4696 NDIS - ok

20:17:54.0432 4696 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

20:17:54.0464 4696 NdisCap - ok

20:17:54.0479 4696 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

20:17:54.0510 4696 NdisTapi - ok

20:17:54.0542 4696 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

20:17:54.0573 4696 Ndisuio - ok

20:17:54.0620 4696 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

20:17:54.0666 4696 NdisWan - ok

20:17:54.0682 4696 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

20:17:54.0713 4696 NDProxy - ok

20:17:54.0713 4696 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

20:17:54.0744 4696 NetBIOS - ok

20:17:54.0776 4696 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

20:17:54.0807 4696 NetBT - ok

20:17:54.0838 4696 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:17:54.0838 4696 Netlogon - ok

20:17:54.0869 4696 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

20:17:54.0900 4696 Netman - ok

20:17:54.0932 4696 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

20:17:54.0963 4696 netprofm - ok

20:17:55.0010 4696 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:17:55.0025 4696 NetTcpPortSharing - ok

20:17:55.0041 4696 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

20:17:55.0041 4696 nfrd960 - ok

20:17:55.0088 4696 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

20:17:55.0119 4696 NlaSvc - ok

20:17:55.0150 4696 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

20:17:55.0166 4696 Npfs - ok

20:17:55.0181 4696 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

20:17:55.0197 4696 nsi - ok

20:17:55.0212 4696 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

20:17:55.0244 4696 nsiproxy - ok

20:17:55.0306 4696 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

20:17:55.0353 4696 Ntfs - ok

20:17:55.0400 4696 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

20:17:55.0446 4696 Null - ok

20:17:55.0462 4696 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys

20:17:55.0462 4696 NVHDA - ok

20:17:56.0772 4696 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:17:56.0897 4696 nvlddmkm - ok

20:17:57.0381 4696 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

20:17:57.0396 4696 nvraid - ok

20:17:57.0428 4696 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

20:17:57.0443 4696 nvstor - ok

20:17:57.0521 4696 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe

20:17:57.0568 4696 nvsvc - ok

20:17:58.0395 4696 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

20:17:58.0535 4696 nvUpdatusService - ok

20:17:58.0644 4696 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

20:17:58.0660 4696 nv_agp - ok

20:17:58.0691 4696 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

20:17:58.0754 4696 ohci1394 - ok

20:17:58.0972 4696 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:17:59.0003 4696 ose - ok

20:17:59.0050 4696 ossrv (a29a80a1cf63d0dc27eefcaf27d34664) C:\Windows\system32\drivers\ctoss2k.sys

20:17:59.0066 4696 ossrv - ok

20:17:59.0097 4696 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:17:59.0144 4696 p2pimsvc - ok

20:17:59.0159 4696 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

20:17:59.0190 4696 p2psvc - ok

20:17:59.0222 4696 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

20:17:59.0253 4696 Parport - ok

20:17:59.0268 4696 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

20:17:59.0284 4696 partmgr - ok

20:17:59.0284 4696 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

20:17:59.0315 4696 PcaSvc - ok

20:17:59.0346 4696 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

20:17:59.0362 4696 pci - ok

20:17:59.0362 4696 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

20:17:59.0378 4696 pciide - ok

20:17:59.0393 4696 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

20:17:59.0409 4696 pcmcia - ok

20:17:59.0424 4696 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

20:17:59.0440 4696 pcw - ok

20:17:59.0456 4696 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

20:17:59.0518 4696 PEAUTH - ok

20:17:59.0580 4696 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

20:17:59.0627 4696 PerfHost - ok

20:18:00.0173 4696 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

20:18:00.0251 4696 pla - ok

20:18:00.0298 4696 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

20:18:00.0345 4696 PlugPlay - ok

20:18:00.0423 4696 PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

20:18:00.0470 4696 PMBDeviceInfoProvider - ok

20:18:00.0516 4696 pmxdrv (34bfc6ed31b4e8be940c884b8ac7d9df) C:\Windows\system32\drivers\pmxdrv.sys

20:18:00.0532 4696 pmxdrv - ok

20:18:00.0563 4696 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

20:18:00.0579 4696 PNRPAutoReg - ok

20:18:00.0594 4696 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:18:00.0610 4696 PNRPsvc - ok

20:18:00.0672 4696 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

20:18:00.0750 4696 PolicyAgent - ok

20:18:00.0797 4696 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

20:18:00.0844 4696 Power - ok

20:18:00.0891 4696 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

20:18:00.0938 4696 PptpMiniport - ok

20:18:00.0969 4696 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

20:18:00.0984 4696 Processor - ok

20:18:01.0016 4696 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

20:18:01.0062 4696 ProfSvc - ok

20:18:01.0078 4696 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:18:01.0094 4696 ProtectedStorage - ok

20:18:01.0140 4696 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

20:18:01.0187 4696 Psched - ok

20:18:01.0203 4696 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

20:18:01.0203 4696 PxHlpa64 - ok

20:18:01.0577 4696 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

20:18:01.0640 4696 ql2300 - ok

20:18:02.0076 4696 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

20:18:02.0092 4696 ql40xx - ok

20:18:02.0139 4696 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

20:18:02.0170 4696 QWAVE - ok

20:18:02.0170 4696 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

20:18:02.0201 4696 QWAVEdrv - ok

20:18:02.0217 4696 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

20:18:02.0279 4696 RasAcd - ok

20:18:02.0310 4696 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:18:02.0326 4696 RasAgileVpn - ok

20:18:02.0342 4696 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

20:18:02.0404 4696 RasAuto - ok

20:18:02.0622 4696 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:18:02.0669 4696 Rasl2tp - ok

20:18:02.0732 4696 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

20:18:02.0778 4696 RasMan - ok

20:18:02.0794 4696 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

20:18:02.0825 4696 RasPppoe - ok

20:18:02.0825 4696 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

20:18:02.0872 4696 RasSstp - ok

20:18:02.0919 4696 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

20:18:02.0950 4696 rdbss - ok

20:18:02.0966 4696 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

20:18:02.0981 4696 rdpbus - ok

20:18:02.0997 4696 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:18:03.0028 4696 RDPCDD - ok

20:18:03.0028 4696 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

20:18:03.0059 4696 RDPENCDD - ok

20:18:03.0075 4696 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

20:18:03.0090 4696 RDPREFMP - ok

20:18:03.0122 4696 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

20:18:03.0137 4696 RDPWD - ok

20:18:03.0168 4696 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

20:18:03.0184 4696 rdyboost - ok

20:18:03.0200 4696 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

20:18:03.0246 4696 RemoteAccess - ok

20:18:03.0278 4696 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

20:18:03.0309 4696 RemoteRegistry - ok

20:18:03.0746 4696 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

20:18:03.0808 4696 RoxMediaDB10 - ok

20:18:03.0824 4696 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

20:18:03.0855 4696 RpcEptMapper - ok

20:18:03.0886 4696 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

20:18:03.0933 4696 RpcLocator - ok

20:18:03.0995 4696 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:18:04.0042 4696 RpcSs - ok

20:18:04.0073 4696 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

20:18:04.0120 4696 rspndr - ok

20:18:04.0120 4696 RxFilter - ok

20:18:04.0151 4696 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:18:04.0151 4696 SamSs - ok

20:18:04.0260 4696 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

20:18:04.0276 4696 sbp2port - ok

20:18:04.0385 4696 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

20:18:04.0448 4696 SBSDWSCService - ok

20:18:04.0479 4696 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

20:18:04.0526 4696 SCardSvr - ok

20:18:04.0635 4696 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

20:18:04.0682 4696 scfilter - ok

20:18:04.0744 4696 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

20:18:04.0838 4696 Schedule - ok

20:18:04.0869 4696 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:18:04.0884 4696 SCPolicySvc - ok

20:18:05.0025 4696 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

20:18:05.0150 4696 SDRSVC - ok

20:18:05.0181 4696 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:18:05.0228 4696 secdrv - ok

20:18:05.0259 4696 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

20:18:05.0290 4696 seclogon - ok

20:18:05.0337 4696 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

20:18:05.0384 4696 SENS - ok

20:18:05.0399 4696 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

20:18:05.0415 4696 SensrSvc - ok

20:18:05.0430 4696 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

20:18:05.0446 4696 Serenum - ok

20:18:05.0477 4696 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

20:18:05.0477 4696 Serial - ok

20:18:05.0508 4696 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

20:18:05.0540 4696 sermouse - ok

20:18:05.0664 4696 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

20:18:05.0711 4696 SessionEnv - ok

20:18:05.0727 4696 SessionLauncher - ok

20:18:05.0774 4696 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

20:18:05.0805 4696 sffdisk - ok

20:18:05.0820 4696 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

20:18:05.0852 4696 sffp_mmc - ok

20:18:05.0867 4696 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

20:18:05.0898 4696 sffp_sd - ok

20:18:05.0914 4696 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

20:18:05.0945 4696 sfloppy - ok

20:18:06.0273 4696 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

20:18:06.0320 4696 SharedAccess - ok

20:18:06.0632 4696 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

20:18:06.0694 4696 ShellHWDetection - ok

20:18:06.0710 4696 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:18:06.0725 4696 SiSRaid2 - ok

20:18:06.0756 4696 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

20:18:06.0772 4696 SiSRaid4 - ok

20:18:06.0788 4696 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

20:18:06.0819 4696 Smb - ok

20:18:06.0881 4696 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

20:18:06.0912 4696 SNMPTRAP - ok

20:18:06.0928 4696 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

20:18:06.0944 4696 spldr - ok

20:18:07.0022 4696 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

20:18:07.0068 4696 Spooler - ok

20:18:07.0458 4696 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

20:18:07.0614 4696 sppsvc - ok

20:18:07.0911 4696 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

20:18:07.0958 4696 sppuinotify - ok

20:18:08.0082 4696 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS

20:18:08.0098 4696 SRTSP - ok

20:18:08.0129 4696 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS

20:18:08.0145 4696 SRTSPX - ok

20:18:08.0176 4696 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

20:18:08.0223 4696 srv - ok

20:18:08.0285 4696 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

20:18:08.0316 4696 srv2 - ok

20:18:08.0348 4696 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

20:18:08.0379 4696 srvnet - ok

20:18:08.0441 4696 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

20:18:08.0488 4696 SSDPSRV - ok

20:18:08.0519 4696 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

20:18:08.0550 4696 SstpSvc - ok

20:18:08.0691 4696 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

20:18:08.0706 4696 Stereo Service - ok

20:18:08.0738 4696 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

20:18:08.0753 4696 stexstor - ok

20:18:08.0816 4696 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

20:18:08.0847 4696 stisvc - ok

20:18:08.0925 4696 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

20:18:08.0940 4696 stllssvr - ok

20:18:08.0972 4696 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

20:18:09.0003 4696 swenum - ok

20:18:09.0081 4696 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

20:18:09.0128 4696 swprv - ok

20:18:09.0486 4696 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS

20:18:09.0533 4696 SymDS - ok

20:18:09.0611 4696 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS

20:18:09.0658 4696 SymEFA - ok

20:18:09.0689 4696 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

20:18:09.0705 4696 SymEvent - ok

20:18:09.0752 4696 SymIM (b681d1b0f9596684225dcc9b94c6bacf) C:\Windows\system32\DRIVERS\SymIMv.sys

20:18:09.0767 4696 SymIM - ok

20:18:09.0830 4696 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS

20:18:09.0861 4696 SymIRON - ok

20:18:09.0876 4696 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS

20:18:09.0876 4696 SymNetS - ok

20:18:10.0376 4696 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

20:18:10.0485 4696 SysMain - ok

20:18:10.0703 4696 t3 (6b153e518dbe6ef59191152e1ecf7ed4) C:\Windows\system32\drivers\t3.sys

20:18:10.0734 4696 t3 - ok

20:18:10.0781 4696 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

20:18:10.0797 4696 TabletInputService - ok

20:18:10.0890 4696 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

20:18:10.0937 4696 TapiSrv - ok

20:18:10.0953 4696 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

20:18:10.0984 4696 TBS - ok

20:18:11.0062 4696 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

20:18:11.0140 4696 Tcpip - ok

20:18:11.0312 4696 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

20:18:11.0343 4696 TCPIP6 - ok

20:18:11.0592 4696 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

20:18:11.0624 4696 tcpipreg - ok

20:18:11.0670 4696 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

20:18:11.0717 4696 TDPIPE - ok

20:18:11.0748 4696 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

20:18:11.0780 4696 TDTCP - ok

20:18:11.0811 4696 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

20:18:11.0842 4696 tdx - ok

20:18:11.0920 4696 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

20:18:11.0951 4696 TermDD - ok

20:18:12.0029 4696 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

20:18:12.0123 4696 TermService - ok

20:18:12.0154 4696 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

20:18:12.0170 4696 Themes - ok

20:18:12.0201 4696 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:18:12.0217 4696 THREADORDER - ok

20:18:12.0248 4696 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

20:18:12.0279 4696 TrkWks - ok

20:18:12.0341 4696 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

20:18:12.0373 4696 TrustedInstaller - ok

20:18:12.0388 4696 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:18:12.0451 4696 tssecsrv - ok

20:18:12.0497 4696 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

20:18:12.0544 4696 TsUsbFlt - ok

20:18:12.0591 4696 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

20:18:12.0638 4696 tunnel - ok

20:18:12.0685 4696 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

20:18:12.0685 4696 uagp35 - ok

20:18:12.0700 4696 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

20:18:12.0747 4696 udfs - ok

20:18:12.0841 4696 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

20:18:12.0872 4696 UI0Detect - ok

20:18:12.0919 4696 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

20:18:12.0919 4696 uliagpkx - ok

20:18:12.0950 4696 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

20:18:12.0981 4696 umbus - ok

20:18:13.0012 4696 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

20:18:13.0028 4696 UmPass - ok

20:18:13.0075 4696 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

20:18:13.0168 4696 upnphost - ok

20:18:13.0199 4696 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

20:18:13.0215 4696 USBAAPL64 - ok

20:18:13.0231 4696 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

20:18:13.0246 4696 usbccgp - ok

20:18:13.0262 4696 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

20:18:13.0277 4696 usbcir - ok

20:18:13.0293 4696 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

20:18:13.0324 4696 usbehci - ok

20:18:13.0340 4696 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

20:18:13.0387 4696 usbhub - ok

20:18:13.0418 4696 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

20:18:13.0449 4696 usbohci - ok

20:18:13.0480 4696 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

20:18:13.0511 4696 usbprint - ok

20:18:13.0543 4696 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

20:18:13.0574 4696 usbscan - ok

20:18:13.0589 4696 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:18:13.0605 4696 USBSTOR - ok

20:18:13.0621 4696 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

20:18:13.0652 4696 usbuhci - ok

20:18:13.0667 4696 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

20:18:13.0745 4696 UxSms - ok

20:18:13.0777 4696 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:18:13.0792 4696 VaultSvc - ok

20:18:13.0808 4696 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

20:18:13.0823 4696 vdrvroot - ok

20:18:14.0276 4696 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

20:18:14.0354 4696 vds - ok

20:18:14.0401 4696 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

20:18:14.0432 4696 vga - ok

20:18:14.0447 4696 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

20:18:14.0494 4696 VgaSave - ok

20:18:14.0525 4696 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

20:18:14.0541 4696 vhdmp - ok

20:18:14.0557 4696 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

20:18:14.0572 4696 viaide - ok

20:18:14.0603 4696 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

20:18:14.0619 4696 volmgr - ok

20:18:14.0650 4696 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

20:18:14.0681 4696 volmgrx - ok

20:18:14.0697 4696 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

20:18:14.0713 4696 volsnap - ok

20:18:14.0728 4696 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

20:18:14.0744 4696 vsmraid - ok

20:18:14.0962 4696 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

20:18:15.0025 4696 VSS - ok

20:18:15.0087 4696 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

20:18:15.0134 4696 vwifibus - ok

20:18:15.0149 4696 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

20:18:15.0181 4696 vwififlt - ok

20:18:15.0212 4696 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

20:18:15.0259 4696 W32Time - ok

20:18:15.0274 4696 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

20:18:15.0305 4696 WacomPen - ok

20:18:15.0337 4696 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:18:15.0399 4696 WANARP - ok

20:18:15.0399 4696 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:18:15.0430 4696 Wanarpv6 - ok

20:18:15.0508 4696 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

20:18:15.0539 4696 WatAdminSvc - ok

20:18:15.0633 4696 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

20:18:15.0758 4696 wbengine - ok

20:18:15.0820 4696 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

20:18:15.0851 4696 WbioSrvc - ok

20:18:15.0883 4696 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

20:18:15.0929 4696 wcncsvc - ok

20:18:15.0945 4696 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

20:18:15.0992 4696 WcsPlugInService - ok

20:18:16.0023 4696 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

20:18:16.0039 4696 Wd - ok

20:18:16.0085 4696 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

20:18:16.0117 4696 Wdf01000 - ok

20:18:16.0117 4696 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:18:16.0210 4696 WdiServiceHost - ok

20:18:16.0210 4696 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:18:16.0226 4696 WdiSystemHost - ok

20:18:16.0257 4696 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

20:18:16.0288 4696 WebClient - ok

20:18:16.0319 4696 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

20:18:16.0382 4696 Wecsvc - ok

20:18:16.0585 4696 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

20:18:16.0647 4696 wercplsupport - ok

20:18:16.0678 4696 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

20:18:16.0709 4696 WerSvc - ok

20:18:16.0850 4696 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

20:18:16.0975 4696 WfpLwf - ok

20:18:17.0021 4696 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

20:18:17.0053 4696 WIMMount - ok

20:18:17.0099 4696 WinDefend - ok

20:18:17.0099 4696 WinHttpAutoProxySvc - ok

20:18:17.0193 4696 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

20:18:17.0255 4696 Winmgmt - ok

20:18:17.0443 4696 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

20:18:17.0536 4696 WinRM - ok

20:18:17.0661 4696 winusb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUSB.SYS

20:18:17.0692 4696 winusb - ok

20:18:17.0770 4696 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

20:18:17.0833 4696 Wlansvc - ok

20:18:18.0051 4696 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:18:18.0129 4696 wlidsvc - ok

20:18:18.0176 4696 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

20:18:18.0207 4696 WmiAcpi - ok

20:18:18.0254 4696 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

20:18:18.0301 4696 wmiApSrv - ok

20:18:18.0332 4696 WMPNetworkSvc - ok

20:18:18.0363 4696 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

20:18:18.0394 4696 WPCSvc - ok

20:18:18.0550 4696 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

20:18:18.0581 4696 WPDBusEnum - ok

20:18:18.0659 4696 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

20:18:18.0691 4696 ws2ifsl - ok

20:18:18.0784 4696 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

20:18:18.0862 4696 wscsvc - ok

20:18:18.0862 4696 WSearch - ok

20:18:19.0346 4696 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

20:18:19.0455 4696 wuauserv - ok

20:18:19.0580 4696 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

20:18:19.0611 4696 WudfPf - ok

20:18:19.0627 4696 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:18:19.0689 4696 WUDFRd - ok

20:18:19.0705 4696 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

20:18:19.0736 4696 wudfsvc - ok

20:18:19.0783 4696 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

20:18:19.0829 4696 WwanSvc - ok

20:18:19.0861 4696 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

20:18:20.0563 4696 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

20:18:20.0563 4696 \Device\Harddisk0\DR0 - detected TDSS File System (1)

20:18:20.0563 4696 Boot (0x1200) (91a146e2141a431dc058c951b9566fe4) \Device\Harddisk0\DR0\Partition0

20:18:20.0563 4696 \Device\Harddisk0\DR0\Partition0 - ok

20:18:20.0578 4696 Boot (0x1200) (defa2fd7b67cd1f67d890693ca171c03) \Device\Harddisk0\DR0\Partition1

20:18:20.0578 4696 \Device\Harddisk0\DR0\Partition1 - ok

20:18:20.0578 4696 ============================================================

20:18:20.0578 4696 Scan finished

20:18:20.0578 4696 ============================================================

20:18:20.0578 4688 Detected object count: 7

20:18:20.0578 4688 Actual detected object count: 7

20:18:46.0443 4688 AllShare ( UnsignedFile.Multi.Generic ) - skipped by user

20:18:46.0443 4688 AllShare ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:18:46.0443 4688 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

20:18:46.0443 4688 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:18:46.0443 4688 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

20:18:46.0443 4688 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:18:46.0443 4688 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

20:18:46.0443 4688 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:18:46.0443 4688 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user

20:18:46.0443 4688 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:18:46.0443 4688 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user

20:18:46.0443 4688 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:18:46.0459 4688 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

20:18:46.0459 4688 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Roguekiller report:

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Madcow [Admin rights]

Mode: Scan -- Date: 07/19/2012 20:24:01

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 9 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FOLDER] L : c:\windows\installer\{ff4859cf-1c19-fd8d-d51a-f9569c59ac17}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3750528AS ATA Device +++++

--- User ---

[MBR] 64e60d239ad0fee9e46cf64bc69fc655

[bSP] 7599e6e61e4129e184d4051f55323357 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 700363 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

My boyfriend ran a scan today on spybot and he said smitfraud still shows up. I truly appreciate you help on this, and happy to make a donation if this is resolved. It will have saved me $200.

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted
My boyfriend ran a scan today on spybot and he said smitfraud still shows up. I truly appreciate you help on this, and happy to make a donation if this is resolved. It will have saved me $200.

We didn't fix anything yet!!! We just ran some scans to check for "what you're infected with".

--------------------------------------

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites
sloanie81

sloanie81

Posted
  • Author
Posted

Quick question:

This is my boyfriend's computer. I just spoke to him and he said he has none of his files (pictures, videos, itunes mp3s) backed up. Will these be inevitably infected as well, or could he first save all the files he would like to keep onto a disc or flash drive to save them and recopy them to the computer after reformatting and reinstalling the OS? He also has scripts downloaded that are associated with a program he runs.

I (or he) will unfortunately not be able to do the cleanup you suggested until tomorrow, as I do not have access to a flash drive at the moment. Hopefully you will be able to help him more on this forum tomorrow. He'll probably post as me. (His name is Greg). I'm in the doghouse for this one!!

-Jennifer

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted
This is my boyfriend's computer. I just spoke to him and he said he has none of his files (pictures, videos, itunes mp3s) backed up. Will these be inevitably infected as well, or could he first save all the files he would like to keep onto a disc or flash drive to save them and recopy them to the computer after reformatting and reinstalling the OS? He also has scripts downloaded that are associated with a program he runs.

No they should be OK and Yes you can back them up on what ever you want.

We'll be able to clean the computer, we're just obligated to warn you about the backdoor trojan.

MrC

Link to post
Share on other sites
sloanie81

sloanie81

Posted
  • Author
Posted

Ok, I ran what you said to and here are the logs.

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012

Ran by SYSTEM at 20-07-2012 18:48:30

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)

HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()

HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)

HKLM-x32\...\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [665424 2008-12-04] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)

HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [237693 2009-02-03] (Creative Technology Ltd)

HKLM-x32\...\Run: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry [x]

HKLM-x32\...\Run: [AutoTask] "C:\Program Files (x86)\AutoTask\AutoTask.exe" /STARTUP [335872 2009-06-22] (Dura Micro, Inc)

HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]

HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [599328 2010-03-24] (Sony Corporation)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)

HKU\Mcx1-MADCOW-PC\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\SGETask.lnk

ShortcutTarget: SGETask.lnk -> C:\Program Files\SIMU\SGE\SGETask.Exe (Simutronics Corporation)

Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Mcx1-MADCOW-PC\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\UpdatusUser\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

3 AllShare; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [6638080 2010-07-16] ()

3 Creative Media Toolbox 6 Licensing Service; "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe" [79360 2010-02-14] (Creative Labs)

2 N360; "C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)

2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2009-04-30] (MicroVision Development, Inc.)

2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

========================== Drivers (Whitelisted) =============

3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-02-12] (Ralink Technology Corp.)

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120711.002_b67\BHDrvx64.sys [1161376 2012-07-10] (Symantec Corporation)

1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [167048 2011-11-29] (Symantec Corporation)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-06-04] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-06-12] (Symantec Corporation)

3 ha20x22k; C:\Windows\System32\Drivers\ha20x22k.sys [1612888 2010-07-07] (Creative Technology Ltd)

1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120719.002\IDSvia64.sys [509088 2012-07-17] (Symantec Corporation)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120720.002\ENG64.SYS [120440 2012-07-19] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120720.002\EX64.SYS [2068600 2012-07-19] (Symantec Corporation)

3 pmxdrv; C:\Windows\System32\Drivers\pmxdrv.sys [38536 2010-02-17] ()

1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)

3 SRTSP; C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS [737912 2012-03-28] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS [37496 2012-03-28] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\N360x64\0602010.005\SYMDS64.SYS [451192 2012-03-28] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\N360x64\0602010.005\SYMEFA64.SYS [1092728 2012-03-28] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-05-05] (Symantec Corporation)

1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43640 2012-03-28] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [190072 2012-03-28] (Symantec Corporation)

1 SymNetS; C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [405624 2012-03-28] (Symantec Corporation)

3 catchme; \??\C:\ComboFix\catchme.sys [x]

3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-19 23:04 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-19 23:01 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-19 23:01 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-19 23:01 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-19 23:01 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-19 23:01 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-19 23:01 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-19 23:01 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-19 23:01 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-19 23:01 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-19 23:01 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-19 23:01 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-19 23:01 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-19 23:01 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-19 23:01 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-19 23:01 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-19 23:01 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-19 23:01 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-19 23:01 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-19 23:01 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-19 23:01 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-19 23:01 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-19 23:01 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-07-19 23:01 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-07-19 23:01 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-19 23:01 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-19 23:01 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-07-19 23:01 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-19 23:01 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-07-19 16:24 - 2012-07-19 16:24 - 00001943 ____A C:\Users\Madcow\Desktop\RKreport[1].txt

2012-07-19 16:23 - 2012-07-19 16:23 - 01552384 ____A C:\Users\Madcow\Desktop\RogueKiller.exe

2012-07-19 16:22 - 2012-07-19 16:24 - 00000000 ____D C:\Users\Madcow\Desktop\RK_Quarantine

2012-07-19 15:34 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-07-19 15:34 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-07-19 15:34 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-07-19 15:34 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-07-19 15:34 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-07-19 15:34 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-07-18 16:45 - 2012-07-18 16:45 - 00020518 ____A C:\ComboFix.txt

2012-07-18 16:32 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-07-18 16:32 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-07-18 16:32 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-07-18 16:32 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-07-18 16:32 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-07-18 16:32 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-07-18 16:32 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-07-18 16:32 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-07-18 16:29 - 2012-07-18 16:45 - 00000000 ____D C:\Qoobox

2012-07-18 16:29 - 2012-07-18 16:44 - 00000000 ____D C:\Windows\erdnt

2012-07-18 16:16 - 2012-07-18 16:16 - 04582182 ____R (Swearware) C:\Users\Madcow\Desktop\ComboFix.exe

2012-07-18 16:14 - 2012-07-18 17:15 - 00000000 ____D C:\Users\All Users\Yahoo!

2012-07-18 16:14 - 2012-07-18 17:15 - 00000000 ____D C:\Program Files (x86)\Yahoo!

2012-07-18 16:14 - 2012-07-18 16:14 - 00000000 ____D C:\Program Files (x86)\Freeze.com

2012-07-18 16:14 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-18 16:14 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-18 16:14 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-18 16:13 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-18 16:13 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-18 16:13 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-18 16:13 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-18 16:13 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-07-18 16:13 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-18 16:13 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-18 16:13 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-18 16:13 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-18 16:13 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-18 16:13 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-18 16:13 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-18 16:13 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-18 16:13 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-07-18 16:13 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-18 16:13 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2012-07-18 16:12 - 2012-07-18 16:12 - 01552064 ____A (W3i, LLC) C:\Users\Madcow\Desktop\7zip_installer_1650.exe

2012-07-18 16:07 - 2012-07-19 23:21 - 00416720 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-18 16:07 - 2012-07-19 23:21 - 00000224 ____A C:\Windows\setupact.log

2012-07-18 16:07 - 2012-07-19 16:16 - 00005064 ____A C:\Windows\PFRO.log

2012-07-18 16:07 - 2012-07-18 16:07 - 00000000 ____A C:\Windows\setuperr.log

2012-07-18 16:06 - 2012-07-18 16:06 - 00000000 ____D C:\TDSSKiller_Quarantine

2012-07-18 15:43 - 2012-07-18 15:43 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Madcow\Desktop\tdsskiller.exe

2012-07-18 15:14 - 2012-07-18 15:14 - 00107192 ____A C:\Users\Madcow\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-18 15:11 - 2012-07-18 15:11 - 00000000 ____D C:\Program Files\Enigma Software Group

2012-07-18 15:10 - 2012-07-18 17:16 - 00000000 ____D C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP

2012-07-18 14:53 - 2012-07-18 14:53 - 00001260 ____A C:\Users\Madcow\Desktop\Spybot - Search & Destroy.lnk

2012-07-18 13:30 - 2012-07-18 13:30 - 00040526 ____A C:\Users\Madcow\Documents\cc_20120718_173038.reg

2012-07-17 21:45 - 2012-07-18 15:52 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy

2012-07-17 21:45 - 2012-07-18 14:54 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy

2012-07-17 21:43 - 2012-07-18 13:06 - 00000000 ____D C:\Program Files (x86)\Giant Savings

2012-07-17 21:43 - 2012-07-17 21:43 - 00000000 ____D C:\Users\Madcow\AppData\Local\Giant Savings

2012-07-17 21:02 - 2012-07-17 21:02 - 00027520 ____A C:\Users\Madcow\AppData\Local\dt.dat

2012-07-17 14:47 - 2012-07-17 14:49 - 00000000 ____D C:\Users\Madcow\AppData\Roaming\AVG

2012-07-17 14:27 - 2012-07-18 13:06 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search

2012-07-17 14:27 - 2012-07-17 14:28 - 00000000 ____D C:\Users\All Users\AVG Secure Search

2012-07-17 14:27 - 2012-07-17 14:27 - 00000000 ____D C:\Users\Madcow\AppData\Local\AVG Secure Search

2012-07-17 14:25 - 2012-07-18 13:05 - 00000000 ____D C:\Users\All Users\AVG2012

2012-07-17 14:25 - 2012-07-17 14:25 - 00000000 ____D C:\$AVG

2012-07-17 14:24 - 2012-07-17 14:46 - 00000000 ____D C:\Program Files (x86)\AVG

2012-07-17 14:19 - 2012-07-18 13:05 - 00000000 ____D C:\Users\All Users\MFAData

2012-07-17 11:53 - 2012-07-17 11:53 - 00000000 ____D C:\Users\All Users\Kaspersky Lab

============ 3 Months Modified Files ========================

2012-07-20 13:55 - 2009-07-13 21:10 - 02025083 ____A C:\Windows\WindowsUpdate.log

2012-07-20 13:41 - 2009-07-13 21:13 - 00736726 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-20 12:58 - 2012-04-07 13:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-19 23:28 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-19 23:28 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-19 23:21 - 2012-07-18 16:07 - 00416720 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-19 23:21 - 2012-07-18 16:07 - 00000224 ____A C:\Windows\setupact.log

2012-07-19 23:21 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-19 23:02 - 2010-02-14 06:59 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-19 23:01 - 2009-07-13 18:34 - 00000499 ____A C:\Windows\win.ini

2012-07-19 16:24 - 2012-07-19 16:24 - 00001943 ____A C:\Users\Madcow\Desktop\RKreport[1].txt

2012-07-19 16:23 - 2012-07-19 16:23 - 01552384 ____A C:\Users\Madcow\Desktop\RogueKiller.exe

2012-07-19 16:16 - 2012-07-18 16:07 - 00005064 ____A C:\Windows\PFRO.log

2012-07-18 16:45 - 2012-07-18 16:45 - 00020518 ____A C:\ComboFix.txt

2012-07-18 16:41 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2012-07-18 16:16 - 2012-07-18 16:16 - 04582182 ____R (Swearware) C:\Users\Madcow\Desktop\ComboFix.exe

2012-07-18 16:12 - 2012-07-18 16:12 - 01552064 ____A (W3i, LLC) C:\Users\Madcow\Desktop\7zip_installer_1650.exe

2012-07-18 16:07 - 2012-07-18 16:07 - 00000000 ____A C:\Windows\setuperr.log

2012-07-18 15:43 - 2012-07-18 15:43 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Madcow\Desktop\tdsskiller.exe

2012-07-18 15:14 - 2012-07-18 15:14 - 00107192 ____A C:\Users\Madcow\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-18 14:53 - 2012-07-18 14:53 - 00001260 ____A C:\Users\Madcow\Desktop\Spybot - Search & Destroy.lnk

2012-07-18 13:58 - 2012-04-07 13:51 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-18 13:58 - 2011-07-22 12:00 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-18 13:30 - 2012-07-18 13:30 - 00040526 ____A C:\Users\Madcow\Documents\cc_20120718_173038.reg

2012-07-17 21:02 - 2012-07-17 21:02 - 00027520 ____A C:\Users\Madcow\AppData\Local\dt.dat

2012-07-07 13:13 - 2011-07-06 15:43 - 00005438 ____A C:\Users\Madcow\Documents\Rag.txt

2012-06-28 09:09 - 2012-05-14 08:51 - 00002999 ____A C:\Users\Madcow\Documents\Stuff.txt

2012-06-11 19:08 - 2012-07-19 23:04 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-08 21:43 - 2012-07-18 16:13 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 20:41 - 2012-07-18 16:13 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-05 22:06 - 2012-07-18 16:14 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 22:06 - 2012-07-18 16:14 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 22:02 - 2012-07-18 16:13 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 21:05 - 2012-07-18 16:14 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 21:05 - 2012-07-18 16:13 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 21:03 - 2012-07-18 16:13 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-02 14:19 - 2012-07-19 15:34 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-07-19 15:34 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-07-19 15:34 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:15 - 2012-07-19 15:34 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 11:19 - 2012-07-19 15:34 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 11:15 - 2012-07-19 15:34 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 04:49 - 2012-07-19 23:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 04:17 - 2012-07-19 23:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 04:12 - 2012-07-19 23:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 04:05 - 2012-07-19 23:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 04:05 - 2012-07-19 23:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 04:04 - 2012-07-19 23:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 04:04 - 2012-07-19 23:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 04:03 - 2012-07-19 23:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 04:01 - 2012-07-19 23:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 04:00 - 2012-07-19 23:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 03:59 - 2012-07-19 23:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 03:57 - 2012-07-19 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 03:57 - 2012-07-19 23:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 03:54 - 2012-07-19 23:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 01:07 - 2012-07-19 23:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 00:43 - 2012-07-19 23:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 00:33 - 2012-07-19 23:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 00:26 - 2012-07-19 23:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 00:25 - 2012-07-19 23:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 00:25 - 2012-07-19 23:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 00:23 - 2012-07-19 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 00:21 - 2012-07-19 23:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 00:20 - 2012-07-19 23:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 00:19 - 2012-07-19 23:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 00:19 - 2012-07-19 23:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 00:17 - 2012-07-19 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 00:16 - 2012-07-19 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 00:14 - 2012-07-19 23:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-01 21:50 - 2012-07-18 16:13 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 21:48 - 2012-07-18 16:13 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 21:48 - 2012-07-18 16:13 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 21:45 - 2012-07-18 16:13 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 21:44 - 2012-07-18 16:13 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 20:40 - 2012-07-18 16:13 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 20:40 - 2012-07-18 16:13 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 20:39 - 2012-07-18 16:13 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 20:34 - 2012-07-18 16:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-05-14 05:43 - 2011-01-12 10:33 - 00749732 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-05-05 18:56 - 2011-04-28 17:11 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS

2012-05-05 18:56 - 2011-04-28 17:11 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT

2012-05-04 03:06 - 2012-06-12 11:30 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-05-04 02:03 - 2012-06-12 11:30 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-05-04 02:03 - 2012-06-12 11:30 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-04-30 21:40 - 2012-06-12 11:30 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll

2012-04-27 19:55 - 2012-06-12 11:30 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-04-25 21:41 - 2012-06-12 11:30 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-04-25 21:41 - 2012-06-12 11:30 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-04-25 21:34 - 2012-06-12 11:30 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

2012-04-23 21:37 - 2012-06-12 11:30 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-04-23 21:37 - 2012-06-12 11:30 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-04-23 21:37 - 2012-06-12 11:30 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-04-23 20:36 - 2012-06-12 11:30 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-04-23 20:36 - 2012-06-12 11:30 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-04-23 20:36 - 2012-06-12 11:30 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

ZeroAccess:

C:\Windows\Installer\{ff4859cf-1c19-fd8d-d51a-f9569c59ac17}

C:\Windows\Installer\{ff4859cf-1c19-fd8d-d51a-f9569c59ac17}\L

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%

Total physical RAM: 6135.12 MB

Available physical RAM: 5270.02 MB

Total Pagefile: 6133.27 MB

Available Pagefile: 5365.11 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:683.95 GB) (Free:616.36 GB) NTFS

4 Drive g: (USB DISK) (Removable) (Total:3.73 GB) (Free:1.82 GB) FAT32

9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

10 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.83 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 698 GB 0 B

Disk 1 Online 3822 MB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 31 KB

Partition 2 Primary 14 GB 40 MB

Partition 3 Primary 683 GB 14 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 9 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 Y RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 C OS NTFS Partition 683 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3818 MB 4032 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G USB DISK FAT32 Removable 3818 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-17 20:04

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 20-07-2012

Ran by SYSTEM at 2012-07-20 18:21:42

Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe

[2012-07-18 16:44] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

OK, it's not that bad > here you go......

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


C:\Windows\Installer\{ff4859cf-1c19-fd8d-d51a-f9569c59ac17}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites
sloanie81

sloanie81

Posted
  • Author
Posted

Okay, here is the latest log. Two quick questions. When I went to select my known user account, I saw Madcow, which is what I selected, but there was also an account called mcx-madcow-pc, or something like that. Any idea what that is? Also, before taking any of these steps today, I backed up some of my documents, music, pictures, and scripts onto a flash drive. Are those documents safe to transfer to a different computer, even though this computer is still infected? Thanks!

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012

Ran by SYSTEM at 2012-07-20 21:59:53 Run:1

Running from G:\

==============================================

C:\Windows\Installer\{ff4859cf-1c19-fd8d-d51a-f9569c59ac17} moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Log looks Good

mcx-madcow-pc<---don't know what it is

safe to transfer to a different computer <---yes they're safe to transfer

---------------------------------

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites
sloanie81

sloanie81

Posted
  • Author
Posted

Okay.... back to me again (Greg is dog-sitting for his folks. They have a yellow lab, like you!)

It found something else (not sure where this came from) but probably not malicious. I haven't taken action on that file yet. Awaiting your reply. Important thing that I can tell is: smitfraud doesn't show up at the end of scan and the computer didn't crash.

You've been so generous with your time. I will have to wait until the end of the month for my next paycheck but I will not forget to make a donation! You have saved me so much time/stress/money/ and possibly a relationship! ;)

Heres the log:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.21.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Madcow :: MADCOW-PC [administrator]

7/20/2012 10:43:48 PM

mbam-log-2012-07-20 (22-47-43).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 235056

Time elapsed: 3 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Madcow\Desktop\7zip_installer_1650.exe (PUP.BundleOffers.IIQ) -> No action taken.

(end)

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Have MB delete this:

C:\Users\Madcow\Desktop\7zip_installer_1650.exe (PUP.BundleOffers.IIQ) -> No action taken.

-------------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.