Jump to content

Recommended Posts

Recently, only on google chrome and only regarding the google search on it, am I encountering a redirect issue. Usually I am being sent to sites which are just advertisment sites or worse such as virus attack sites, which were all blocked by Norton. As of this morning, I have run Malwarebytes, Norton, Unhack Me and TDSS Killer by Kaspersky and they have found nothing. Here are the results of the DDS.

Attach.txt

DDS.txt

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

===========

Next, please download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe

http://download.blee...al/MBRCheck.exe

http://www.kernelmod...fo/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

===========

Finally, please provide the logs from MBAM and TDSSKiller.

===========

In yoiur reply I would like to see the following please:

  • ComboFix.txt.
  • MBRCheck log.
  • MBAM log.
  • TDSSKiller log.

How is the computer currently running?

Link to post
Share on other sites

Alright here are the logs, so far my computer has been running fine, it's just the Chrome issue. I used to have an issue where svchost.exe would run up huge amounts of CPU and memory but I fixed that through finding the aleuron virus responsible for it and that windows search had been growing so after i turned that off in Windows services, all was normal.

ComboFix.txt

MBRCheck_09.04.12_13.15.54.txt

TDSSKILLER Report.txt

mbam-log-2012-09-04 (13-26-58).txt

Link to post
Share on other sites

Good afternoon superaman. :)

Thank you for the logs. In future, please post the contents of the logs, rather than attaching them, as malware creators would like nothing more than to infect the computers of helpers such as myself. Thanks! :)

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Here are the results from FRST:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) (x86) Version: 04-09-2012 01

Ran by SYSTEM at 05-09-2012 01:37:13

Running from E:\

Windows Vista Home Premium Service Pack 1 (X86) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.)

HKLM\...\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe [36864 2008-03-03] (Creative Technology Ltd.)

HKLM\...\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3444736 2007-12-08] (Dell Inc.)

HKLM\...\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-12-02] (IDT, Inc.)

HKLM\...\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)

HKLM\...\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [29984 2007-10-11] (Nuance Communications, Inc.)

HKLM\...\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [46368 2007-10-11] (Nuance Communications, Inc.)

HKLM\...\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [345 2012-09-04] ()

HKLM\...\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [741376 2007-11-05] (Brother Industries, Ltd.)

HKLM\...\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)

HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)

HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot [296096 2012-08-25] (RealNetworks, Inc.)

HKU\Aman Arneja\...\Run: [steam] "C:\Program Files\Steam\steam.exe" -silent [1353080 2012-08-03] (Valve Corporation)

HKU\Aman Arneja\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)

HKU\Aman Arneja\...\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()

HKLM\...\runonceex: [Flags] 128 [x]

HKLM\...\runonceex: [Title] UnHackMe Rootkit Check [x]

Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X]

Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Lsa: [Notification Packages] scecli psqlpwd

Startup: C:\Users\Aman Arneja\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

========================== Services (Whitelisted) ========================

2 Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com)

2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation)

3 Futuremark SystemInfo Service; "C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe" [130976 2011-03-01] (Futuremark Corporation)

2 NIS; "C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)

2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3064000 2012-08-13] (Skype Technologies S.A.)

3 usprserv; C:\Windows\System32\svchost.exe -k netsvcs [21504 2008-01-20] (Microsoft Corporation)

3 MSSQL$MSSMLBIZ; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [x]

4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]

2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]

2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

==================== Drivers (Whitelisted) ===================

1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120823.007\BHDrvx86.sys [821920 2012-06-18] (Symantec Corporation)

1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys [132768 2012-06-06] (Symantec Corporation)

1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2011-08-18] (DT Soft Ltd)

1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-08] (Symantec Corporation)

3 ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2008-09-17] (EnTech Taiwan)

3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-08] (Symantec Corporation)

1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120901.001\IDSvix86.sys [386720 2012-08-31] (Symantec Corporation)

3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-11-11] (McAfee, Inc.)

3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-11-11] (McAfee, Inc.)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120904.002\NAVENG.SYS [92704 2012-08-20] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120904.002\NAVEX15.SYS [1601184 2012-08-20] (Symantec Corporation)

0 Partizan; C:\Windows\System32\drivers\Partizan.sys [35816 2012-08-31] (Greatis Software)

0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [43840 2007-11-14] (Sonic Solutions)

3 RegGuard; \??\C:\Windows\system32\Drivers\regguard.sys [24416 2012-08-31] (Greatis Software)

3 SRTSP; C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP.SYS [574112 2012-07-05] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX.SYS [32928 2012-07-05] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\NIS\1308000.00E\SYMDS.SYS [340088 2012-01-17] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\NIS\1308000.00E\SYMEFA.SYS [924320 2012-05-21] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-03-28] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS [149624 2012-04-17] (Symantec Corporation)

1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1308000.00E\SYMTDIV.SYS [345208 2012-04-17] (Symantec Corporation)

3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org)

3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [x]

3 catchme; \??\C:\Users\AMANAR~1\AppData\Local\Temp\catchme.sys [x]

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) =================

============ One Month Created Files and Folders ==============

2012-09-04 22:24 - 2012-09-04 22:24 - 00000000 ____D C:\FRST

2012-09-04 12:26 - 2012-09-04 12:26 - 00209862 ____A C:\Users\Aman Arneja\Documents\TDSSKILLER Report.txt

2012-09-04 12:15 - 2012-09-04 12:15 - 00013302 ____A C:\Users\Aman Arneja\Documents\MBRCheck_09.04.12_13.15.54.txt

2012-09-04 12:14 - 2012-09-04 12:14 - 00080384 ____A C:\Users\Aman Arneja\Downloads\MBRCheck.exe

2012-09-04 12:09 - 2012-09-04 12:09 - 00013346 ____A C:\Users\Aman Arneja\Documents\ComboFix.txt

2012-09-04 11:55 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-09-04 11:55 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-09-04 11:55 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-09-04 11:55 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-09-04 11:55 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-09-04 11:55 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-09-04 11:55 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-09-04 11:55 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-09-04 11:54 - 2012-09-04 12:09 - 00000000 ____D C:\Qoobox

2012-09-04 11:53 - 2012-09-04 12:08 - 00000000 ____D C:\Windows\erdnt

2012-09-04 11:51 - 2012-09-04 11:51 - 04744582 ____R (Swearware) C:\Users\Aman Arneja\Downloads\ComboFix.exe

2012-09-03 22:13 - 2012-09-03 22:13 - 00020866 ____A C:\Users\Aman Arneja\Documents\DDS.txt

2012-09-03 22:13 - 2012-09-03 22:13 - 00011736 ____A C:\Users\Aman Arneja\Documents\Attach.txt

2012-09-03 21:43 - 2012-09-03 21:43 - 00607260 ____R (Swearware) C:\Users\Aman Arneja\Downloads\dds.scr

2012-08-31 15:01 - 2012-09-05 00:34 - 00023427 ____A C:\Windows\Partizan.log

2012-08-31 01:44 - 2012-09-04 12:22 - 00000262 ____A C:\Windows\System32\PARTIZAN.TXT

2012-08-31 01:42 - 2012-08-31 15:05 - 00024416 ____A (Greatis Software) C:\Windows\System32\Drivers\regguard.sys

2012-08-31 01:34 - 2012-09-05 00:33 - 00000000 ____D C:\Users\All Users\RegRun

2012-08-31 01:34 - 2012-09-03 12:41 - 00000000 ____D C:\Users\Aman Arneja\Documents\RegRun2

2012-08-31 01:34 - 2012-09-03 12:41 - 00000000 ____D C:\Program Files\UnHackMe

2012-08-31 01:34 - 2012-08-31 20:50 - 00000000 ____D C:\Users\Public\Documents\regruninfo

2012-08-31 01:34 - 2012-08-31 01:34 - 00039184 ____A (Greatis Software) C:\Windows\System32\Partizan.exe

2012-08-31 01:34 - 2012-08-31 01:34 - 00035816 ____A (Greatis Software) C:\Windows\System32\Drivers\Partizan.sys

2012-08-31 01:34 - 2012-08-31 01:34 - 00000754 ____A C:\Users\Aman Arneja\Desktop\UnHackMe.lnk

2012-08-31 01:34 - 2012-08-31 01:34 - 00000002 RASHOT C:\Windows\winstart.bat

2012-08-31 01:34 - 2012-06-27 15:01 - 00012800 ____A (Greatis Software, LLC.) C:\Windows\System32\Drivers\UnHackMeDrv.sys

2012-08-31 01:29 - 2012-08-31 01:29 - 00000000 ____A C:\Windows\setuperr.log

2012-08-31 01:29 - 2012-08-31 01:29 - 00000000 ____A C:\Windows\setupact.log

2012-08-26 13:48 - 2012-09-04 12:22 - 00005206 ____A C:\Windows\PFRO.log

2012-08-25 17:58 - 2012-08-25 17:58 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll

2012-08-25 17:58 - 2012-08-25 17:58 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll

2012-08-25 17:58 - 2012-08-25 17:58 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll

2012-08-25 17:58 - 2012-08-25 17:58 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll

2012-08-25 17:58 - 2012-08-25 17:58 - 00001071 ____A C:\Users\Public\Desktop\RealPlayer.lnk

2012-08-25 17:58 - 2012-08-25 17:58 - 00000000 ____D C:\Program Files\Common Files\xing shared

2012-08-25 17:57 - 2012-08-25 17:59 - 00000000 ____D C:\Users\Aman Arneja\AppData\Roaming\Real

2012-08-25 17:57 - 2012-08-25 17:58 - 00000000 ____D C:\Program Files\Real

2012-08-25 17:55 - 2012-08-25 17:58 - 00000000 ____D C:\Users\All Users\Real

2012-08-25 13:37 - 2012-08-25 13:37 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{D1544438-BB90-4EEB-84E0-1F21DFBB5C8C}

2012-08-24 12:23 - 2012-08-24 12:24 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{0FA32D80-DB6C-42AA-BD24-2491D0755008}

2012-08-22 13:06 - 2012-08-22 13:06 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{150B17F5-8F8B-4D9E-B6FC-D11D6536C673}

2012-08-21 17:56 - 2012-08-21 17:57 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{C128AAF2-722B-4F6F-96A7-764D1A575633}

2012-08-19 12:35 - 2012-08-19 12:35 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{5588632A-C5F1-4E36-B621-3E2084BCCB63}

2012-08-18 13:22 - 2012-08-18 13:22 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{D189E73F-CEA0-4AA5-962B-B7FA4BE8E168}

2012-08-18 13:21 - 2012-08-18 13:21 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{14078204-A486-4EED-B63F-97BF69671560}

2012-08-15 18:39 - 2012-08-15 18:39 - 00001889 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk

2012-08-15 18:37 - 2012-08-15 18:37 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{E0F35679-B11E-4FC5-B5CE-1EF9D689551D}

2012-08-15 18:37 - 2012-08-15 18:37 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{0F707DB0-85E6-428C-8932-69CDCCC12977}

2012-08-14 14:19 - 2012-08-14 14:19 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{A44F1FDF-CD29-4BE8-92FB-4BAA2DAAE3A2}

2012-08-14 14:19 - 2012-08-14 14:19 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{065B1C97-A3D7-4335-AD9F-5BF828E6590C}

2012-08-13 22:09 - 2012-08-13 22:09 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{08802B5F-9149-48E5-A1B0-9BC6AA9E504E}

2012-08-13 22:08 - 2012-08-13 22:09 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{9C308636-EF80-48C0-AF5C-8BDD45FF65A5}

2012-08-13 17:17 - 2012-08-13 17:17 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{3F40A53F-F8F1-4BC2-9317-A276B1914AD2}

2012-08-12 08:34 - 2012-08-12 08:34 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{CD634214-A6B9-4872-B961-D1EC3207830D}

2012-08-12 08:33 - 2012-08-12 08:34 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{F61A7489-0863-4795-BF0C-3B946A73389B}

2012-08-11 14:40 - 2012-08-11 14:40 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{D0CB8610-7636-4940-8E4E-89A5CAC6A985}

2012-08-11 14:39 - 2012-08-11 14:40 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{390E899E-D649-4DBD-9E3E-562086C42BE5}

2012-08-08 16:28 - 2012-08-08 16:28 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{E344AFD4-E3E0-4063-85F8-2AFEEA196D14}

2012-08-06 11:49 - 2012-08-06 11:49 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{E904F0EA-F88B-40F8-8A1A-AAD1B6AB59D4}

2012-08-06 11:49 - 2012-08-06 11:49 - 00000000 ____D C:\Users\Aman Arneja\AppData\Local\{A06917C6-7F64-434C-81E8-E84E73EC75F5}

============ 3 Months Modified Files ========================

2012-09-05 00:34 - 2012-08-31 15:01 - 00023427 ____A C:\Windows\Partizan.log

2012-09-05 00:33 - 2008-12-14 03:29 - 02076285 ____A C:\Windows\WindowsUpdate.log

2012-09-05 00:33 - 2006-11-02 05:01 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-09-05 00:33 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-09-05 00:33 - 2006-11-02 04:47 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2012-09-05 00:33 - 2006-11-02 04:47 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2012-09-05 00:02 - 2012-04-03 12:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-09-04 23:47 - 2010-09-05 13:38 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781417293-1407770052-2831755773-1000UA.job

2012-09-04 23:37 - 2009-12-11 21:19 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-09-04 22:37 - 2009-12-11 21:19 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-09-04 22:21 - 2006-11-02 02:33 - 00773920 ____A C:\Windows\System32\PerfStringBackup.INI

2012-09-04 21:11 - 2009-10-08 17:17 - 00000426 ____A C:\Windows\BRWMARK.INI

2012-09-04 19:57 - 2011-11-04 20:05 - 00002377 ____A C:\Users\Public\Desktop\Skype.lnk

2012-09-04 14:47 - 2010-09-05 13:38 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781417293-1407770052-2831755773-1000Core.job

2012-09-04 12:42 - 2011-02-20 18:16 - 00001973 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2012-09-04 12:26 - 2012-09-04 12:26 - 00209862 ____A C:\Users\Aman Arneja\Documents\TDSSKILLER Report.txt

2012-09-04 12:22 - 2012-08-31 01:44 - 00000262 ____A C:\Windows\System32\PARTIZAN.TXT

2012-09-04 12:22 - 2012-08-26 13:48 - 00005206 ____A C:\Windows\PFRO.log

2012-09-04 12:15 - 2012-09-04 12:15 - 00013302 ____A C:\Users\Aman Arneja\Documents\MBRCheck_09.04.12_13.15.54.txt

2012-09-04 12:14 - 2012-09-04 12:14 - 00080384 ____A C:\Users\Aman Arneja\Downloads\MBRCheck.exe

2012-09-04 12:09 - 2012-09-04 12:09 - 00013346 ____A C:\Users\Aman Arneja\Documents\ComboFix.txt

2012-09-04 12:07 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini

2012-09-04 11:51 - 2012-09-04 11:51 - 04744582 ____R (Swearware) C:\Users\Aman Arneja\Downloads\ComboFix.exe

2012-09-03 22:13 - 2012-09-03 22:13 - 00020866 ____A C:\Users\Aman Arneja\Documents\DDS.txt

2012-09-03 22:13 - 2012-09-03 22:13 - 00011736 ____A C:\Users\Aman Arneja\Documents\Attach.txt

2012-09-03 21:43 - 2012-09-03 21:43 - 00607260 ____R (Swearware) C:\Users\Aman Arneja\Downloads\dds.scr

2012-08-31 15:05 - 2012-08-31 01:42 - 00024416 ____A (Greatis Software) C:\Windows\System32\Drivers\regguard.sys

2012-08-31 01:34 - 2012-08-31 01:34 - 00039184 ____A (Greatis Software) C:\Windows\System32\Partizan.exe

2012-08-31 01:34 - 2012-08-31 01:34 - 00035816 ____A (Greatis Software) C:\Windows\System32\Drivers\Partizan.sys

2012-08-31 01:34 - 2012-08-31 01:34 - 00000754 ____A C:\Users\Aman Arneja\Desktop\UnHackMe.lnk

2012-08-31 01:34 - 2012-08-31 01:34 - 00000002 RASHOT C:\Windows\winstart.bat

2012-08-31 01:34 - 2006-11-02 02:23 - 00002577 ____A C:\Windows\System32\config.nt

2012-08-31 01:34 - 2006-11-02 02:23 - 00001688 ____A C:\Windows\System32\autoexec.nt

2012-08-31 01:29 - 2012-08-31 01:29 - 00000000 ____A C:\Windows\setuperr.log

2012-08-31 01:29 - 2012-08-31 01:29 - 00000000 ____A C:\Windows\setupact.log

2012-08-25 17:58 - 2012-08-25 17:58 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll

2012-08-25 17:58 - 2012-08-25 17:58 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll

2012-08-25 17:58 - 2012-08-25 17:58 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll

2012-08-25 17:58 - 2012-08-25 17:58 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll

2012-08-25 17:58 - 2012-08-25 17:58 - 00001071 ____A C:\Users\Public\Desktop\RealPlayer.lnk

2012-08-25 17:57 - 2008-12-14 09:46 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll

2012-08-24 00:35 - 2012-04-14 17:19 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-24 00:24 - 2012-04-03 12:13 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-08-24 00:24 - 2011-05-16 12:20 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-08-15 18:39 - 2012-08-15 18:39 - 00001889 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk

2012-08-15 18:00 - 2010-11-20 18:42 - 00002215 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk

2012-08-03 03:46 - 2006-11-02 02:24 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

2012-07-08 22:19 - 2012-02-25 22:44 - 00002627 ____A C:\Users\Aman Arneja\Desktop\Microsoft Office Word 2007.lnk

2012-07-06 01:32 - 2012-07-06 01:32 - 00000961 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

2012-07-03 12:46 - 2012-04-14 17:19 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-29 17:33 - 2012-06-29 17:33 - 00000953 ____A C:\Users\Aman Arneja\Desktop\NBA 2K12.lnk

2012-06-27 15:01 - 2012-08-31 01:34 - 00012800 ____A (Greatis Software, LLC.) C:\Windows\System32\Drivers\UnHackMeDrv.sys

2012-06-17 14:16 - 2012-06-17 14:16 - 00001666 ____A C:\Users\Public\Desktop\iTunes.lnk

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-26 02:11:45

Restore point made on: 2012-08-26 02:13:43

Restore point made on: 2012-08-27 07:16:19

Restore point made on: 2012-08-28 22:58:44

Restore point made on: 2012-08-31 01:42:13

Restore point made on: 2012-08-31 15:05:03

Restore point made on: 2012-09-02 16:38:10

Restore point made on: 2012-09-03 14:24:57

Restore point made on: 2012-09-04 17:13:03

==================== Memory info ===========================

Percentage of memory in use: 8%

Total physical RAM: 4093.14 MB

Available physical RAM: 3738.83 MB

Total Pagefile: 3958.46 MB

Available Pagefile: 3814.94 MB

Total Virtual: 2047.88 MB

Available Virtual: 1980.95 MB

==================== Partitions ============================

1 Drive c: (OS) (Fixed) (Total:220.29 GB) (Free:71.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

3 Drive e: () (Removable) (Total:3.74 GB) (Free:3.24 GB) FAT32

4 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.62 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 233 GB 0 B

Disk 1 Online 3827 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 94 MB 32 KB

Partition 2 Primary 10 GB 95 MB

Partition 3 Primary 220 GB 10 GB

Partition 0 Extended 2560 MB 230 GB

Partition 4 Logical 2559 MB 230 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 FAT Partition 94 MB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 X RECOVERY NTFS Partition 10 GB Healthy Boot

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 220 GB Healthy

==================================================================================

Disk: 0

Partition 4

Type : DD

Hidden: Yes

Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3827 MB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E FAT32 Removable 3827 MB Healthy

==================================================================================

Last Boot: 2012-09-04 13:32

==================== End Of Log =============================

Link to post
Share on other sites

Hey superaman. :)

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Does the issue remain?

Link to post
Share on other sites

Issue currently remains, also after finding the following, my computer has been abysmally slow for some reason, will shut down and turn it on tomorrow and see if slowness persists.

--------------------------

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=f528b72fc232904d9bcae49412840666

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-09-07 09:16:38

# local_time=2012-09-07 02:16:38 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=3584 16777215 100 0 0 0 0 0

# compatibility_mode=5892 16776574 100 100 57921521 183602733 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=318034

# found=3

# cleaned=0

# scan_time=14190

C:\Users\Aman Arneja\AppData\Local\Downloaded Installations\{5C9A18B4-5B3E-401B-BC8F-DAB706B94813}\Mobile Mouse Server.msi a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I

C:\Users\Aman Arneja\AppData\Local\Google\Chrome\User Data\Default\Default\aagfdddegedcgcdadcdcdagbdegbgedj\background.html Win32/BHO.OEI trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\Aman Arneja\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\c55b35f-1ea4e921 probably a variant of Java/Exploit.Agent.NCV trojan (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

Sorry for the double post, but I was wondering how I could get rid of files that I've already uninstalled from my computer? In the appdata folder, and i believe in the local folder within it, I saw some program folders/files during the virus scan which i had deleted. Also in that folder are hundreds of empty folders with weird letter and number combination names. Is there anyway to clean this up?

Link to post
Share on other sites

Good evening superaman. :)

Please navigate to these files and delete them (if present):

C:\Users\Aman Arneja\AppData\Local\Downloaded Installations\{5C9A18B4-5B3E-401B-BC8F-DAB706B94813}\Mobile Mouse Server.msi

C:\Users\Aman Arneja\AppData\Local\Google\Chrome\User Data\Default\Default\aagfdddegedcgcdadcdcdagbdegbgedj\background.html

Next, please follow these instructions to clear out your Java Cache:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::
    ClearJavaCache::
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.

===========

how I could get rid of files that I've already uninstalled from my computer?

I don't understand what you are asking. What do you mean?

Do any issues remain on your computer?

Link to post
Share on other sites

Here is the Combofix log:

ComboFix 12-09-08.02 - Aman Arneja 09/08/2012 16:10:37.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2203 [GMT -7:00]

Running from: c:\users\Aman Arneja\Downloads\ComboFix.exe

Command switches used :: c:\users\Aman Arneja\Downloads\CFScript.txt

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))

.

.

2012-09-08 23:19 . 2012-09-08 23:24 -------- d-----w- c:\users\Aman Arneja\AppData\Local\temp

2012-09-08 23:19 . 2012-09-08 23:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-05 06:24 . 2012-09-05 06:24 -------- d-----w- C:\FRST

2012-08-31 09:34 . 2012-09-08 05:20 -------- d-----w- c:\programdata\RegRun

2012-08-31 09:34 . 2012-08-31 09:34 2 --shatr- c:\windows\winstart.bat

2012-08-31 09:34 . 2012-09-08 05:20 -------- d-----w- c:\program files\UnHackMe

2012-08-26 01:58 . 2012-08-26 01:58 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll

2012-08-26 01:58 . 2012-08-26 01:58 -------- d-----w- c:\program files\Common Files\xing shared

2012-08-26 01:58 . 2012-08-26 01:58 150736 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll

2012-08-26 01:58 . 2012-08-26 01:58 129176 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll

2012-08-26 01:57 . 2012-08-26 01:58 -------- d-----w- c:\program files\Real

2012-08-15 01:09 . 2012-08-16 02:22 -------- d-----w- c:\windows\system32\drivers\NIS\1308000.00E

2012-08-13 20:35 . 2012-08-13 20:35 5115584 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-26 01:57 . 2008-12-14 17:46 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-08-24 08:24 . 2012-04-03 20:13 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-24 08:24 . 2011-05-16 20:20 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 20:46 . 2012-04-15 01:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-08 20:13 . 2011-03-28 06:03 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2007-04-17 05:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2007-04-17 05:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\Steam\steam.exe" [2012-08-04 1353080]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-06 741376]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-08-26 296096]

.

c:\users\Aman Arneja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-12-14 18:05 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-04-17 05:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk

backup=c:\windows\pss\QuickSet.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]

2009-10-23 20:31 326144 ----a-w- c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]

2007-10-30 22:05 77824 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2012-03-09 01:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2007-12-21 16:58 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-07-13 20:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-10-29 22:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1781417293-1407770052-2831755773-1000]

"EnableNotificationsRef"=dword:00000001

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:24]

.

2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 05:18]

.

2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 05:18]

.

2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781417293-1407770052-2831755773-1000Core.job

- c:\users\Aman Arneja\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-05 04:42]

.

2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781417293-1407770052-2831755773-1000UA.job

- c:\users\Aman Arneja\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-05 04:42]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local;<local>

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

Trusted Zone: losrios.edu\d2l

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Aman Arneja\AppData\Roaming\Mozilla\Firefox\Profiles\i0s2tblk.default\

FF - user.js: extensions.autoDisableScopes - 14

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-44481940.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-09-08 16:23

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\users\AMANAR~1\AppData\Local\Temp\ArmUI.ini 170356 bytes

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,04,c5,f0,32,bb,e6,54,43,be,a7,8d,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,04,c5,f0,32,bb,e6,54,43,be,a7,8d,\

.

[HKEY_USERS\S-1-5-21-1781417293-1407770052-2831755773-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(752)

c:\windows\system32\psqlpwd.dll

c:\program files\Fingerprint Reader Suite\homefus2.dll

c:\program files\Fingerprint Reader Suite\infra.dll

.

- - - - - - - > 'Explorer.exe'(4192)

c:\program files\Fingerprint Reader Suite\farchns.dll

c:\program files\Fingerprint Reader Suite\infra.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Dell\DellDock\DockLogin.exe

c:\program files\Fingerprint Reader Suite\upeksvr.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\windows\system32\WLANExt.exe

c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\windows\system32\STacSV.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

.

**************************************************************************

.

Completion time: 2012-09-08 16:30:33 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-08 23:30

.

Pre-Run: 62,903,615,488 bytes free

Post-Run: 63,067,238,400 bytes free

.

- - End Of File - - 7510B2BDC2B6524AD7E296AECC74DCF5

------------------------------------------------------------------------------------------------------------------------------------------------------------------

Deleted the other two files as you requested.

In terms of the question I asked, while the ESET Scanner was running, i saw the name of some files on my computer, I cannot remember exactly where but I feel it was in the appdata folder like this: C:\Users\AmanArneja\AppData\...\ijji\...\gunbound.exe and my question about files like this is that I played this game and uninstalled it years ago, but while it was scanning, i saw a filename like this being scanned. Also in the local folder within appdata, there are hundreds of folders like this: 24gnkm9.jpg which are all empty. Is there any program I could use to delete folders like these (junk folders) and help the efficiency of my computer?

Link to post
Share on other sites

Howdy superaman. :)

Please follow these instructions to remove the remaining malicious entries:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::
    File::
    c:\users\AMANAR~1\AppData\Local\Temp\ArmUI.ini
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.

============

The below tool will help clean out the appdata folder.

Please follow these instructions to clean out your temporary files. Please download ATF Cleaner.

Save it to your Desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.

If you use the Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

===========

Finally, please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

============

In your reply please provide the followng:

  • ComboFix.txt
  • TDSSKiller log.

How is your computer currently running?

Link to post
Share on other sites

Currently my computer is running fine, the problem with Google Chrome seems to have been fixed and is no longer redirecting. I cannot thank you enough for your help with that; I really appreciate your time and dedication to help me with my problem and guiding me the whole way to fix it :) My only question is that with both Norton and MBAM not being able detect these viruses, should I regularly check with ESET's one time scanner or would another method be more advisable? I will post the Combofix and TDSS log below in that order:

-------------------------------------------------------------------------------

ComboFix 12-09-09.02 - Aman Arneja 09/09/2012 12:39:05.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2074 [GMT -7:00]

Running from: c:\users\Aman Arneja\Downloads\ComboFix.exe

Command switches used :: c:\users\Aman Arneja\Downloads\CFScript.txt

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\AMANAR~1\AppData\Local\Temp\ArmUI.ini"

.

.

((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))

.

.

2012-09-09 19:48 . 2012-09-09 19:52 -------- d-----w- c:\users\Aman Arneja\AppData\Local\temp

2012-09-09 19:48 . 2012-09-09 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-05 06:24 . 2012-09-05 06:24 -------- d-----w- C:\FRST

2012-08-31 09:34 . 2012-09-08 05:20 -------- d-----w- c:\programdata\RegRun

2012-08-31 09:34 . 2012-08-31 09:34 2 --shatr- c:\windows\winstart.bat

2012-08-31 09:34 . 2012-09-08 05:20 -------- d-----w- c:\program files\UnHackMe

2012-08-26 01:58 . 2012-08-26 01:58 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll

2012-08-26 01:58 . 2012-08-26 01:58 -------- d-----w- c:\program files\Common Files\xing shared

2012-08-26 01:58 . 2012-08-26 01:58 150736 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll

2012-08-26 01:58 . 2012-08-26 01:58 129176 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll

2012-08-26 01:57 . 2012-08-26 01:58 -------- d-----w- c:\program files\Real

2012-08-15 01:09 . 2012-08-16 02:22 -------- d-----w- c:\windows\system32\drivers\NIS\1308000.00E

2012-08-13 20:35 . 2012-08-13 20:35 5115584 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-26 01:57 . 2008-12-14 17:46 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-08-24 08:24 . 2012-04-03 20:13 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-24 08:24 . 2011-05-16 20:20 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 20:46 . 2012-04-15 01:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-08 20:13 . 2011-03-28 06:03 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2007-04-17 05:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2007-04-17 05:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\Steam\steam.exe" [2012-08-04 1353080]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-06 741376]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-08-26 296096]

.

c:\users\Aman Arneja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-12-14 18:05 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-04-17 05:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk

backup=c:\windows\pss\QuickSet.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]

2009-10-23 20:31 326144 ----a-w- c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]

2007-10-30 22:05 77824 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2012-03-09 01:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2007-12-21 16:58 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-07-13 20:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-10-29 22:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1781417293-1407770052-2831755773-1000]

"EnableNotificationsRef"=dword:00000001

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:24]

.

2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 05:18]

.

2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 05:18]

.

2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781417293-1407770052-2831755773-1000Core.job

- c:\users\Aman Arneja\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-05 04:42]

.

2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781417293-1407770052-2831755773-1000UA.job

- c:\users\Aman Arneja\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-05 04:42]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local;<local>

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

Trusted Zone: losrios.edu\d2l

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Aman Arneja\AppData\Roaming\Mozilla\Firefox\Profiles\i0s2tblk.default\

FF - user.js: extensions.autoDisableScopes - 14

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C8CT1}_is1 - c:\games\World_of_Tanks\unins001.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-09-09 12:51

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,04,c5,f0,32,bb,e6,54,43,be,a7,8d,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,04,c5,f0,32,bb,e6,54,43,be,a7,8d,\

.

[HKEY_USERS\S-1-5-21-1781417293-1407770052-2831755773-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(708)

c:\windows\system32\psqlpwd.dll

c:\program files\Fingerprint Reader Suite\homefus2.dll

c:\program files\Fingerprint Reader Suite\infra.dll

.

- - - - - - - > 'Explorer.exe'(6132)

c:\program files\Fingerprint Reader Suite\farchns.dll

c:\program files\Fingerprint Reader Suite\infra.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Dell\DellDock\DockLogin.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Fingerprint Reader Suite\upeksvr.exe

c:\windows\System32\bcmwltry.exe

c:\windows\system32\WLANExt.exe

c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\windows\system32\STacSV.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\HidFind.exe

c:\program files\DellTPad\Apntex.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

.

**************************************************************************

.

Completion time: 2012-09-09 13:00:23 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-09 20:00

ComboFix2.txt 2012-09-08 23:30

.

Pre-Run: 75,756,167,168 bytes free

Post-Run: 75,797,364,736 bytes free

.

- - End Of File - - 5A5177433AB7CAAE650F321C6C5BED3D

--------------------------------------------------------------------------------------------------------

13:15:10.0523 5756 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

13:15:11.0782 5756 ============================================================

13:15:11.0782 5756 Current date / time: 2012/09/09 13:15:11.0782

13:15:11.0782 5756 SystemInfo:

13:15:11.0782 5756

13:15:11.0782 5756 OS Version: 6.0.6002 ServicePack: 2.0

13:15:11.0782 5756 Product type: Workstation

13:15:11.0782 5756 ComputerName: OLIVER

13:15:11.0782 5756 UserName: Aman Arneja

13:15:11.0782 5756 Windows directory: C:\Windows

13:15:11.0782 5756 System windows directory: C:\Windows

13:15:11.0782 5756 Processor architecture: Intel x86

13:15:11.0782 5756 Number of processors: 2

13:15:11.0782 5756 Page size: 0x1000

13:15:11.0782 5756 Boot type: Normal boot

13:15:11.0782 5756 ============================================================

13:15:12.0377 5756 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

13:15:12.0380 5756 ============================================================

13:15:12.0380 5756 \Device\Harddisk0\DR0:

13:15:12.0385 5756 MBR partitions:

13:15:12.0385 5756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F800, BlocksNum 0x1400000

13:15:12.0385 5756 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x142F800, BlocksNum 0x1B8957F8

13:15:12.0410 5756 ============================================================

13:15:12.0452 5756 C: <-> \Device\Harddisk0\DR0\Partition2

13:15:12.0476 5756 D: <-> \Device\Harddisk0\DR0\Partition1

13:15:12.0476 5756 ============================================================

13:15:12.0476 5756 Initialize success

13:15:12.0476 5756 ============================================================

13:15:14.0976 2652 ============================================================

13:15:14.0977 2652 Scan started

13:15:14.0977 2652 Mode: Manual;

13:15:14.0977 2652 ============================================================

13:15:15.0687 2652 ================ Scan system memory ========================

13:15:15.0687 2652 System memory - ok

13:15:15.0687 2652 ================ Scan services =============================

13:15:15.0852 2652 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys

13:15:15.0855 2652 ACPI - ok

13:15:15.0946 2652 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

13:15:15.0948 2652 AdobeFlashPlayerUpdateSvc - ok

13:15:16.0011 2652 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

13:15:16.0036 2652 adp94xx - ok

13:15:16.0055 2652 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys

13:15:16.0061 2652 adpahci - ok

13:15:16.0099 2652 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

13:15:16.0102 2652 adpu160m - ok

13:15:16.0129 2652 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

13:15:16.0132 2652 adpu320 - ok

13:15:16.0192 2652 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

13:15:16.0193 2652 AeLookupSvc - ok

13:15:16.0226 2652 [ EF1142512BEC12F1C2C87735DA1755BE ] AESTFilters C:\Windows\system32\aestsrv.exe

13:15:16.0227 2652 AESTFilters - ok

13:15:16.0275 2652 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys

13:15:16.0280 2652 AFD - ok

13:15:16.0313 2652 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys

13:15:16.0317 2652 agp440 - ok

13:15:16.0346 2652 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys

13:15:16.0349 2652 aic78xx - ok

13:15:16.0384 2652 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe

13:15:16.0386 2652 ALG - ok

13:15:16.0403 2652 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys

13:15:16.0405 2652 aliide - ok

13:15:16.0579 2652 [ FF6F0F6A2D72065AE4300426FA414693 ] Amazon Download Agent C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

13:15:16.0581 2652 Amazon Download Agent - ok

13:15:16.0614 2652 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys

13:15:16.0616 2652 amdagp - ok

13:15:16.0635 2652 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys

13:15:16.0636 2652 amdide - ok

13:15:16.0669 2652 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

13:15:16.0671 2652 AmdK7 - ok

13:15:16.0681 2652 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

13:15:16.0689 2652 AmdK8 - ok

13:15:16.0731 2652 [ 448DA519F3B6FFA158C513156053181E ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys

13:15:16.0736 2652 ApfiltrService - ok

13:15:16.0771 2652 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll

13:15:16.0772 2652 Appinfo - ok

13:15:16.0876 2652 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

13:15:16.0877 2652 Apple Mobile Device - ok

13:15:16.0946 2652 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys

13:15:16.0949 2652 arc - ok

13:15:17.0007 2652 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys

13:15:17.0009 2652 arcsas - ok

13:15:17.0054 2652 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

13:15:17.0055 2652 AsyncMac - ok

13:15:17.0072 2652 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys

13:15:17.0072 2652 atapi - ok

13:15:17.0104 2652 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

13:15:17.0108 2652 AudioEndpointBuilder - ok

13:15:17.0121 2652 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll

13:15:17.0123 2652 Audiosrv - ok

13:15:17.0144 2652 BCM42RLY - ok

13:15:17.0201 2652 [ CDF7F28FFD693B1B4137845DD1EF1CCC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys

13:15:17.0227 2652 BCM43XX - ok

13:15:17.0326 2652 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

13:15:17.0326 2652 BcmSqlStartupSvc - ok

13:15:17.0360 2652 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys

13:15:17.0361 2652 Beep - ok

13:15:17.0399 2652 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll

13:15:17.0402 2652 BFE - ok

13:15:17.0573 2652 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120905.001\BHDrvx86.sys

13:15:17.0599 2652 BHDrvx86 - ok

13:15:17.0651 2652 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll

13:15:17.0668 2652 BITS - ok

13:15:17.0687 2652 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

13:15:17.0689 2652 blbdrive - ok

13:15:17.0740 2652 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

13:15:17.0745 2652 Bonjour Service - ok

13:15:17.0765 2652 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys

13:15:17.0768 2652 bowser - ok

13:15:17.0801 2652 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

13:15:17.0803 2652 BrFiltLo - ok

13:15:17.0815 2652 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

13:15:17.0817 2652 BrFiltUp - ok

13:15:17.0840 2652 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll

13:15:17.0841 2652 Browser - ok

13:15:17.0872 2652 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys

13:15:17.0875 2652 Brserid - ok

13:15:17.0903 2652 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

13:15:17.0905 2652 BrSerWdm - ok

13:15:17.0930 2652 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

13:15:17.0932 2652 BrUsbMdm - ok

13:15:17.0945 2652 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

13:15:17.0947 2652 BrUsbSer - ok

13:15:17.0966 2652 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

13:15:17.0968 2652 BTHMODEM - ok

13:15:18.0103 2652 catchme - ok

13:15:18.0166 2652 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys

13:15:18.0169 2652 ccSet_NIS - ok

13:15:18.0189 2652 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

13:15:18.0191 2652 cdfs - ok

13:15:18.0234 2652 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

13:15:18.0236 2652 cdrom - ok

13:15:18.0262 2652 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll

13:15:18.0263 2652 CertPropSvc - ok

13:15:18.0283 2652 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys

13:15:18.0284 2652 circlass - ok

13:15:18.0317 2652 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys

13:15:18.0321 2652 CLFS - ok

13:15:18.0370 2652 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:15:18.0373 2652 clr_optimization_v2.0.50727_32 - ok

13:15:18.0447 2652 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:15:18.0448 2652 clr_optimization_v4.0.30319_32 - ok

13:15:18.0502 2652 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

13:15:18.0503 2652 CmBatt - ok

13:15:18.0519 2652 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys

13:15:18.0520 2652 cmdide - ok

13:15:18.0525 2652 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

13:15:18.0528 2652 Compbatt - ok

13:15:18.0532 2652 COMSysApp - ok

13:15:18.0538 2652 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

13:15:18.0540 2652 crcdisk - ok

13:15:18.0564 2652 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys

13:15:18.0566 2652 Crusoe - ok

13:15:18.0591 2652 [ FB27772BEAF8E1D28CCD825C09DA939B ] CryptSvc C:\Windows\system32\cryptsvc.dll

13:15:18.0593 2652 CryptSvc - ok

13:15:18.0635 2652 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll

13:15:18.0652 2652 DcomLaunch - ok

13:15:18.0689 2652 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys

13:15:18.0691 2652 DfsC - ok

13:15:18.0794 2652 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe

13:15:18.0852 2652 DFSR - ok

13:15:18.0901 2652 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll

13:15:18.0903 2652 Dhcp - ok

13:15:18.0927 2652 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys

13:15:18.0954 2652 disk - ok

13:15:19.0007 2652 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll

13:15:19.0009 2652 Dnscache - ok

13:15:19.0069 2652 [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe

13:15:19.0071 2652 DockLoginService - ok

13:15:19.0097 2652 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll

13:15:19.0101 2652 dot3svc - ok

13:15:19.0126 2652 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll

13:15:19.0127 2652 DPS - ok

13:15:19.0160 2652 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

13:15:19.0162 2652 drmkaud - ok

13:15:19.0204 2652 [ C0C7CECCB6C85994C2BC92D58E52D3F2 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys

13:15:19.0206 2652 dtsoftbus01 - ok

13:15:19.0246 2652 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

13:15:19.0263 2652 DXGKrnl - ok

13:15:19.0319 2652 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys

13:15:19.0323 2652 e1express - ok

13:15:19.0357 2652 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

13:15:19.0360 2652 E1G60 - ok

13:15:19.0380 2652 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll

13:15:19.0382 2652 EapHost - ok

13:15:19.0428 2652 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys

13:15:19.0431 2652 Ecache - ok

13:15:19.0486 2652 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

13:15:19.0491 2652 eeCtrl - ok

13:15:19.0533 2652 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

13:15:19.0538 2652 ehRecvr - ok

13:15:19.0552 2652 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe

13:15:19.0554 2652 ehSched - ok

13:15:19.0564 2652 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll

13:15:19.0564 2652 ehstart - ok

13:15:19.0613 2652 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys

13:15:19.0620 2652 elxstor - ok

13:15:19.0676 2652 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll

13:15:19.0693 2652 EMDMgmt - ok

13:15:19.0725 2652 [ 16EBD8BF1D5090923694CC972C7CE1B4 ] ENTECH C:\Windows\system32\DRIVERS\ENTECH.sys

13:15:19.0727 2652 ENTECH - ok

13:15:19.0766 2652 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

13:15:19.0768 2652 EraserUtilRebootDrv - ok

13:15:19.0785 2652 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys

13:15:19.0787 2652 ErrDev - ok

13:15:19.0822 2652 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll

13:15:19.0825 2652 EventSystem - ok

13:15:19.0870 2652 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys

13:15:19.0872 2652 exfat - ok

13:15:19.0899 2652 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys

13:15:19.0902 2652 fastfat - ok

13:15:19.0939 2652 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys

13:15:19.0941 2652 fdc - ok

13:15:19.0966 2652 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll

13:15:19.0967 2652 fdPHost - ok

13:15:19.0980 2652 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll

13:15:19.0981 2652 FDResPub - ok

13:15:19.0997 2652 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

13:15:19.0999 2652 FileInfo - ok

13:15:20.0019 2652 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys

13:15:20.0020 2652 Filetrace - ok

13:15:20.0039 2652 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

13:15:20.0040 2652 flpydisk - ok

13:15:20.0068 2652 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

13:15:20.0072 2652 FltMgr - ok

13:15:20.0121 2652 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll

13:15:20.0136 2652 FontCache - ok

13:15:20.0197 2652 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

13:15:20.0198 2652 FontCache3.0.0.0 - ok

13:15:20.0221 2652 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

13:15:20.0222 2652 Fs_Rec - ok

13:15:20.0301 2652 [ 79B4CDE2B69ED8BA4011859780A66A4D ] Futuremark SystemInfo Service C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe

13:15:20.0303 2652 Futuremark SystemInfo Service - ok

13:15:20.0362 2652 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

13:15:20.0364 2652 gagp30kx - ok

13:15:20.0405 2652 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

13:15:20.0406 2652 GEARAspiWDM - ok

13:15:20.0452 2652 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

13:15:20.0453 2652 GoToAssist - ok

13:15:20.0486 2652 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll

13:15:20.0503 2652 gpsvc - ok

13:15:20.0563 2652 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

13:15:20.0565 2652 gupdate - ok

13:15:20.0577 2652 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

13:15:20.0578 2652 gupdatem - ok

13:15:20.0627 2652 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

13:15:20.0630 2652 gusvc - ok

13:15:20.0674 2652 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

13:15:20.0681 2652 HDAudBus - ok

13:15:20.0702 2652 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys

13:15:20.0704 2652 HidBth - ok

13:15:20.0716 2652 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys

13:15:20.0717 2652 HidIr - ok

13:15:20.0761 2652 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll

13:15:20.0763 2652 hidserv - ok

13:15:20.0778 2652 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

13:15:20.0780 2652 HidUsb - ok

13:15:20.0809 2652 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll

13:15:20.0811 2652 hkmsvc - ok

13:15:20.0835 2652 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

13:15:20.0837 2652 HpCISSs - ok

13:15:20.0880 2652 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys

13:15:20.0886 2652 HTTP - ok

13:15:20.0909 2652 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys

13:15:20.0911 2652 i2omp - ok

13:15:20.0945 2652 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

13:15:20.0946 2652 i8042prt - ok

13:15:20.0984 2652 [ 92B37E0A61CD710A0C66DC3567A8BF3C ] iaNvStor C:\Windows\system32\drivers\ianvstor.sys

13:15:20.0988 2652 iaNvStor - ok

13:15:21.0025 2652 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\drivers\iastor.sys

13:15:21.0028 2652 iaStor - ok

13:15:21.0075 2652 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

13:15:21.0076 2652 IAStorDataMgrSvc - ok

13:15:21.0096 2652 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

13:15:21.0100 2652 iaStorV - ok

13:15:21.0148 2652 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:15:21.0173 2652 idsvc - ok

13:15:21.0278 2652 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120907.001\IDSvix86.sys

13:15:21.0284 2652 IDSVix86 - ok

13:15:21.0308 2652 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys

13:15:21.0310 2652 iirsp - ok

13:15:21.0344 2652 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll

13:15:21.0349 2652 IKEEXT - ok

13:15:21.0359 2652 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys

13:15:21.0361 2652 intelide - ok

13:15:21.0383 2652 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

13:15:21.0384 2652 intelppm - ok

13:15:21.0413 2652 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

13:15:21.0414 2652 IPBusEnum - ok

13:15:21.0427 2652 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:15:21.0429 2652 IpFilterDriver - ok

13:15:21.0460 2652 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

13:15:21.0463 2652 iphlpsvc - ok

13:15:21.0467 2652 IpInIp - ok

13:15:21.0482 2652 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

13:15:21.0484 2652 IPMIDRV - ok

13:15:21.0500 2652 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

13:15:21.0502 2652 IPNAT - ok

13:15:21.0567 2652 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

13:15:21.0592 2652 iPod Service - ok

13:15:21.0604 2652 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

13:15:21.0605 2652 IRENUM - ok

13:15:21.0624 2652 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys

13:15:21.0626 2652 isapnp - ok

13:15:21.0653 2652 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

13:15:21.0655 2652 iScsiPrt - ok

13:15:21.0668 2652 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

13:15:21.0670 2652 iteatapi - ok

13:15:21.0682 2652 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys

13:15:21.0683 2652 iteraid - ok

13:15:21.0699 2652 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

13:15:21.0700 2652 kbdclass - ok

13:15:21.0720 2652 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

13:15:21.0721 2652 kbdhid - ok

13:15:21.0750 2652 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe

13:15:21.0751 2652 KeyIso - ok

13:15:21.0827 2652 [ 2B2F1638466E8CB091400C9019CC730E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

13:15:21.0843 2652 KSecDD - ok

13:15:21.0885 2652 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll

13:15:21.0890 2652 KtmRm - ok

13:15:21.0923 2652 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll

13:15:21.0926 2652 LanmanServer - ok

13:15:21.0966 2652 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

13:15:21.0970 2652 LanmanWorkstation - ok

13:15:22.0003 2652 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

13:15:22.0004 2652 lltdio - ok

13:15:22.0028 2652 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll

13:15:22.0032 2652 lltdsvc - ok

13:15:22.0057 2652 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll

13:15:22.0058 2652 lmhosts - ok

13:15:22.0073 2652 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

13:15:22.0076 2652 LSI_FC - ok

13:15:22.0094 2652 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

13:15:22.0096 2652 LSI_SAS - ok

13:15:22.0111 2652 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

13:15:22.0114 2652 LSI_SCSI - ok

13:15:22.0134 2652 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys

13:15:22.0136 2652 luafv - ok

13:15:22.0151 2652 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

13:15:22.0154 2652 Mcx2Svc - ok

13:15:22.0179 2652 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys

13:15:22.0181 2652 megasas - ok

13:15:22.0227 2652 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys

13:15:22.0234 2652 MegaSR - ok

13:15:22.0301 2652 [ 41FE2F288E05A6C8AB85DD56770FFBAD ] mferkdk C:\Windows\system32\drivers\mferkdk.sys

13:15:22.0303 2652 mferkdk - ok

13:15:22.0342 2652 [ 096B52EA918AA909BA5903D79E129005 ] mfesmfk C:\Windows\system32\drivers\mfesmfk.sys

13:15:22.0344 2652 mfesmfk - ok

13:15:22.0370 2652 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll

13:15:22.0372 2652 MMCSS - ok

13:15:22.0414 2652 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys

13:15:22.0415 2652 Modem - ok

13:15:22.0456 2652 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

13:15:22.0457 2652 monitor - ok

13:15:22.0472 2652 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

13:15:22.0473 2652 mouclass - ok

13:15:22.0480 2652 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

13:15:22.0482 2652 mouhid - ok

13:15:22.0486 2652 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

13:15:22.0488 2652 MountMgr - ok

13:15:22.0550 2652 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

13:15:22.0552 2652 MozillaMaintenance - ok

13:15:22.0601 2652 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys

13:15:22.0603 2652 mpio - ok

13:15:22.0622 2652 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

13:15:22.0623 2652 mpsdrv - ok

13:15:22.0652 2652 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll

13:15:22.0657 2652 MpsSvc - ok

13:15:22.0682 2652 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

13:15:22.0684 2652 Mraid35x - ok

13:15:22.0711 2652 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

13:15:22.0713 2652 MRxDAV - ok

13:15:22.0743 2652 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

13:15:22.0745 2652 mrxsmb - ok

13:15:22.0775 2652 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:15:22.0779 2652 mrxsmb10 - ok

13:15:22.0794 2652 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:15:22.0796 2652 mrxsmb20 - ok

13:15:22.0823 2652 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys

13:15:22.0824 2652 msahci - ok

13:15:22.0844 2652 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys

13:15:22.0846 2652 msdsm - ok

13:15:22.0859 2652 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe

13:15:22.0862 2652 MSDTC - ok

13:15:22.0884 2652 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys

13:15:22.0886 2652 Msfs - ok

13:15:22.0891 2652 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

13:15:22.0893 2652 msisadrv - ok

13:15:22.0923 2652 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

13:15:22.0926 2652 MSiSCSI - ok

13:15:22.0931 2652 msiserver - ok

13:15:22.0944 2652 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

13:15:22.0946 2652 MSKSSRV - ok

13:15:22.0966 2652 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

13:15:22.0967 2652 MSPCLOCK - ok

13:15:22.0980 2652 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

13:15:22.0981 2652 MSPQM - ok

13:15:23.0013 2652 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

13:15:23.0017 2652 MsRPC - ok

13:15:23.0029 2652 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

13:15:23.0029 2652 mssmbios - ok

13:15:23.0079 2652 MSSQL$MSSMLBIZ - ok

13:15:23.0111 2652 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

13:15:23.0112 2652 MSSQLServerADHelper - ok

13:15:23.0144 2652 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

13:15:23.0146 2652 MSTEE - ok

13:15:23.0155 2652 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys

13:15:23.0157 2652 Mup - ok

13:15:23.0212 2652 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll

13:15:23.0217 2652 napagent - ok

13:15:23.0276 2652 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

13:15:23.0279 2652 NativeWifiP - ok

13:15:23.0337 2652 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120908.009\NAVENG.SYS

13:15:23.0353 2652 NAVENG - ok

13:15:23.0427 2652 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120908.009\NAVEX15.SYS

13:15:23.0469 2652 NAVEX15 - ok

13:15:23.0541 2652 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys

13:15:23.0548 2652 NDIS - ok

13:15:23.0570 2652 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

13:15:23.0571 2652 NdisTapi - ok

13:15:23.0587 2652 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

13:15:23.0588 2652 Ndisuio - ok

13:15:23.0626 2652 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

13:15:23.0628 2652 NdisWan - ok

13:15:23.0649 2652 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

13:15:23.0651 2652 NDProxy - ok

13:15:23.0677 2652 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

13:15:23.0685 2652 NetBIOS - ok

13:15:23.0721 2652 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

13:15:23.0724 2652 netbt - ok

13:15:23.0733 2652 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe

13:15:23.0735 2652 Netlogon - ok

13:15:23.0775 2652 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll

13:15:23.0780 2652 Netman - ok

13:15:23.0808 2652 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll

13:15:23.0812 2652 netprofm - ok

13:15:23.0849 2652 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:15:23.0851 2652 NetTcpPortSharing - ok

13:15:23.0888 2652 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

13:15:23.0890 2652 nfrd960 - ok

13:15:23.0984 2652 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

13:15:23.0985 2652 NIS - ok

13:15:24.0004 2652 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll

13:15:24.0006 2652 NlaSvc - ok

13:15:24.0037 2652 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys

13:15:24.0038 2652 Npfs - ok

13:15:24.0051 2652 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll

13:15:24.0052 2652 nsi - ok

13:15:24.0073 2652 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

13:15:24.0074 2652 nsiproxy - ok

13:15:24.0123 2652 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

13:15:24.0148 2652 Ntfs - ok

13:15:24.0172 2652 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

13:15:24.0173 2652 ntrigdigi - ok

13:15:24.0177 2652 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys

13:15:24.0180 2652 Null - ok

13:15:24.0437 2652 [ F452E6AD3EDA2852F44BE492E283C40F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:15:24.0715 2652 nvlddmkm - ok

13:15:24.0740 2652 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys

13:15:24.0743 2652 nvraid - ok

13:15:24.0753 2652 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys

13:15:24.0755 2652 nvstor - ok

13:15:24.0808 2652 [ D122F7C5F79C68868F5DC28CEFEB2ECF ] nvsvc C:\Windows\system32\nvvsvc.exe

13:15:24.0817 2652 nvsvc - ok

13:15:24.0837 2652 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

13:15:24.0839 2652 nv_agp - ok

13:15:24.0848 2652 NwlnkFlt - ok

13:15:24.0857 2652 NwlnkFwd - ok

13:15:24.0953 2652 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

13:15:24.0960 2652 odserv - ok

13:15:25.0002 2652 [ 19CAC780B858822055F46C58A111723C ] OEM02Dev C:\Windows\system32\DRIVERS\OEM02Dev.sys

13:15:25.0007 2652 OEM02Dev - ok

13:15:25.0018 2652 [ 86326062A90494BDD79CE383511D7D69 ] OEM02Vfx C:\Windows\system32\DRIVERS\OEM02Vfx.sys

13:15:25.0019 2652 OEM02Vfx - ok

13:15:25.0058 2652 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

13:15:25.0059 2652 ohci1394 - ok

13:15:25.0106 2652 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:15:25.0108 2652 ose - ok

13:15:25.0155 2652 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll

13:15:25.0173 2652 p2pimsvc - ok

13:15:25.0198 2652 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll

13:15:25.0204 2652 p2psvc - ok

13:15:25.0231 2652 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys

13:15:25.0234 2652 Parport - ok

13:15:25.0245 2652 Partizan - ok

13:15:25.0281 2652 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys

13:15:25.0283 2652 partmgr - ok

13:15:25.0301 2652 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys

13:15:25.0303 2652 Parvdm - ok

13:15:25.0335 2652 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll

13:15:25.0337 2652 PcaSvc - ok

13:15:25.0370 2652 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys

13:15:25.0373 2652 pci - ok

13:15:25.0388 2652 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys

13:15:25.0389 2652 pciide - ok

13:15:25.0405 2652 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

13:15:25.0409 2652 pcmcia - ok

13:15:25.0446 2652 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

13:15:25.0472 2652 PEAUTH - ok

13:15:25.0524 2652 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll

13:15:25.0557 2652 pla - ok

13:15:25.0595 2652 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll

13:15:25.0599 2652 PlugPlay - ok

13:15:25.0622 2652 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

13:15:25.0627 2652 PNRPAutoReg - ok

13:15:25.0647 2652 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll

13:15:25.0652 2652 PNRPsvc - ok

13:15:25.0672 2652 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

13:15:25.0677 2652 PolicyAgent - ok

13:15:25.0707 2652 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

13:15:25.0709 2652 PptpMiniport - ok

13:15:25.0720 2652 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys

13:15:25.0722 2652 Processor - ok

13:15:25.0742 2652 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll

13:15:25.0745 2652 ProfSvc - ok

13:15:25.0758 2652 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

13:15:25.0760 2652 ProtectedStorage - ok

13:15:25.0782 2652 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys

13:15:25.0784 2652 PSched - ok

13:15:25.0822 2652 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys

13:15:25.0823 2652 PxHelp20 - ok

13:15:25.0879 2652 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

13:15:25.0915 2652 ql2300 - ok

13:15:25.0949 2652 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

13:15:25.0952 2652 ql40xx - ok

13:15:25.0980 2652 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll

13:15:25.0986 2652 QWAVE - ok

13:15:26.0001 2652 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

13:15:26.0002 2652 QWAVEdrv - ok

13:15:26.0104 2652 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys

13:15:26.0161 2652 R300 - ok

13:15:26.0186 2652 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

13:15:26.0187 2652 RasAcd - ok

13:15:26.0201 2652 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll

13:15:26.0204 2652 RasAuto - ok

13:15:26.0217 2652 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

13:15:26.0219 2652 Rasl2tp - ok

13:15:26.0245 2652 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll

13:15:26.0253 2652 RasMan - ok

13:15:26.0285 2652 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

13:15:26.0287 2652 RasPppoe - ok

13:15:26.0295 2652 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

13:15:26.0297 2652 RasSstp - ok

13:15:26.0327 2652 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

13:15:26.0331 2652 rdbss - ok

13:15:26.0336 2652 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

13:15:26.0337 2652 RDPCDD - ok

13:15:26.0373 2652 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

13:15:26.0377 2652 rdpdr - ok

13:15:26.0382 2652 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

13:15:26.0383 2652 RDPENCDD - ok

13:15:26.0421 2652 [ 79C6DF8477250F5C54F7C5AE1D6B814E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

13:15:26.0424 2652 RDPWD - ok

13:15:26.0462 2652 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll

13:15:26.0466 2652 RemoteAccess - ok

13:15:26.0494 2652 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll

13:15:26.0498 2652 RemoteRegistry - ok

13:15:26.0519 2652 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys

13:15:26.0521 2652 rimmptsk - ok

13:15:26.0532 2652 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys

13:15:26.0533 2652 rimsptsk - ok

13:15:26.0539 2652 [ D231B577024AA324AF13A42F3A807D10 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys

13:15:26.0541 2652 rismxdp - ok

13:15:26.0554 2652 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe

13:15:26.0556 2652 RpcLocator - ok

13:15:26.0577 2652 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll

13:15:26.0582 2652 RpcSs - ok

13:15:26.0605 2652 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

13:15:26.0607 2652 rspndr - ok

13:15:26.0611 2652 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe

13:15:26.0613 2652 SamSs - ok

13:15:26.0628 2652 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

13:15:26.0631 2652 sbp2port - ok

13:15:26.0659 2652 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll

13:15:26.0663 2652 SCardSvr - ok

13:15:26.0703 2652 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll

13:15:26.0720 2652 Schedule - ok

13:15:26.0729 2652 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll

13:15:26.0730 2652 SCPolicySvc - ok

13:15:26.0755 2652 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

13:15:26.0758 2652 sdbus - ok

13:15:26.0776 2652 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll

13:15:26.0781 2652 SDRSVC - ok

13:15:26.0794 2652 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll

13:15:26.0796 2652 seclogon - ok

13:15:26.0801 2652 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll

13:15:26.0804 2652 SENS - ok

13:15:26.0821 2652 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys

13:15:26.0823 2652 Serenum - ok

13:15:26.0837 2652 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys

13:15:26.0840 2652 Serial - ok

13:15:26.0850 2652 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys

13:15:26.0851 2652 sermouse - ok

13:15:26.0877 2652 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll

13:15:26.0879 2652 SessionEnv - ok

13:15:26.0896 2652 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

13:15:26.0898 2652 sffdisk - ok

13:15:26.0913 2652 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

13:15:26.0915 2652 sffp_mmc - ok

13:15:26.0935 2652 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

13:15:26.0937 2652 sffp_sd - ok

13:15:26.0953 2652 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

13:15:26.0954 2652 sfloppy - ok

13:15:26.0981 2652 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll

13:15:26.0985 2652 SharedAccess - ok

13:15:27.0012 2652 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

13:15:27.0016 2652 ShellHWDetection - ok

13:15:27.0034 2652 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys

13:15:27.0036 2652 sisagp - ok

13:15:27.0054 2652 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

13:15:27.0055 2652 SiSRaid2 - ok

13:15:27.0068 2652 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

13:15:27.0071 2652 SiSRaid4 - ok

13:15:27.0226 2652 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

13:15:27.0291 2652 Skype C2C Service - ok

13:15:27.0350 2652 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

13:15:27.0351 2652 SkypeUpdate - ok

13:15:27.0445 2652 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe

13:15:27.0519 2652 slsvc - ok

13:15:27.0549 2652 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll

13:15:27.0553 2652 SLUINotify - ok

13:15:27.0578 2652 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys

13:15:27.0580 2652 Smb - ok

13:15:27.0604 2652 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

13:15:27.0606 2652 SNMPTRAP - ok

13:15:27.0629 2652 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys

13:15:27.0631 2652 spldr - ok

13:15:27.0656 2652 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe

13:15:27.0659 2652 Spooler - ok

13:15:27.0672 2652 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

13:15:27.0673 2652 SQLBrowser - ok

13:15:27.0709 2652 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

13:15:27.0709 2652 SQLWriter - ok

13:15:27.0774 2652 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP.SYS

13:15:27.0791 2652 SRTSP - ok

13:15:27.0805 2652 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX.SYS

13:15:27.0806 2652 SRTSPX - ok

13:15:27.0837 2652 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys

13:15:27.0841 2652 srv - ok

13:15:27.0873 2652 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

13:15:27.0875 2652 srv2 - ok

13:15:27.0901 2652 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

13:15:27.0904 2652 srvnet - ok

13:15:27.0936 2652 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

13:15:27.0939 2652 SSDPSRV - ok

13:15:27.0954 2652 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll

13:15:27.0957 2652 SstpSvc - ok

13:15:27.0981 2652 [ 7E6DD4B34ACD36AF6C711D2BDE91B040 ] STacSV C:\Windows\system32\STacSV.exe

13:15:27.0984 2652 STacSV - ok

13:15:28.0012 2652 Steam Client Service - ok

13:15:28.0036 2652 [ 6A2A5E809C2C0178326D92B19EE4AAD3 ] STHDA C:\Windows\system32\drivers\stwrt.sys

13:15:28.0042 2652 STHDA - ok

13:15:28.0069 2652 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

13:15:28.0071 2652 StillCam - ok

13:15:28.0110 2652 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll

13:15:28.0116 2652 stisvc - ok

13:15:28.0168 2652 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

13:15:28.0170 2652 stllssvr - ok

13:15:28.0197 2652 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

13:15:28.0199 2652 swenum - ok

13:15:28.0239 2652 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll

13:15:28.0245 2652 swprv - ok

13:15:28.0260 2652 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

13:15:28.0261 2652 Symc8xx - ok

13:15:28.0288 2652 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\NIS\1308000.00E\SYMDS.SYS

13:15:28.0293 2652 SymDS - ok

13:15:28.0347 2652 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\NIS\1308000.00E\SYMEFA.SYS

13:15:28.0373 2652 SymEFA - ok

13:15:28.0402 2652 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS

13:15:28.0405 2652 SymEvent - ok

13:15:28.0412 2652 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS

13:15:28.0414 2652 SymIRON - ok

13:15:28.0453 2652 [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv C:\Windows\System32\Drivers\NIS\1308000.00E\SYMTDIV.SYS

13:15:28.0459 2652 SYMTDIv - ok

13:15:28.0485 2652 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

13:15:28.0487 2652 Sym_hi - ok

13:15:28.0505 2652 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

13:15:28.0507 2652 Sym_u3 - ok

13:15:28.0552 2652 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll

13:15:28.0568 2652 SysMain - ok

13:15:28.0588 2652 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

13:15:28.0590 2652 TabletInputService - ok

13:15:28.0621 2652 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll

13:15:28.0626 2652 TapiSrv - ok

13:15:28.0639 2652 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll

13:15:28.0642 2652 TBS - ok

13:15:28.0689 2652 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

13:15:28.0715 2652 Tcpip - ok

13:15:28.0739 2652 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

13:15:28.0745 2652 Tcpip6 - ok

13:15:28.0769 2652 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

13:15:28.0770 2652 tcpipreg - ok

13:15:28.0809 2652 [ 5CA437A08509FB7ECF843480FC1232E2 ] TcUsb C:\Windows\system32\Drivers\tcusb.sys

13:15:28.0811 2652 TcUsb - ok

13:15:28.0833 2652 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

13:15:28.0834 2652 TDPIPE - ok

13:15:28.0864 2652 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

13:15:28.0865 2652 TDTCP - ok

13:15:28.0897 2652 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

13:15:28.0898 2652 tdx - ok

13:15:28.0921 2652 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

13:15:28.0923 2652 TermDD - ok

13:15:28.0944 2652 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll

13:15:28.0951 2652 TermService - ok

13:15:28.0962 2652 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll

13:15:28.0965 2652 Themes - ok

13:15:28.0978 2652 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll

13:15:28.0980 2652 THREADORDER - ok

13:15:29.0008 2652 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll

13:15:29.0011 2652 TrkWks - ok

13:15:29.0040 2652 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

13:15:29.0041 2652 TrustedInstaller - ok

13:15:29.0057 2652 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

13:15:29.0059 2652 tssecsrv - ok

13:15:29.0076 2652 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

13:15:29.0078 2652 tunmp - ok

13:15:29.0110 2652 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

13:15:29.0112 2652 tunnel - ok

13:15:29.0125 2652 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys

13:15:29.0127 2652 uagp35 - ok

13:15:29.0178 2652 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

13:15:29.0182 2652 udfs - ok

13:15:29.0220 2652 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

13:15:29.0223 2652 UI0Detect - ok

13:15:29.0254 2652 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

13:15:29.0256 2652 uliagpkx - ok

13:15:29.0281 2652 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys

13:15:29.0286 2652 uliahci - ok

13:15:29.0317 2652 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys

13:15:29.0320 2652 UlSata - ok

13:15:29.0344 2652 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

13:15:29.0347 2652 ulsata2 - ok

13:15:29.0364 2652 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

13:15:29.0366 2652 umbus - ok

13:15:29.0393 2652 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll

13:15:29.0398 2652 upnphost - ok

13:15:29.0439 2652 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys

13:15:29.0440 2652 USBAAPL - ok

13:15:29.0465 2652 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

13:15:29.0467 2652 usbccgp - ok

13:15:29.0486 2652 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys

13:15:29.0489 2652 usbcir - ok

13:15:29.0525 2652 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

13:15:29.0527 2652 usbehci - ok

13:15:29.0557 2652 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

13:15:29.0560 2652 usbhub - ok

13:15:29.0585 2652 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys

13:15:29.0587 2652 usbohci - ok

13:15:29.0630 2652 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

13:15:29.0631 2652 usbprint - ok

13:15:29.0684 2652 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

13:15:29.0686 2652 usbscan - ok

13:15:29.0718 2652 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:15:29.0720 2652 USBSTOR - ok

13:15:29.0736 2652 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

13:15:29.0738 2652 usbuhci - ok

13:15:29.0782 2652 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll

13:15:29.0784 2652 UxSms - ok

13:15:29.0822 2652 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe

13:15:29.0839 2652 vds - ok

13:15:29.0856 2652 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

13:15:29.0857 2652 vga - ok

13:15:29.0869 2652 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys

13:15:29.0870 2652 VgaSave - ok

13:15:29.0888 2652 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys

13:15:29.0890 2652 viaagp - ok

13:15:29.0915 2652 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys

13:15:29.0917 2652 ViaC7 - ok

13:15:29.0932 2652 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys

13:15:29.0933 2652 viaide - ok

13:15:29.0947 2652 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys

13:15:29.0949 2652 volmgr - ok

13:15:29.0969 2652 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

13:15:29.0974 2652 volmgrx - ok

13:15:30.0011 2652 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys

13:15:30.0015 2652 volsnap - ok

13:15:30.0039 2652 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

13:15:30.0042 2652 vsmraid - ok

13:15:30.0073 2652 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe

13:15:30.0098 2652 VSS - ok

13:15:30.0122 2652 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll

13:15:30.0126 2652 W32Time - ok

13:15:30.0140 2652 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

13:15:30.0141 2652 WacomPen - ok

13:15:30.0158 2652 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

13:15:30.0160 2652 Wanarp - ok

13:15:30.0164 2652 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

13:15:30.0165 2652 Wanarpv6 - ok

13:15:30.0184 2652 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll

13:15:30.0199 2652 wcncsvc - ok

13:15:30.0226 2652 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

13:15:30.0229 2652 WcsPlugInService - ok

13:15:30.0261 2652 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys

13:15:30.0262 2652 Wd - ok

13:15:30.0295 2652 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

13:15:30.0312 2652 Wdf01000 - ok

13:15:30.0324 2652 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll

13:15:30.0327 2652 WdiServiceHost - ok

13:15:30.0331 2652 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll

13:15:30.0334 2652 WdiSystemHost - ok

13:15:30.0363 2652 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll

13:15:30.0366 2652 WebClient - ok

13:15:30.0395 2652 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll

13:15:30.0399 2652 Wecsvc - ok

13:15:30.0414 2652 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll

13:15:30.0417 2652 wercplsupport - ok

13:15:30.0444 2652 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll

13:15:30.0447 2652 WerSvc - ok

13:15:30.0490 2652 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

13:15:30.0494 2652 WinDefend - ok

13:15:30.0499 2652 WinHttpAutoProxySvc - ok

13:15:30.0530 2652 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

13:15:30.0532 2652 Winmgmt - ok

13:15:30.0589 2652 [ 845AF1BA23C8D5E64DEF61BCC441604C ] WinRing0_1_2_0 C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys

13:15:30.0590 2652 WinRing0_1_2_0 - ok

13:15:30.0632 2652 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll

13:15:30.0666 2652 WinRM - ok

13:15:30.0714 2652 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll

13:15:30.0723 2652 Wlansvc - ok

13:15:30.0792 2652 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:15:30.0825 2652 wlidsvc - ok

13:15:30.0834 2652 wltrysvc - ok

13:15:30.0848 2652 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

13:15:30.0849 2652 WmiAcpi - ok

13:15:30.0883 2652 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

13:15:30.0886 2652 wmiApSrv - ok

13:15:30.0938 2652 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

13:15:30.0964 2652 WMPNetworkSvc - ok

13:15:30.0974 2652 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll

13:15:30.0979 2652 WPCSvc - ok

13:15:31.0008 2652 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

13:15:31.0011 2652 WPDBusEnum - ok

13:15:31.0039 2652 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

13:15:31.0041 2652 WpdUsb - ok

13:15:31.0133 2652 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

13:15:31.0152 2652 WPFFontCache_v0400 - ok

13:15:31.0171 2652 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

13:15:31.0173 2652 ws2ifsl - ok

13:15:31.0194 2652 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll

13:15:31.0197 2652 wscsvc - ok

13:15:31.0225 2652 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

13:15:31.0226 2652 WSDPrintDevice - ok

13:15:31.0230 2652 WSearch - ok

13:15:31.0301 2652 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll

13:15:31.0343 2652 wuauserv - ok

13:15:31.0370 2652 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

13:15:31.0373 2652 WUDFRd - ok

13:15:31.0398 2652 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll

13:15:31.0403 2652 wudfsvc - ok

13:15:31.0437 2652 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys

13:15:31.0441 2652 yukonwlh - ok

13:15:31.0454 2652 ================ Scan global ===============================

13:15:31.0478 2652 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

13:15:31.0512 2652 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

13:15:31.0535 2652 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

13:15:31.0571 2652 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

13:15:31.0576 2652 [Global] - ok

13:15:31.0576 2652 ================ Scan MBR ==================================

13:15:31.0586 2652 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

13:15:32.0003 2652 \Device\Harddisk0\DR0 - ok

13:15:32.0004 2652 ================ Scan VBR ==================================

13:15:32.0026 2652 [ FA901F170D1B9EC49C37A56AA58BF901 ] \Device\Harddisk0\DR0\Partition1

13:15:32.0028 2652 \Device\Harddisk0\DR0\Partition1 - ok

13:15:32.0031 2652 [ 3C0CCD56C7DC9CD6A8DD4E28F98F362F ] \Device\Harddisk0\DR0\Partition2

13:15:32.0032 2652 \Device\Harddisk0\DR0\Partition2 - ok

13:15:32.0033 2652 ============================================================

13:15:32.0033 2652 Scan finished

13:15:32.0033 2652 ============================================================

13:15:32.0041 4796 Detected object count: 0

13:15:32.0041 4796 Actual detected object count: 0

13:16:52.0827 5796 Deinitialize success

Link to post
Share on other sites

Good afternoon superaman. :)

Good to hear! :)

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Then, please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===========

Please provide the contents of log.txt and checkup.txt in your reply.

Link to post
Share on other sites

Sorry for the wait, very busy last two days.

ESET Report:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=f528b72fc232904d9bcae49412840666

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-09-11 09:15:01

# local_time=2012-09-11 02:15:01 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=3584 16777215 100 0 0 0 0 0

# compatibility_mode=5892 16776574 100 100 58270126 183951338 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=311824

# found=0

# cleaned=0

# scan_time=11091

----------------------------------------------------------------------------------------

Security Check:

Results of screen317's Security Check version 0.99.50

Windows Vista Service Pack 2 x86 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

CCleaner

Java 6 Update 24

Java 6 Update 7

Java version out of Date!

Adobe Flash Player 11.3.300.271

Adobe Reader 9 Adobe Reader out of Date!

Adobe Reader X (10.1.4)

Mozilla Firefox 12.0 Firefox out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1 %

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Hello superaman. :)

I notice that you have the User Account Control turned off. This is a very important security feature on Windows Vista and 7, as it allows you to restrict access to your computer and control programs that try to run. Please see below on how to turn it on:

http://windows.micro...ntrol-on-or-off

===========

Your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable.

Please follow the instructions below to update Java:

  • Please go to the below link and download the latest Windows Vista version:

http://www.java.com/...load/manual.jsp

  • Save it to your Desktop.
  • Please go to Start>Control Panel >Programs and Features>Programs.
  • Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them: javaicon.gif
  • Select Remove.
  • Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed.

Next, your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it:

  • Please go to Start>All Programs>Adobe Reader.
  • Open Adobe Reader and navigate to Help>Check for Updates.
  • Please follow the prompts to install the latest version.

Finally, your version of Mozilla Firefox is out of date. Please do the following to update it:

  • Go to Start>All Programs>Mozilla Firefox.
  • Click Firefox>Help>About Firefox.
  • Let it search for any updates and install them when found.
  • Please restart your computer if prompted.

============

In your reply please let me know how the updates go and if there are any remaining issues on your computer.

Link to post
Share on other sites

Hey superaman. :)

Great to hear!

A little housekeeping to uninstall ComboFix:

Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:

ComboFix /uninstall

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Right-click the Recycle Bin and please select Empty Recycle Bin.

==========

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

Please also read Tony Klein's excellent article: How did I get infected in the first place.

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.