Jump to content

My PC has Trojan.Gen.2 virus! Please Help!


Recommended Posts

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

Hi Gringo,

Thank you very much for your help! I didn't find the Watch Topic button on the top of of my post. However, I did select Immediately from the Option tab. Hopefully that helps. Below are the log contents I got from running all three tools you suggested. Thank you for the help. This pc is my office's computer. If I don't reply to you, can we work on it tomorrow please? Thanks again.

1. Security Check:

Results of screen317's Security Check version 0.99.51

Windows 7 x86 (UAC is disabled!)

Out of date service pack!!

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Windows Firewall Disabled!

Symantec Endpoint Protection

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.0.1400

Java 6 Update 31

Java version out of Date!

Adobe Flash Player 11.4.402.287

Adobe Reader X (10.1.4)

Mozilla Firefox (15.0.1)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

2. AdwCleaner

# AdwCleaner v2.004 - Logfile created 10/10/2012 at 18:49:25

# Updated 06/10/2012 by Xplode

# Operating system : Windows 7 Professional (32 bits)

# User : admin - WORKSTATION2

# Boot Mode : Normal

# Running from : C:\Users\admin\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default

File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\b9adthd4.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.92

File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s2].txt - [1043 octets] - [10/10/2012 18:49:25]

########## EOF - C:\AdwCleaner[s2].txt - [1103 octets] ##########

3. RogueKiller

RogueKiller V8.1.1 [10/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version

Started in : Normal mode

User : admin [Admin rights]

Mode : Remove -- Date : 10/10/2012 18:56:54

¤¤¤ Bad processes : 4 ¤¤¤

[sUSP PATH] SSCWindowsService.exe -- C:\Users\admin\AppData\Local\SSCService\SSCWindowsService.exe -> KILLED [TermProc]

[sUSP PATH] XCSecurityService.exe -- C:\ProgramData\CAM Commerce Solutions\X-Charge\Application\XCSecurityService.exe -> KILLED [TermProc]

[sUSP PATH] SSCService.exe -- C:\Users\admin\AppData\Local\SSCService\SSCService.exe -> KILLED [TermProc]

[sUSP PATH] XChrgSrv.exe -- C:\ProgramData\CAM Commerce Solutions\X-Charge\Application\XChrgSrv.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 11 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Run : Practice Monitor™ (C:\Users\admin\AppData\Local\SSCService\SSCService.exe) -> DELETED

[RUN][sUSP PATH] HKLM\[...]\Run : CAMMonitor (C:\ProgramData\CAM Commerce Solutions\X-Charge\Application\XChrgSrv.exe) -> DELETED

[TASK][sUSP PATH] {554C33A4-B4B6-495D-9100-7FA309B6BDBA} : C:\ProgramData\CAM Commerce Solutions\X-Charge\Application\XCharge.exe -> DELETED

[TASK][sUSP PATH] {5A7F3FB4-EBAF-4F39-BCAF-E62D17872EC6} : C:\ProgramData\CAM Commerce Solutions\X-Charge\Application\XCharge.exe -> DELETED

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[13] : NtAlertResumeThread @ 0x82D2B9D5 -> HOOKED (Unknown @ 0x876427A0)

SSDT[14] : NtAlertThread @ 0x82CD97A8 -> HOOKED (Unknown @ 0x87642E80)

SSDT[19] : NtAllocateVirtualMemory @ 0x82C9AE9B -> HOOKED (Unknown @ 0x875FB6A8)

SSDT[59] : ExpInterlockedPopEntrySListResume @ 0x82CC7924 -> HOOKED (Unknown @ 0x8755AC00)

SSDT[74] : NtCreateMutant @ 0x82CCDCA5 -> HOOKED (Unknown @ 0x87652F18)

SSDT[87] : NtCreateThread @ 0x82D29C6A -> HOOKED (Unknown @ 0x8762C470)

SSDT[131] : NtFreeVirtualMemory @ 0x82B02831 -> HOOKED (Unknown @ 0x8760F810)

SSDT[145] : NtImpersonateAnonymousToken @ 0x82C41F96 -> HOOKED (Unknown @ 0x8765DA68)

SSDT[147] : NtImpersonateThread @ 0x82CA76C9 -> HOOKED (Unknown @ 0x87642430)

SSDT[168] : NtMapViewOfSection @ 0x82CCDF67 -> HOOKED (Unknown @ 0x87622A28)

SSDT[177] : NtOpenEvent @ 0x82CD05F7 -> HOOKED (Unknown @ 0x87652958)

SSDT[191] : NtOpenProcessToken @ 0x82C8B971 -> HOOKED (Unknown @ 0x875FC3F8)

SSDT[199] : NtOpenThreadToken @ 0x82C8B1D5 -> HOOKED (Unknown @ 0x876288A0)

SSDT[304] : NtResumeThread @ 0x82CC105F -> HOOKED (Unknown @ 0x875FB670)

SSDT[316] : NtSetContextThread @ 0x82D2AD6F -> HOOKED (Unknown @ 0x875F4E50)

SSDT[333] : NtSetInformationProcess @ 0x82C9C495 -> HOOKED (Unknown @ 0x87622F18)

SSDT[335] : NtSetInformationThread @ 0x82CB883A -> HOOKED (Unknown @ 0x87633DC8)

SSDT[366] : NtSuspendProcess @ 0x82D2B90F -> HOOKED (Unknown @ 0x876527A0)

SSDT[367] : NtSuspendThread @ 0x82CE86E6 -> HOOKED (Unknown @ 0x87633388)

SSDT[370] : NtTerminateProcess @ 0x82CB0BCD -> HOOKED (Unknown @ 0x875FCB30)

SSDT[371] : NtTerminateThread @ 0x82CC3974 -> HOOKED (Unknown @ 0x8760F9A8)

SSDT[385] : NtUnmapViewOfSection @ 0x82CCAD6C -> HOOKED (Unknown @ 0x87622BD0)

SSDT[399] : NtWriteVirtualMemory @ 0x82CD6645 -> HOOKED (Unknown @ 0x87610188)

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD161GJ +++++

--- User ---

[MBR] 779e3c3d481dc68d9145922fc79a863d

[bSP] 34cd9a821f4f5236ac49ff426c27c20e : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 2047 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 4194304 | Size: 142484 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 296001536 | Size: 8085 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: HP Photosmart 2710 USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Link to post
Share on other sites

  • Staff

Hello weigaocb

Looks like it did find it but I want to do some deeper checking just to be sure

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

Hi Gringo,

I came in the office today. The Trojan.Gen.2 warnings come up again. Now it happens every 10 minutes. Then I downloaded Combofix and ran it. The following is the content. I think after I ran ComboFix, the warnings do not come up anymore.

Other than the warning messages, we haven't seen any other issue yet.

Thank you for the help, let me know the next step after you view the contents.

ComboFix:

ComboFix 12-10-11.03 - admin 10/11/2012 11:38:36.1.2 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1993.1182 [GMT -5:00]

Running from: c:\users\admin\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\AMMYY

c:\programdata\AMMYY\hr

c:\programdata\AMMYY\hr3

c:\programdata\AMMYY\settings.bin

c:\programdata\AMMYY\settings3.bin

c:\users\admin\g2mdlhlpx.exe

c:\windows\system32\FlashPlayerInstaller.exe

c:\windows\system32\iphist.dat

c:\windows\system32\SETC7AC.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-09-11 to 2012-10-11 )))))))))))))))))))))))))))))))

.

.

2012-10-11 16:42 . 2012-10-11 16:42 -------- d-----w- c:\users\admin\AppData\Local\temp

2012-10-11 16:42 . 2012-10-11 16:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-11 14:31 . 2012-10-11 14:31 -------- d-----w- C:\2012-10-11

2012-10-11 13:54 . 2012-10-11 13:54 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS

2012-10-11 13:54 . 2012-10-11 13:54 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS

2012-10-11 13:54 . 2012-10-11 13:54 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS

2012-10-11 13:54 . 2012-10-11 13:54 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS

2012-10-11 13:54 . 2012-10-11 13:54 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS

2012-10-11 13:54 . 2012-10-11 13:54 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS

2012-10-11 13:53 . 2012-10-11 13:53 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS

2012-10-11 13:53 . 2012-10-11 13:53 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS

2012-10-11 13:53 . 2012-10-11 13:53 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS

2012-10-11 13:53 . 2012-10-11 13:53 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS

2012-10-11 13:53 . 2012-10-11 13:53 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS

2012-10-11 13:53 . 2012-10-11 13:53 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS

2012-10-11 13:53 . 2012-10-11 13:53 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS

2012-10-11 13:53 . 2012-10-11 13:53 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS

2012-10-11 13:53 . 2012-10-11 13:53 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS

2012-10-11 13:53 . 2012-10-11 13:53 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS

2012-10-11 13:53 . 2012-10-11 13:53 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS

2012-10-10 19:39 . 2012-10-10 19:42 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2012-10-10 19:14 . 2012-10-10 19:14 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes

2012-10-10 19:14 . 2012-10-10 19:14 -------- d-----w- c:\programdata\Malwarebytes

2012-10-10 19:14 . 2012-10-10 19:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-10 19:14 . 2012-09-07 22:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-10 14:03 . 2012-10-10 14:03 -------- d-----w- C:\2012-10-10

2012-10-09 12:49 . 2012-10-09 12:49 -------- d-----w- C:\2012-10-09

2012-10-08 13:58 . 2012-10-08 13:58 -------- d-----w- C:\2012-10-08

2012-10-06 13:28 . 2012-10-06 13:28 -------- d-----w- C:\2012-10-06

2012-10-05 14:28 . 2012-10-05 14:28 -------- d-----w- C:\2012-10-05

2012-10-04 14:54 . 2012-10-04 14:54 -------- d-----w- C:\2012-10-04

2012-10-03 14:55 . 2012-10-03 14:55 -------- d-----w- C:\2012-10-03

2012-10-02 12:48 . 2012-10-02 12:48 -------- d-----w- C:\2012-10-02

2012-10-01 14:25 . 2012-10-01 14:25 -------- d-----w- C:\2012-10-01

2012-09-29 13:24 . 2012-09-29 13:24 -------- d-----w- C:\2012-09-29

2012-09-28 14:35 . 2012-09-28 14:35 -------- d-----w- C:\2012-09-28

2012-09-27 14:22 . 2012-09-27 14:22 -------- d-----w- C:\2012-09-27

2012-09-26 14:13 . 2012-09-26 14:13 -------- d-----w- C:\2012-09-26

2012-09-25 12:54 . 2012-09-25 12:54 -------- d-----w- C:\2012-09-25

2012-09-24 13:44 . 2012-09-24 13:44 -------- d-----w- C:\2012-09-24

2012-09-22 13:25 . 2012-09-22 13:25 -------- d-----w- C:\2012-09-22

2012-09-21 14:45 . 2012-09-21 14:45 -------- d-----w- C:\2012-09-21

2012-09-20 14:32 . 2012-09-20 14:32 -------- d-----w- C:\2012-09-20

2012-09-19 14:14 . 2012-09-19 14:14 -------- d-----w- C:\2012-09-19

2012-09-18 12:28 . 2012-09-18 12:28 -------- d-----w- C:\2012-09-18

2012-09-17 13:54 . 2012-09-17 13:54 -------- d-----w- C:\2012-09-17

2012-09-15 13:26 . 2012-09-15 13:26 -------- d-----w- C:\2012-09-15

2012-09-14 14:42 . 2012-09-14 14:42 -------- d-----w- C:\2012-09-14

2012-09-13 14:20 . 2012-09-13 14:20 -------- d-----w- C:\2012-09-13

2012-09-12 14:09 . 2012-09-12 14:09 -------- d-----w- C:\2012-09-12

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 16:15 . 2012-05-09 14:04 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 16:15 . 2011-07-26 20:48 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-10 15:42 . 2012-09-10 15:42 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-08-11 115560]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

login.bat [2012-3-2 223]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]

path=c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

backup=c:\windows\pss\MagicDisc.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESInetConnect]

2007-04-04 20:04 204800 ----a-w- c:\eaglesoft\Shared Files\esinetconnect.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-09-20 16:38 136176 ----atw- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-08-10 19:22 174104 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-08-10 19:22 141848 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]

2010-05-10 22:12 439568 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-08-10 19:22 151064 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picon]

2009-07-24 19:29 796696 ----a-w- c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2009-07-03 02:07 7596576 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 20:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

R2 SSCWindowsService;SSCWindowsService;c:\users\admin\AppData\Local\SSCService\SSCWindowsService.exe [x]

R2 XCSecurity;X-Charge Security;c:\programdata\CAM Commerce Solutions\X-Charge\Application\XCSecurityService.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 ESCameraService;ESCameraService;c:\eaglesoft\Shared Files\ESCameraService.exe [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R3 XCService;X-Charge Server;c:\programdata\CAM Commerce Solutions\X-Charge\Application\XCService.exe [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]

S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [x]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 16:15]

.

2012-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1922023010-2379744930-3448582157-1000Core.job

- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-20 16:38]

.

2012-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1922023010-2379744930-3448582157-1000UA.job

- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-20 16:38]

.

2012-09-28 c:\windows\Tasks\HPCeeScheduleForadmin.job

- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.amdentpro.com/

Trusted Zone: caesy

TCP: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.254

TCP: Interfaces\{C0C2F78B-1A0A-4463-AB88-8422F7D6DA8D}: NameServer = 192.168.1.254

FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\b9adthd4.default\

FF - prefs.js: browser.startup.homepage - www.amdentpro.com

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-Symantec Antvirus

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-10-11 11:43:50

ComboFix-quarantined-files.txt 2012-10-11 16:43

.

Pre-Run: 89,498,615,808 bytes free

Post-Run: 118,583,394,304 bytes free

.

- - End Of File - - 13CF6F8BDB3A41A3D50F475561F3BC9D

Wei

Link to post
Share on other sites

  • Staff

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

Hi Gringo,

Thank you for the reply.

I still get the attach warnings this morning. Here are the logs:

TDSSKiller:

09:39:28.0650 2364 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

09:39:28.0993 2364 ============================================================

09:39:28.0993 2364 Current date / time: 2012/10/12 09:39:28.0993

09:39:28.0993 2364 SystemInfo:

09:39:28.0993 2364

09:39:28.0993 2364 OS Version: 6.1.7600 ServicePack: 0.0

09:39:28.0993 2364 Product type: Workstation

09:39:28.0993 2364 ComputerName: WORKSTATION2

09:39:28.0993 2364 UserName: admin

09:39:28.0993 2364 Windows directory: C:\Windows

09:39:28.0993 2364 System windows directory: C:\Windows

09:39:28.0993 2364 Processor architecture: Intel x86

09:39:28.0993 2364 Number of processors: 2

09:39:28.0993 2364 Page size: 0x1000

09:39:28.0993 2364 Boot type: Normal boot

09:39:28.0993 2364 ============================================================

09:39:29.0274 2364 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

09:39:29.0305 2364 ============================================================

09:39:29.0305 2364 \Device\Harddisk0\DR0:

09:39:29.0305 2364 MBR partitions:

09:39:29.0305 2364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3FF800

09:39:29.0305 2364 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x400000, BlocksNum 0x1164A000

09:39:29.0305 2364 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11A4A000, BlocksNum 0xFCA800

09:39:29.0305 2364 ============================================================

09:39:29.0337 2364 C: <-> \Device\Harddisk0\DR0\Partition2

09:39:29.0383 2364 D: <-> \Device\Harddisk0\DR0\Partition3

09:39:29.0383 2364 ============================================================

09:39:29.0383 2364 Initialize success

09:39:29.0383 2364 ============================================================

09:39:35.0358 5448 ============================================================

09:39:35.0358 5448 Scan started

09:39:35.0358 5448 Mode: Manual;

09:39:35.0358 5448 ============================================================

09:39:35.0467 5448 ================ Scan system memory ========================

09:39:35.0467 5448 System memory - ok

09:39:35.0467 5448 ================ Scan services =============================

09:39:35.0623 5448 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

09:39:35.0623 5448 1394ohci - ok

09:39:35.0655 5448 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys

09:39:35.0655 5448 ACPI - ok

09:39:35.0686 5448 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys

09:39:35.0686 5448 AcpiPmi - ok

09:39:35.0779 5448 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

09:39:35.0779 5448 AdobeARMservice - ok

09:39:35.0857 5448 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

09:39:35.0857 5448 AdobeFlashPlayerUpdateSvc - ok

09:39:35.0904 5448 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

09:39:35.0904 5448 adp94xx - ok

09:39:35.0935 5448 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

09:39:35.0935 5448 adpahci - ok

09:39:35.0951 5448 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

09:39:35.0951 5448 adpu320 - ok

09:39:35.0967 5448 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

09:39:35.0982 5448 AeLookupSvc - ok

09:39:35.0998 5448 [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD C:\Windows\system32\drivers\afd.sys

09:39:35.0998 5448 AFD - ok

09:39:36.0029 5448 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys

09:39:36.0029 5448 agp440 - ok

09:39:36.0060 5448 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys

09:39:36.0060 5448 aic78xx - ok

09:39:36.0076 5448 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe

09:39:36.0076 5448 ALG - ok

09:39:36.0107 5448 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys

09:39:36.0107 5448 aliide - ok

09:39:36.0123 5448 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys

09:39:36.0123 5448 amdagp - ok

09:39:36.0154 5448 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys

09:39:36.0154 5448 amdide - ok

09:39:36.0185 5448 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

09:39:36.0185 5448 AmdK8 - ok

09:39:36.0201 5448 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

09:39:36.0201 5448 AmdPPM - ok

09:39:36.0232 5448 [ E8887DF31600CEE28EDDD5E6FFAAEED7 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys

09:39:36.0232 5448 amdsata - ok

09:39:36.0247 5448 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

09:39:36.0247 5448 amdsbs - ok

09:39:36.0279 5448 [ 2D31914D521C5D36613063CB06D1B12C ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys

09:39:36.0279 5448 amdxata - ok

09:39:36.0310 5448 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys

09:39:36.0310 5448 AppID - ok

09:39:36.0341 5448 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll

09:39:36.0341 5448 AppIDSvc - ok

09:39:36.0372 5448 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll

09:39:36.0372 5448 Appinfo - ok

09:39:36.0403 5448 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll

09:39:36.0403 5448 AppMgmt - ok

09:39:36.0435 5448 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys

09:39:36.0435 5448 arc - ok

09:39:36.0450 5448 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

09:39:36.0450 5448 arcsas - ok

09:39:36.0528 5448 [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

09:39:36.0528 5448 aspnet_state - ok

09:39:36.0544 5448 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

09:39:36.0544 5448 AsyncMac - ok

09:39:36.0591 5448 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys

09:39:36.0591 5448 atapi - ok

09:39:36.0653 5448 [ AD0635EF51F000C3CCBFD35F3D378998 ] atashost C:\Windows\system32\atashost.exe

09:39:36.0653 5448 atashost - ok

09:39:36.0684 5448 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

09:39:36.0700 5448 AudioEndpointBuilder - ok

09:39:36.0700 5448 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll

09:39:36.0700 5448 Audiosrv - ok

09:39:36.0715 5448 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll

09:39:36.0715 5448 AxInstSV - ok

09:39:36.0762 5448 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys

09:39:36.0762 5448 b06bdrv - ok

09:39:36.0793 5448 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys

09:39:36.0793 5448 b57nd60x - ok

09:39:36.0825 5448 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll

09:39:36.0825 5448 BDESVC - ok

09:39:36.0840 5448 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys

09:39:36.0840 5448 Beep - ok

09:39:36.0856 5448 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll

09:39:36.0871 5448 BFE - ok

09:39:36.0903 5448 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll

09:39:36.0903 5448 BITS - ok

09:39:36.0918 5448 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

09:39:36.0918 5448 blbdrive - ok

09:39:36.0918 5448 [ FCAFAEF6798D7B51FF029F99A9898961 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

09:39:36.0934 5448 bowser - ok

09:39:36.0934 5448 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

09:39:36.0934 5448 BrFiltLo - ok

09:39:36.0949 5448 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

09:39:36.0949 5448 BrFiltUp - ok

09:39:36.0996 5448 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

09:39:36.0996 5448 BridgeMP - ok

09:39:37.0027 5448 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll

09:39:37.0027 5448 Browser - ok

09:39:37.0043 5448 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys

09:39:37.0043 5448 Brserid - ok

09:39:37.0059 5448 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

09:39:37.0059 5448 BrSerWdm - ok

09:39:37.0074 5448 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

09:39:37.0074 5448 BrUsbMdm - ok

09:39:37.0090 5448 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

09:39:37.0090 5448 BrUsbSer - ok

09:39:37.0105 5448 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

09:39:37.0105 5448 BTHMODEM - ok

09:39:37.0121 5448 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll

09:39:37.0121 5448 bthserv - ok

09:39:37.0215 5448 catchme - ok

09:39:37.0261 5448 [ F3E5C6CEEC35C3F65221100B00AFB5F9 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

09:39:37.0261 5448 ccEvtMgr - ok

09:39:37.0277 5448 [ F3E5C6CEEC35C3F65221100B00AFB5F9 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

09:39:37.0277 5448 ccSetMgr - ok

09:39:37.0293 5448 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

09:39:37.0293 5448 cdfs - ok

09:39:37.0339 5448 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

09:39:37.0339 5448 cdrom - ok

09:39:37.0371 5448 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll

09:39:37.0371 5448 CertPropSvc - ok

09:39:37.0386 5448 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys

09:39:37.0386 5448 circlass - ok

09:39:37.0417 5448 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys

09:39:37.0417 5448 CLFS - ok

09:39:37.0449 5448 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:39:37.0449 5448 clr_optimization_v2.0.50727_32 - ok

09:39:37.0464 5448 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

09:39:37.0464 5448 CmBatt - ok

09:39:37.0480 5448 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys

09:39:37.0480 5448 cmdide - ok

09:39:37.0511 5448 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\Windows\system32\Drivers\cng.sys

09:39:37.0511 5448 CNG - ok

09:39:37.0527 5448 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

09:39:37.0527 5448 Compbatt - ok

09:39:37.0558 5448 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

09:39:37.0558 5448 CompositeBus - ok

09:39:37.0573 5448 COMSysApp - ok

09:39:37.0573 5448 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

09:39:37.0589 5448 crcdisk - ok

09:39:37.0620 5448 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll

09:39:37.0620 5448 CryptSvc - ok

09:39:37.0651 5448 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys

09:39:37.0651 5448 CSC - ok

09:39:37.0667 5448 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll

09:39:37.0667 5448 CscService - ok

09:39:37.0714 5448 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll

09:39:37.0714 5448 DcomLaunch - ok

09:39:37.0729 5448 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll

09:39:37.0745 5448 defragsvc - ok

09:39:37.0761 5448 [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] DfsC C:\Windows\system32\Drivers\dfsc.sys

09:39:37.0761 5448 DfsC - ok

09:39:37.0792 5448 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll

09:39:37.0792 5448 Dhcp - ok

09:39:37.0792 5448 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys

09:39:37.0792 5448 discache - ok

09:39:37.0823 5448 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys

09:39:37.0823 5448 Disk - ok

09:39:37.0854 5448 [ D0722E963D3C6145446874241401B209 ] Dnscache C:\Windows\System32\dnsrslvr.dll

09:39:37.0854 5448 Dnscache - ok

09:39:37.0870 5448 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll

09:39:37.0870 5448 dot3svc - ok

09:39:37.0885 5448 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll

09:39:37.0885 5448 DPS - ok

09:39:37.0901 5448 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

09:39:37.0901 5448 drmkaud - ok

09:39:37.0932 5448 [ 8B6C3464D7FAC176500061DBFFF42AD4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

09:39:37.0932 5448 DXGKrnl - ok

09:39:37.0979 5448 [ 8EB9F47C76667CCF8A733751DABAF04B ] e1kexpress C:\Windows\system32\DRIVERS\e1k6232.sys

09:39:37.0979 5448 e1kexpress - ok

09:39:37.0995 5448 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll

09:39:37.0995 5448 EapHost - ok

09:39:38.0057 5448 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys

09:39:38.0073 5448 ebdrv - ok

09:39:38.0135 5448 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

09:39:38.0135 5448 eeCtrl - ok

09:39:38.0166 5448 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\Windows\System32\lsass.exe

09:39:38.0166 5448 EFS - ok

09:39:38.0213 5448 [ 0F1A73C91CFA379F307F86E38C8C41AB ] ehRecvr C:\Windows\ehome\ehRecvr.exe

09:39:38.0213 5448 ehRecvr - ok

09:39:38.0244 5448 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe

09:39:38.0244 5448 ehSched - ok

09:39:38.0275 5448 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

09:39:38.0275 5448 elxstor - ok

09:39:38.0338 5448 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

09:39:38.0338 5448 EraserUtilRebootDrv - ok

09:39:38.0353 5448 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys

09:39:38.0353 5448 ErrDev - ok

09:39:38.0400 5448 [ 96E0E9BD08838F21A61B8001CCDCBB2D ] ESCameraService C:\EagleSoft\Shared Files\ESCameraService.exe

09:39:38.0400 5448 ESCameraService - ok

09:39:38.0447 5448 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll

09:39:38.0447 5448 EventSystem - ok

09:39:38.0478 5448 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys

09:39:38.0478 5448 exfat - ok

09:39:38.0494 5448 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys

09:39:38.0494 5448 fastfat - ok

09:39:38.0525 5448 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe

09:39:38.0525 5448 Fax - ok

09:39:38.0541 5448 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

09:39:38.0541 5448 fdc - ok

09:39:38.0556 5448 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll

09:39:38.0556 5448 fdPHost - ok

09:39:38.0572 5448 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll

09:39:38.0572 5448 FDResPub - ok

09:39:38.0587 5448 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

09:39:38.0587 5448 FileInfo - ok

09:39:38.0603 5448 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

09:39:38.0603 5448 Filetrace - ok

09:39:38.0619 5448 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

09:39:38.0619 5448 flpydisk - ok

09:39:38.0634 5448 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

09:39:38.0634 5448 FltMgr - ok

09:39:38.0650 5448 [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache C:\Windows\system32\FntCache.dll

09:39:38.0650 5448 FontCache - ok

09:39:38.0697 5448 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

09:39:38.0697 5448 FontCache3.0.0.0 - ok

09:39:38.0712 5448 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

09:39:38.0712 5448 FsDepends - ok

09:39:38.0728 5448 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

09:39:38.0728 5448 Fs_Rec - ok

09:39:38.0743 5448 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

09:39:38.0743 5448 fvevol - ok

09:39:38.0759 5448 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

09:39:38.0759 5448 gagp30kx - ok

09:39:38.0790 5448 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll

09:39:38.0790 5448 gpsvc - ok

09:39:38.0806 5448 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

09:39:38.0806 5448 hcw85cir - ok

09:39:38.0837 5448 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

09:39:38.0837 5448 HdAudAddService - ok

09:39:38.0853 5448 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

09:39:38.0868 5448 HDAudBus - ok

09:39:38.0899 5448 [ 88A67C34E37186665E916FD347B50D19 ] HECI C:\Windows\system32\DRIVERS\HECI.sys

09:39:38.0899 5448 HECI - ok

09:39:38.0899 5448 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

09:39:38.0915 5448 HidBatt - ok

09:39:38.0931 5448 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

09:39:38.0931 5448 HidBth - ok

09:39:38.0946 5448 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

09:39:38.0946 5448 HidIr - ok

09:39:38.0977 5448 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll

09:39:38.0977 5448 hidserv - ok

09:39:38.0993 5448 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

09:39:38.0993 5448 HidUsb - ok

09:39:39.0024 5448 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll

09:39:39.0024 5448 hkmsvc - ok

09:39:39.0024 5448 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

09:39:39.0040 5448 HomeGroupListener - ok

09:39:39.0055 5448 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

09:39:39.0071 5448 HomeGroupProvider - ok

09:39:39.0102 5448 HP Support Assistant Service - ok

09:39:39.0133 5448 hpqwmiex - ok

09:39:39.0149 5448 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys

09:39:39.0149 5448 HpSAMD - ok

09:39:39.0180 5448 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys

09:39:39.0180 5448 HTTP - ok

09:39:39.0211 5448 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

09:39:39.0211 5448 hwpolicy - ok

09:39:39.0227 5448 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

09:39:39.0227 5448 i8042prt - ok

09:39:39.0274 5448 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\drivers\iastor.sys

09:39:39.0274 5448 iaStor - ok

09:39:39.0305 5448 [ 2D2918606673C46769FB516A5ACE958E ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys

09:39:39.0305 5448 iaStorV - ok

09:39:39.0352 5448 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:39:39.0352 5448 idsvc - ok

09:39:39.0477 5448 [ A70C995199A47F326EEF4F9F5E6267A1 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys

09:39:39.0492 5448 igfx - ok

09:39:39.0523 5448 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

09:39:39.0523 5448 iirsp - ok

09:39:39.0570 5448 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll

09:39:39.0570 5448 IKEEXT - ok

09:39:39.0633 5448 [ D0A6C0CEB3B74A91884F804FF4F031C0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

09:39:39.0648 5448 IntcAzAudAddService - ok

09:39:39.0664 5448 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys

09:39:39.0664 5448 intelide - ok

09:39:39.0695 5448 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

09:39:39.0695 5448 intelppm - ok

09:39:39.0726 5448 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

09:39:39.0726 5448 IPBusEnum - ok

09:39:39.0742 5448 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:39:39.0742 5448 IpFilterDriver - ok

09:39:39.0773 5448 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

09:39:39.0773 5448 iphlpsvc - ok

09:39:39.0789 5448 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys

09:39:39.0789 5448 IPMIDRV - ok

09:39:39.0804 5448 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys

09:39:39.0804 5448 IPNAT - ok

09:39:39.0820 5448 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys

09:39:39.0820 5448 IRENUM - ok

09:39:39.0835 5448 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys

09:39:39.0835 5448 isapnp - ok

09:39:39.0867 5448 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

09:39:39.0867 5448 iScsiPrt - ok

09:39:39.0898 5448 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

09:39:39.0898 5448 IviRegMgr - ok

09:39:39.0929 5448 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

09:39:39.0929 5448 kbdclass - ok

09:39:39.0945 5448 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

09:39:39.0945 5448 kbdhid - ok

09:39:39.0976 5448 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\Windows\system32\lsass.exe

09:39:39.0976 5448 KeyIso - ok

09:39:39.0991 5448 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

09:39:39.0991 5448 KSecDD - ok

09:39:40.0023 5448 [ 365C6154BBBC5377173F1CA7BFB6CC59 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

09:39:40.0023 5448 KSecPkg - ok

09:39:40.0054 5448 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll

09:39:40.0054 5448 KtmRm - ok

09:39:40.0085 5448 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll

09:39:40.0085 5448 LanmanServer - ok

09:39:40.0116 5448 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

09:39:40.0116 5448 LanmanWorkstation - ok

09:39:40.0194 5448 [ 6ABE9ECAAB7DD0CC6F46EC830E0FE8FC ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

09:39:40.0210 5448 LiveUpdate - ok

09:39:40.0241 5448 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

09:39:40.0241 5448 lltdio - ok

09:39:40.0288 5448 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll

09:39:40.0288 5448 lltdsvc - ok

09:39:40.0303 5448 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll

09:39:40.0303 5448 lmhosts - ok

09:39:40.0350 5448 [ 2763A02188FFB04287F5034EC5B6B451 ] LMS C:\Program Files\Intel\AMT\LMS.exe

09:39:40.0350 5448 LMS - ok

09:39:40.0381 5448 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

09:39:40.0381 5448 LSI_FC - ok

09:39:40.0397 5448 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

09:39:40.0397 5448 LSI_SAS - ok

09:39:40.0413 5448 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

09:39:40.0413 5448 LSI_SAS2 - ok

09:39:40.0428 5448 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

09:39:40.0428 5448 LSI_SCSI - ok

09:39:40.0444 5448 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys

09:39:40.0444 5448 luafv - ok

09:39:40.0491 5448 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

09:39:40.0491 5448 MBAMProtector - ok

09:39:40.0553 5448 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

09:39:40.0553 5448 MBAMScheduler - ok

09:39:40.0584 5448 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

09:39:40.0584 5448 MBAMService - ok

09:39:40.0615 5448 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe

09:39:40.0615 5448 McComponentHostService - ok

09:39:40.0662 5448 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys

09:39:40.0662 5448 mcdbus - ok

09:39:40.0678 5448 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

09:39:40.0678 5448 Mcx2Svc - ok

09:39:40.0709 5448 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

09:39:40.0709 5448 megasas - ok

09:39:40.0740 5448 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

09:39:40.0740 5448 MegaSR - ok

09:39:40.0756 5448 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll

09:39:40.0756 5448 MMCSS - ok

09:39:40.0771 5448 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys

09:39:40.0771 5448 Modem - ok

09:39:40.0787 5448 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

09:39:40.0787 5448 monitor - ok

09:39:40.0818 5448 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

09:39:40.0818 5448 mouclass - ok

09:39:40.0834 5448 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

09:39:40.0834 5448 mouhid - ok

09:39:40.0849 5448 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

09:39:40.0849 5448 mountmgr - ok

09:39:40.0927 5448 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

09:39:40.0927 5448 MozillaMaintenance - ok

09:39:40.0943 5448 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys

09:39:40.0943 5448 mpio - ok

09:39:40.0943 5448 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

09:39:40.0943 5448 mpsdrv - ok

09:39:40.0974 5448 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll

09:39:40.0990 5448 MpsSvc - ok

09:39:41.0005 5448 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

09:39:41.0005 5448 MRxDAV - ok

09:39:41.0037 5448 [ F1B6AA08497EA86CA6EF6F7A08B0BFB8 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

09:39:41.0037 5448 mrxsmb - ok

09:39:41.0068 5448 [ 5613358B4050F46F5A9832DA8050D6E4 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:39:41.0068 5448 mrxsmb10 - ok

09:39:41.0068 5448 [ 25C9792778D80FEB4C8201E62281BFDF ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:39:41.0083 5448 mrxsmb20 - ok

09:39:41.0083 5448 [ 4E00965BB3C471D52B07C9C3C59A82CF ] msahci C:\Windows\system32\DRIVERS\msahci.sys

09:39:41.0083 5448 msahci - ok

09:39:41.0099 5448 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys

09:39:41.0115 5448 msdsm - ok

09:39:41.0130 5448 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe

09:39:41.0130 5448 MSDTC - ok

09:39:41.0146 5448 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys

09:39:41.0146 5448 Msfs - ok

09:39:41.0161 5448 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

09:39:41.0161 5448 mshidkmdf - ok

09:39:41.0161 5448 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys

09:39:41.0161 5448 msisadrv - ok

09:39:41.0193 5448 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

09:39:41.0193 5448 MSiSCSI - ok

09:39:41.0208 5448 msiserver - ok

09:39:41.0224 5448 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

09:39:41.0224 5448 MSKSSRV - ok

09:39:41.0239 5448 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

09:39:41.0239 5448 MSPCLOCK - ok

09:39:41.0255 5448 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

09:39:41.0255 5448 MSPQM - ok

09:39:41.0271 5448 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

09:39:41.0271 5448 MsRPC - ok

09:39:41.0286 5448 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

09:39:41.0286 5448 mssmbios - ok

09:39:41.0302 5448 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

09:39:41.0302 5448 MSTEE - ok

09:39:41.0317 5448 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

09:39:41.0317 5448 MTConfig - ok

09:39:41.0333 5448 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys

09:39:41.0333 5448 Mup - ok

09:39:41.0364 5448 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll

09:39:41.0364 5448 napagent - ok

09:39:41.0395 5448 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

09:39:41.0395 5448 NativeWifiP - ok

09:39:41.0505 5448 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121011.034\NAVENG.SYS

09:39:41.0505 5448 NAVENG - ok

09:39:41.0551 5448 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121011.034\NAVEX15.SYS

09:39:41.0551 5448 NAVEX15 - ok

09:39:41.0598 5448 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys

09:39:41.0598 5448 NDIS - ok

09:39:41.0629 5448 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

09:39:41.0629 5448 NdisCap - ok

09:39:41.0645 5448 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

09:39:41.0645 5448 NdisTapi - ok

09:39:41.0676 5448 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

09:39:41.0676 5448 Ndisuio - ok

09:39:41.0692 5448 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

09:39:41.0692 5448 NdisWan - ok

09:39:41.0707 5448 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

09:39:41.0707 5448 NDProxy - ok

09:39:41.0739 5448 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

09:39:41.0739 5448 Net Driver HPZ12 - ok

09:39:41.0754 5448 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

09:39:41.0754 5448 NetBIOS - ok

09:39:41.0770 5448 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

09:39:41.0770 5448 NetBT - ok

09:39:41.0785 5448 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe

09:39:41.0785 5448 Netlogon - ok

09:39:41.0817 5448 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll

09:39:41.0817 5448 Netman - ok

09:39:41.0832 5448 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll

09:39:41.0832 5448 netprofm - ok

09:39:41.0848 5448 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:39:41.0848 5448 NetTcpPortSharing - ok

09:39:41.0879 5448 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

09:39:41.0879 5448 nfrd960 - ok

09:39:41.0895 5448 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll

09:39:41.0895 5448 NlaSvc - ok

09:39:41.0910 5448 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys

09:39:41.0910 5448 Npfs - ok

09:39:41.0941 5448 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll

09:39:41.0941 5448 nsi - ok

09:39:41.0941 5448 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

09:39:41.0941 5448 nsiproxy - ok

09:39:41.0988 5448 [ B0FF28FEF1C6B51BC1AC91B9FFD5D00E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

09:39:41.0988 5448 Ntfs - ok

09:39:42.0004 5448 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys

09:39:42.0004 5448 Null - ok

09:39:42.0019 5448 [ D71FEB6FCB0912EB238F0CFE5CB085B8 ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys

09:39:42.0019 5448 nvraid - ok

09:39:42.0051 5448 [ 1D8B6A440DFF2BDEAA4EB209FCBA21BF ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys

09:39:42.0051 5448 nvstor - ok

09:39:42.0066 5448 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys

09:39:42.0066 5448 nv_agp - ok

09:39:42.0082 5448 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

09:39:42.0082 5448 ohci1394 - ok

09:39:42.0113 5448 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:39:42.0113 5448 ose - ok

09:39:42.0144 5448 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

09:39:42.0144 5448 p2pimsvc - ok

09:39:42.0160 5448 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll

09:39:42.0160 5448 p2psvc - ok

09:39:42.0191 5448 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys

09:39:42.0191 5448 Parport - ok

09:39:42.0191 5448 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\Windows\system32\drivers\partmgr.sys

09:39:42.0191 5448 partmgr - ok

09:39:42.0207 5448 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys

09:39:42.0207 5448 Parvdm - ok

09:39:42.0222 5448 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll

09:39:42.0222 5448 PcaSvc - ok

09:39:42.0238 5448 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys

09:39:42.0238 5448 pci - ok

09:39:42.0253 5448 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys

09:39:42.0253 5448 pciide - ok

09:39:42.0285 5448 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

09:39:42.0285 5448 pcmcia - ok

09:39:42.0285 5448 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys

09:39:42.0285 5448 pcw - ok

09:39:42.0316 5448 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys

09:39:42.0316 5448 PEAUTH - ok

09:39:42.0347 5448 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

09:39:42.0347 5448 PeerDistSvc - ok

09:39:42.0394 5448 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll

09:39:42.0394 5448 pla - ok

09:39:42.0425 5448 [ 2CC2008F1296968FBA162ED9F9AFE328 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

09:39:42.0425 5448 PlugPlay - ok

09:39:42.0456 5448 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

09:39:42.0456 5448 Pml Driver HPZ12 - ok

09:39:42.0487 5448 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

09:39:42.0487 5448 PNRPAutoReg - ok

09:39:42.0503 5448 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

09:39:42.0503 5448 PNRPsvc - ok

09:39:42.0550 5448 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

09:39:42.0550 5448 PolicyAgent - ok

09:39:42.0581 5448 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll

09:39:42.0581 5448 Power - ok

09:39:42.0628 5448 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

09:39:42.0628 5448 PptpMiniport - ok

09:39:42.0643 5448 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys

09:39:42.0643 5448 Processor - ok

09:39:42.0659 5448 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll

09:39:42.0659 5448 ProfSvc - ok

09:39:42.0675 5448 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe

09:39:42.0675 5448 ProtectedStorage - ok

09:39:42.0690 5448 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys

09:39:42.0706 5448 Psched - ok

09:39:42.0721 5448 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

09:39:42.0721 5448 PSI_SVC_2 - ok

09:39:42.0753 5448 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

09:39:42.0768 5448 ql2300 - ok

09:39:42.0784 5448 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

09:39:42.0784 5448 ql40xx - ok

09:39:42.0815 5448 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll

09:39:42.0815 5448 QWAVE - ok

09:39:42.0831 5448 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

09:39:42.0831 5448 QWAVEdrv - ok

09:39:42.0846 5448 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

09:39:42.0846 5448 RasAcd - ok

09:39:42.0862 5448 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

09:39:42.0862 5448 RasAgileVpn - ok

09:39:42.0877 5448 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll

09:39:42.0877 5448 RasAuto - ok

09:39:42.0893 5448 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

09:39:42.0893 5448 Rasl2tp - ok

09:39:42.0909 5448 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll

09:39:42.0909 5448 RasMan - ok

09:39:42.0924 5448 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

09:39:42.0924 5448 RasPppoe - ok

09:39:42.0940 5448 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

09:39:42.0940 5448 RasSstp - ok

09:39:42.0955 5448 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

09:39:42.0955 5448 rdbss - ok

09:39:42.0971 5448 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

09:39:42.0971 5448 rdpbus - ok

09:39:42.0971 5448 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

09:39:42.0971 5448 RDPCDD - ok

09:39:42.0987 5448 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

09:39:42.0987 5448 RDPDR - ok

09:39:43.0002 5448 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

09:39:43.0018 5448 RDPENCDD - ok

09:39:43.0018 5448 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

09:39:43.0018 5448 RDPREFMP - ok

09:39:43.0033 5448 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

09:39:43.0033 5448 RDPWD - ok

09:39:43.0065 5448 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

09:39:43.0065 5448 rdyboost - ok

09:39:43.0080 5448 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys

09:39:43.0080 5448 regi - ok

09:39:43.0111 5448 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll

09:39:43.0111 5448 RemoteAccess - ok

09:39:43.0143 5448 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll

09:39:43.0143 5448 RemoteRegistry - ok

09:39:43.0158 5448 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

09:39:43.0158 5448 RpcEptMapper - ok

09:39:43.0189 5448 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe

09:39:43.0189 5448 RpcLocator - ok

09:39:43.0205 5448 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll

09:39:43.0205 5448 RpcSs - ok

09:39:43.0236 5448 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

09:39:43.0236 5448 rspndr - ok

09:39:43.0236 5448 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys

09:39:43.0236 5448 s3cap - ok

09:39:43.0252 5448 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\Windows\system32\lsass.exe

09:39:43.0252 5448 SamSs - ok

09:39:43.0267 5448 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys

09:39:43.0267 5448 sbp2port - ok

09:39:43.0299 5448 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll

09:39:43.0299 5448 SCardSvr - ok

09:39:43.0314 5448 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

09:39:43.0314 5448 scfilter - ok

09:39:43.0330 5448 [ 3E8B0C453E25613A1F59762A5C42AA75 ] Schedule C:\Windows\system32\schedsvc.dll

09:39:43.0330 5448 Schedule - ok

09:39:43.0345 5448 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll

09:39:43.0345 5448 SCPolicySvc - ok

09:39:43.0361 5448 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll

09:39:43.0361 5448 SDRSVC - ok

09:39:43.0408 5448 [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

09:39:43.0408 5448 SeaPort - ok

09:39:43.0439 5448 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

09:39:43.0439 5448 secdrv - ok

09:39:43.0455 5448 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll

09:39:43.0455 5448 seclogon - ok

09:39:43.0470 5448 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll

09:39:43.0470 5448 SENS - ok

09:39:43.0486 5448 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll

09:39:43.0486 5448 SensrSvc - ok

09:39:43.0501 5448 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

09:39:43.0501 5448 Serenum - ok

09:39:43.0517 5448 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys

09:39:43.0517 5448 Serial - ok

09:39:43.0517 5448 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

09:39:43.0517 5448 sermouse - ok

09:39:43.0548 5448 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll

09:39:43.0564 5448 SessionEnv - ok

09:39:43.0579 5448 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

09:39:43.0579 5448 sffdisk - ok

09:39:43.0595 5448 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys

09:39:43.0595 5448 sffp_mmc - ok

09:39:43.0611 5448 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

09:39:43.0611 5448 sffp_sd - ok

09:39:43.0626 5448 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

09:39:43.0626 5448 sfloppy - ok

09:39:43.0673 5448 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll

09:39:43.0673 5448 SharedAccess - ok

09:39:43.0689 5448 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

09:39:43.0689 5448 ShellHWDetection - ok

09:39:43.0704 5448 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys

09:39:43.0704 5448 sisagp - ok

09:39:43.0735 5448 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

09:39:43.0735 5448 SiSRaid2 - ok

09:39:43.0751 5448 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

09:39:43.0751 5448 SiSRaid4 - ok

09:39:43.0782 5448 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys

09:39:43.0782 5448 Smb - ok

09:39:43.0845 5448 [ 8317AD0C7E640411C746D5664EB7957A ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

09:39:43.0845 5448 SmcService - ok

09:39:43.0876 5448 [ 95293A76341B1DB125EE125474657728 ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE

09:39:43.0876 5448 SNAC - ok

09:39:43.0907 5448 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

09:39:43.0907 5448 SNMPTRAP - ok

09:39:43.0938 5448 [ E87CF104F12C92401C4D33C50A3D5DC8 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

09:39:43.0938 5448 SPBBCDrv - ok

09:39:43.0954 5448 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys

09:39:43.0954 5448 spldr - ok

09:39:43.0985 5448 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe

09:39:43.0985 5448 Spooler - ok

09:39:44.0047 5448 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe

09:39:44.0063 5448 sppsvc - ok

09:39:44.0063 5448 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll

09:39:44.0063 5448 sppuinotify - ok

09:39:44.0094 5448 [ B36F8D6A02FF2B3A53E250A629782F29 ] SRTSP C:\Windows\system32\Drivers\SRTSP.SYS

09:39:44.0094 5448 SRTSP - ok

09:39:44.0110 5448 [ E99BD98AC171A29FC1BA9376BE87AE73 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL.SYS

09:39:44.0125 5448 SRTSPL - ok

09:39:44.0125 5448 [ 1AF34729898063E9B7DF8D149D767E07 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX.SYS

09:39:44.0125 5448 SRTSPX - ok

09:39:44.0157 5448 [ 2DBEDFB1853F06110EC2AA7F3213C89F ] srv C:\Windows\system32\DRIVERS\srv.sys

09:39:44.0172 5448 srv - ok

09:39:44.0172 5448 [ DB37131D1027C50EA7EE21C8BB4536AA ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

09:39:44.0172 5448 srv2 - ok

09:39:44.0188 5448 [ F5980B74124DB9233B33F86FC5EBBB4F ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

09:39:44.0188 5448 srvnet - ok

09:39:44.0313 5448 [ 54574B5F07710566ACE32392FAB54B49 ] SSCWindowsService C:\Users\admin\AppData\Local\SSCService\SSCWindowsService.exe

09:39:44.0313 5448 SSCWindowsService - ok

09:39:44.0344 5448 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

09:39:44.0344 5448 SSDPSRV - ok

09:39:44.0359 5448 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll

09:39:44.0359 5448 SstpSvc - ok

09:39:44.0375 5448 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

09:39:44.0375 5448 stexstor - ok

09:39:44.0406 5448 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll

09:39:44.0422 5448 StiSvc - ok

09:39:44.0437 5448 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys

09:39:44.0437 5448 storflt - ok

09:39:44.0453 5448 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll

09:39:44.0453 5448 StorSvc - ok

09:39:44.0469 5448 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys

09:39:44.0469 5448 storvsc - ok

09:39:44.0484 5448 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

09:39:44.0484 5448 swenum - ok

09:39:44.0515 5448 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll

09:39:44.0515 5448 swprv - ok

09:39:44.0562 5448 [ 4402CF4959A30CB6A008099ABA8F22A9 ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

09:39:44.0562 5448 Symantec AntiVirus - ok

09:39:44.0593 5448 [ E42A34E6F5CA71A84D4C2DE620AAD13D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS

09:39:44.0593 5448 SymEvent - ok

09:39:44.0609 5448 [ 394B2368212114D538316812AF60FDDD ] SYMREDRV C:\Windows\System32\Drivers\SYMREDRV.SYS

09:39:44.0625 5448 SYMREDRV - ok

09:39:44.0625 5448 [ D46676BB414C7531BDFFE637A33F5033 ] SYMTDI C:\Windows\System32\Drivers\SYMTDI.SYS

09:39:44.0625 5448 SYMTDI - ok

09:39:44.0656 5448 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll

09:39:44.0671 5448 SysMain - ok

09:39:44.0687 5448 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll

09:39:44.0687 5448 TabletInputService - ok

09:39:44.0703 5448 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll

09:39:44.0703 5448 TapiSrv - ok

09:39:44.0718 5448 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll

09:39:44.0718 5448 TBS - ok

09:39:44.0765 5448 [ BB7F39C31C4A4417FD318E7CD184E225 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

09:39:44.0765 5448 Tcpip - ok

09:39:44.0781 5448 [ BB7F39C31C4A4417FD318E7CD184E225 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

09:39:44.0796 5448 TCPIP6 - ok

09:39:44.0812 5448 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

09:39:44.0812 5448 tcpipreg - ok

09:39:44.0843 5448 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

09:39:44.0843 5448 TDPIPE - ok

09:39:44.0859 5448 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

09:39:44.0859 5448 TDTCP - ok

09:39:44.0859 5448 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

09:39:44.0859 5448 tdx - ok

09:39:44.0921 5448 [ C562CB17CDB187CAF3976759B8DC1888 ] TeamViewer4 C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

09:39:44.0921 5448 TeamViewer4 - ok

09:39:44.0937 5448 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

09:39:44.0937 5448 TermDD - ok

09:39:44.0968 5448 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll

09:39:44.0968 5448 TermService - ok

09:39:44.0983 5448 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll

09:39:44.0983 5448 Themes - ok

09:39:44.0983 5448 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll

09:39:44.0999 5448 THREADORDER - ok

09:39:45.0015 5448 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys

09:39:45.0015 5448 TPM - ok

09:39:45.0030 5448 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll

09:39:45.0030 5448 TrkWks - ok

09:39:45.0077 5448 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

09:39:45.0077 5448 TrustedInstaller - ok

09:39:45.0093 5448 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

09:39:45.0093 5448 tssecsrv - ok

09:39:45.0124 5448 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

09:39:45.0124 5448 tunnel - ok

09:39:45.0139 5448 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

09:39:45.0139 5448 uagp35 - ok

09:39:45.0155 5448 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys

09:39:45.0155 5448 udfs - ok

09:39:45.0171 5448 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

09:39:45.0186 5448 UI0Detect - ok

09:39:45.0202 5448 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys

09:39:45.0202 5448 uliagpkx - ok

09:39:45.0233 5448 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys

09:39:45.0233 5448 umbus - ok

09:39:45.0249 5448 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

09:39:45.0249 5448 UmPass - ok

09:39:45.0264 5448 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll

09:39:45.0264 5448 UmRdpService - ok

09:39:45.0358 5448 [ D47E82866A6FF02DAE9CEDF127C4BEE0 ] UNS C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

09:39:45.0358 5448 UNS - ok

09:39:45.0389 5448 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll

09:39:45.0389 5448 upnphost - ok

09:39:45.0420 5448 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

09:39:45.0420 5448 usbccgp - ok

09:39:45.0436 5448 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys

09:39:45.0436 5448 usbcir - ok

09:39:45.0451 5448 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

09:39:45.0451 5448 usbehci - ok

09:39:45.0483 5448 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

09:39:45.0483 5448 usbhub - ok

09:39:45.0498 5448 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

09:39:45.0498 5448 usbohci - ok

09:39:45.0529 5448 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

09:39:45.0529 5448 usbprint - ok

09:39:45.0545 5448 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

09:39:45.0561 5448 usbscan - ok

09:39:45.0576 5448 [ 694C991CD0B8138888F086DA6009ADBC ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

09:39:45.0576 5448 USBSTOR - ok

09:39:45.0576 5448 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

09:39:45.0576 5448 usbuhci - ok

09:39:45.0607 5448 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll

09:39:45.0607 5448 UxSms - ok

09:39:45.0623 5448 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\Windows\system32\lsass.exe

09:39:45.0623 5448 VaultSvc - ok

09:39:45.0654 5448 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys

09:39:45.0654 5448 vdrvroot - ok

09:39:45.0670 5448 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe

09:39:45.0670 5448 vds - ok

09:39:45.0701 5448 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

09:39:45.0701 5448 vga - ok

09:39:45.0701 5448 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys

09:39:45.0701 5448 VgaSave - ok

09:39:45.0732 5448 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys

09:39:45.0732 5448 vhdmp - ok

09:39:45.0763 5448 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys

09:39:45.0763 5448 viaagp - ok

09:39:45.0779 5448 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys

09:39:45.0779 5448 ViaC7 - ok

09:39:45.0795 5448 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys

09:39:45.0795 5448 viaide - ok

09:39:45.0810 5448 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys

09:39:45.0810 5448 vmbus - ok

09:39:45.0826 5448 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys

09:39:45.0826 5448 VMBusHID - ok

09:39:45.0841 5448 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys

09:39:45.0841 5448 volmgr - ok

09:39:45.0857 5448 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

09:39:45.0857 5448 volmgrx - ok

09:39:45.0873 5448 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys

09:39:45.0873 5448 volsnap - ok

09:39:45.0904 5448 [ 33E74DF34753FCAAB06F6F2BDC8CABF5 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys

09:39:45.0904 5448 vpcbus - ok

09:39:45.0951 5448 [ 5F04362CEB5FB5901037E9D9EADD3760 ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys

09:39:45.0951 5448 vpcnfltr - ok

09:39:45.0966 5448 [ 625088D6EE9EDE977FD03CF18D1CD5C5 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys

09:39:45.0966 5448 vpcusb - ok

09:39:45.0997 5448 [ B21E23C100D6D5162B95CF6F05B4E035 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys

09:39:45.0997 5448 vpcvmm - ok

09:39:46.0013 5448 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

09:39:46.0013 5448 vsmraid - ok

09:39:46.0060 5448 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe

09:39:46.0060 5448 VSS - ok

09:39:46.0075 5448 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

09:39:46.0075 5448 vwifibus - ok

09:39:46.0091 5448 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll

09:39:46.0107 5448 W32Time - ok

09:39:46.0122 5448 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

09:39:46.0122 5448 WacomPen - ok

09:39:46.0153 5448 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

09:39:46.0153 5448 WANARP - ok

09:39:46.0153 5448 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

09:39:46.0153 5448 Wanarpv6 - ok

09:39:46.0185 5448 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe

09:39:46.0200 5448 wbengine - ok

09:39:46.0216 5448 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

09:39:46.0216 5448 WbioSrvc - ok

09:39:46.0231 5448 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll

09:39:46.0231 5448 wcncsvc - ok

09:39:46.0247 5448 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

09:39:46.0247 5448 WcsPlugInService - ok

09:39:46.0263 5448 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys

09:39:46.0263 5448 Wd - ok

09:39:46.0278 5448 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

09:39:46.0294 5448 Wdf01000 - ok

09:39:46.0309 5448 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll

09:39:46.0309 5448 WdiServiceHost - ok

09:39:46.0309 5448 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll

09:39:46.0309 5448 WdiSystemHost - ok

09:39:46.0325 5448 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll

09:39:46.0325 5448 WebClient - ok

09:39:46.0341 5448 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll

09:39:46.0341 5448 Wecsvc - ok

09:39:46.0356 5448 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll

09:39:46.0356 5448 wercplsupport - ok

09:39:46.0372 5448 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll

09:39:46.0387 5448 WerSvc - ok

09:39:46.0403 5448 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

09:39:46.0403 5448 WfpLwf - ok

09:39:46.0419 5448 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys

09:39:46.0419 5448 WIMMount - ok

09:39:46.0465 5448 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

09:39:46.0465 5448 WinDefend - ok

09:39:46.0481 5448 WinHttpAutoProxySvc - ok

09:39:46.0543 5448 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

09:39:46.0543 5448 Winmgmt - ok

09:39:46.0575 5448 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll

09:39:46.0590 5448 WinRM - ok

09:39:46.0621 5448 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll

09:39:46.0621 5448 Wlansvc - ok

09:39:46.0699 5448 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

09:39:46.0699 5448 wlidsvc - ok

09:39:46.0731 5448 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

09:39:46.0731 5448 WmiAcpi - ok

09:39:46.0762 5448 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

09:39:46.0762 5448 wmiApSrv - ok

09:39:46.0824 5448 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

09:39:46.0840 5448 WMPNetworkSvc - ok

09:39:46.0855 5448 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll

09:39:46.0855 5448 WPCSvc - ok

09:39:46.0871 5448 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

09:39:46.0871 5448 WPDBusEnum - ok

09:39:46.0887 5448 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

09:39:46.0887 5448 ws2ifsl - ok

09:39:46.0902 5448 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll

09:39:46.0902 5448 wscsvc - ok

09:39:46.0933 5448 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

09:39:46.0933 5448 WSDPrintDevice - ok

09:39:46.0933 5448 WSearch - ok

09:39:46.0980 5448 [ A33408CC036F9C08142B11BE5E93F0A1 ] wuauserv C:\Windows\system32\wuaueng.dll

09:39:46.0996 5448 wuauserv - ok

09:39:47.0011 5448 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

09:39:47.0027 5448 WudfPf - ok

09:39:47.0043 5448 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

09:39:47.0043 5448 WUDFRd - ok

09:39:47.0058 5448 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

09:39:47.0058 5448 wudfsvc - ok

09:39:47.0074 5448 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll

09:39:47.0074 5448 WwanSvc - ok

09:39:47.0167 5448 [ 7985443D0B74D499F10B6BEAE0B1C936 ] XCSecurity C:\ProgramData\CAM Commerce Solutions\X-Charge\Application\XCSecurityService.exe

09:39:47.0167 5448 XCSecurity - ok

09:39:47.0199 5448 [ C18EC2568A9BACEB7D3D4583AEDC3D0F ] XCService C:\ProgramData\CAM Commerce Solutions\X-Charge\Application\XCService.exe

09:39:47.0199 5448 XCService - ok

09:39:47.0214 5448 ================ Scan global ===============================

09:39:47.0230 5448 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll

09:39:47.0261 5448 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll

09:39:47.0277 5448 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll

09:39:47.0292 5448 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

09:39:47.0308 5448 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

09:39:47.0323 5448 [Global] - ok

09:39:47.0323 5448 ================ Scan MBR ==================================

09:39:47.0323 5448 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

09:39:47.0511 5448 \Device\Harddisk0\DR0 - ok

09:39:47.0511 5448 ================ Scan VBR ==================================

09:39:47.0511 5448 [ 544578062AAF34A7BB0A54F83F93E08F ] \Device\Harddisk0\DR0\Partition1

09:39:47.0511 5448 \Device\Harddisk0\DR0\Partition1 - ok

09:39:47.0526 5448 [ 11E2CAF3DD661DA3D267A64556186865 ] \Device\Harddisk0\DR0\Partition2

09:39:47.0526 5448 \Device\Harddisk0\DR0\Partition2 - ok

09:39:47.0557 5448 [ 9F9B40691D6524CD229F1A032D1E717A ] \Device\Harddisk0\DR0\Partition3

09:39:47.0557 5448 \Device\Harddisk0\DR0\Partition3 - ok

09:39:47.0557 5448 ============================================================

09:39:47.0557 5448 Scan finished

09:39:47.0557 5448 ============================================================

09:39:47.0573 1844 Detected object count: 0

09:39:47.0573 1844 Actual detected object count: 0

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-10-12 09:41:25

-----------------------------

09:41:25.251 OS Version: Windows 6.1.7600

09:41:25.251 Number of processors: 2 586 0x170A

09:41:25.251 ComputerName: WORKSTATION2 UserName: admin

09:41:33.223 Initialize success

09:45:24.824 AVAST engine defs: 12101200

09:46:24.681 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

09:46:24.681 Disk 0 Vendor: SAMSUNG_ 1AC0 Size: 152627MB BusType: 3

09:46:24.697 Disk 0 MBR read successfully

09:46:24.712 Disk 0 MBR scan

09:46:24.712 Disk 0 Windows 7 default MBR code

09:46:24.728 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 2047 MB offset 2048

09:46:24.743 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 142484 MB offset 4194304

09:46:24.759 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 8085 MB offset 296001536

09:46:24.775 Disk 0 scanning sectors +312559616

09:46:24.821 Disk 0 scanning C:\Windows\system32\drivers

09:46:33.682 Service scanning

09:46:53.447 Modules scanning

09:46:59.812 Disk 0 trace - called modules:

09:46:59.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iastor.sys

09:46:59.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87201638]

09:46:59.843 3 CLASSPNP.SYS[88f7859e] -> nt!IofCallDriver -> [0x85359288]

09:46:59.843 5 ACPI.sys[8889f3b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8530c028]

09:47:00.202 AVAST engine scan C:\

10:29:00.125 Scan finished successfully

10:33:25.091 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"

10:33:25.091 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"

Thank you,

Wei

Link to post
Share on other sites

  • Staff

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

    [*]Please post the contents of OTL.txt in your next reply.

Gringo

Link to post
Share on other sites

Hi Gringo,

Thank you for the reply. I came in today and saw the warning keep showing up. When the day that the virus happened, our credit card processing sofware didn't function correctly. The software is XCharge. We couldn't process one credit card, then we called XCharge company, they told us to restart the software, and then the credit card went through. After that one case, we had one more similar incident on the next day. My staff didn't think this has anything with the virus. Now I think you might want to know it too.

Ok, the following is the content from OTL.txt. Thank you so much, have a great day.

OTL logfile created on: 10/14/2012 11:34:29 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admin\Desktop

Professional (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.95 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 65.69% Memory free

3.89 Gb Paging File | 3.02 Gb Available in Paging File | 77.65% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139.14 Gb Total Space | 108.02 Gb Free Space | 77.63% Space Free | Partition Type: NTFS

Drive D: | 7.90 Gb Total Space | 0.93 Gb Free Space | 11.84% Space Free | Partition Type: NTFS

Drive G: | 569.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WORKSTATION2 | User Name: admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\admin\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\admin\AppData\Local\SSCService\SSCWindowsService.exe (SikkaSoft)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Windows\System32\atashost.exe (Cisco WebEx LLC)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\msfeedssync.exe (Microsoft Corporation)

PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)

PRC - C:\ProgramData\CAM Commerce Solutions\X-Charge\Application\XCSecurityService.exe ()

PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation)

PRC - C:\Program Files\TeamViewer\Version4\TeamViewer.exe (TeamViewer GmbH)

PRC - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - (hpqwmiex) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe File not found

SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe File not found

SRV - (SSCWindowsService) -- C:\Users\admin\AppData\Local\SSCService\SSCWindowsService.exe (SikkaSoft)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)

SRV - (atashost) -- C:\Windows\System32\atashost.exe (Cisco WebEx LLC)

SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)

SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)

SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)

SRV - (XCService) -- C:\ProgramData\CAM Commerce Solutions\X-Charge\Application\XCService.exe ()

SRV - (XCSecurity) -- C:\ProgramData\CAM Commerce Solutions\X-Charge\Application\XCSecurityService.exe ()

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (UNS) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

SRV - (ESCameraService) -- C:\EagleSoft\Shared Files\ESCameraService.exe ()

SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\admin\AppData\Local\Temp\catchme.sys File not found

DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121012.002\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121012.002\NAVENG.SYS (Symantec Corporation)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)

DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)

DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)

DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)

DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)

DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation)

DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation)

DRV - (e1kexpress) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)

DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)

DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)

DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF

IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1922023010-2379744930-3448582157-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.amdentpro.com/

IE - HKU\S-1-5-21-1922023010-2379744930-3448582157-1000\..\SearchScopes,DefaultScope = {30A8C4C4-2A3D-4BFA-B85C-650F80C20527}

IE - HKU\S-1-5-21-1922023010-2379744930-3448582157-1000\..\SearchScopes\{30A8C4C4-2A3D-4BFA-B85C-650F80C20527}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}'>http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-1922023010-2379744930-3448582157-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF

IE - HKU\S-1-5-21-1922023010-2379744930-3448582157-1000\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-1922023010-2379744930-3448582157-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.amdentpro.com"

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/03/04 11:46:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/03/04 11:46:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/04 11:46:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/10 10:42:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/05/10 11:19:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions

[2012/05/14 09:30:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\b9adthd4.default\extensions

[2012/09/10 10:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/09/10 10:42:07 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/09/05 10:09:53 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/09/05 10:09:53 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\admin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

CHR - plugin: Google Update (Enabled) = C:\Users\admin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/11 11:42:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1922023010-2379744930-3448582157-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1922023010-2379744930-3448582157-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O15 - HKLM\..Trusted Domains: caesy ([]http in Trusted sites)

O15 - HKU\S-1-5-21-1922023010-2379744930-3448582157-1000\..Trusted Domains: highserver ([]file in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0C2F78B-1A0A-4463-AB88-8422F7D6DA8D}: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0C2F78B-1A0A-4463-AB88-8422F7D6DA8D}: NameServer = 192.168.1.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2003/07/07 07:00:00 | 000,000,043 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/14 11:31:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe

[2012/10/13 08:11:02 | 000,000,000 | ---D | C] -- C:\2012-10-13

[2012/10/12 09:57:30 | 000,000,000 | ---D | C] -- C:\2012-10-12

[2012/10/11 11:43:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/10/11 11:43:52 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\temp

[2012/10/11 11:37:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/10/11 11:37:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/10/11 11:37:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/10/11 11:37:05 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/10/11 11:36:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/10/11 09:31:30 | 000,000,000 | ---D | C] -- C:\2012-10-11

[2012/10/10 15:17:47 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\SecurityTools

[2012/10/10 14:42:24 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\TrendMicro AntiThreat Toolkit

[2012/10/10 14:39:10 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys

[2012/10/10 14:14:28 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes

[2012/10/10 14:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/10/10 14:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/10/10 14:14:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/10/10 14:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/10/10 09:03:50 | 000,000,000 | ---D | C] -- C:\2012-10-10

[2012/10/09 07:49:11 | 000,000,000 | ---D | C] -- C:\2012-10-09

[2012/10/08 12:50:10 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012/10/08 08:58:21 | 000,000,000 | ---D | C] -- C:\2012-10-08

[2012/10/06 08:28:05 | 000,000,000 | ---D | C] -- C:\2012-10-06

[2012/10/05 09:28:53 | 000,000,000 | ---D | C] -- C:\2012-10-05

[2012/10/04 09:54:04 | 000,000,000 | ---D | C] -- C:\2012-10-04

[2012/10/03 09:55:40 | 000,000,000 | ---D | C] -- C:\2012-10-03

[2012/10/02 07:48:03 | 000,000,000 | ---D | C] -- C:\2012-10-02

[2012/10/01 09:25:29 | 000,000,000 | ---D | C] -- C:\2012-10-01

[2012/09/29 08:24:41 | 000,000,000 | ---D | C] -- C:\2012-09-29

[2012/09/28 09:35:38 | 000,000,000 | ---D | C] -- C:\2012-09-28

[2012/09/27 09:22:18 | 000,000,000 | ---D | C] -- C:\2012-09-27

[2012/09/26 09:13:29 | 000,000,000 | ---D | C] -- C:\2012-09-26

[2012/09/25 07:54:44 | 000,000,000 | ---D | C] -- C:\2012-09-25

[2012/09/24 08:44:43 | 000,000,000 | ---D | C] -- C:\2012-09-24

[2012/09/22 08:25:12 | 000,000,000 | ---D | C] -- C:\2012-09-22

[2012/09/21 09:45:46 | 000,000,000 | ---D | C] -- C:\2012-09-21

[2012/09/20 09:32:29 | 000,000,000 | ---D | C] -- C:\2012-09-20

[2012/09/19 09:14:58 | 000,000,000 | ---D | C] -- C:\2012-09-19

[2012/09/18 07:28:22 | 000,000,000 | ---D | C] -- C:\2012-09-18

[2012/09/17 08:54:54 | 000,000,000 | ---D | C] -- C:\2012-09-17

[2012/09/15 08:26:17 | 000,000,000 | ---D | C] -- C:\2012-09-15

========== Files - Modified Within 30 Days ==========

[2012/10/14 11:36:41 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/10/14 11:36:41 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/10/14 11:31:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe

[2012/10/14 11:28:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/10/14 11:28:12 | 1567,551,488 | -HS- | M] () -- C:\hiberfil.sys

[2012/10/13 13:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/10/13 13:10:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1922023010-2379744930-3448582157-1000UA.job

[2012/10/13 10:10:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1922023010-2379744930-3448582157-1000Core.job

[2012/10/11 11:42:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/10/10 14:42:24 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys

[2012/10/10 14:38:55 | 000,000,036 | ---- | M] () -- C:\Users\admin\AppData\Local\housecall.guid.cache

[2012/10/09 11:15:35 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/10/09 11:15:35 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/10/04 16:24:18 | 000,006,401 | ---- | M] () -- C:\Windows\System32\ESDictionary.dic

[2012/10/03 11:35:31 | 000,006,401 | ---- | M] () -- C:\Windows\System32\ESDictionary.cud

[2012/09/28 14:52:02 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForadmin.job

[2012/09/19 12:11:11 | 000,010,185 | ---- | M] () -- C:\Users\admin\Desktop\concordia registration.htm

[2012/09/19 11:28:44 | 000,018,009 | ---- | M] () -- C:\Users\admin\Desktop\pt survey.htm

========== Files Created - No Company Name ==========

[2012/10/11 11:37:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/10/11 11:37:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/10/11 11:37:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/10/11 11:37:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/10/11 11:37:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/10/10 14:38:55 | 000,000,036 | ---- | C] () -- C:\Users\admin\AppData\Local\housecall.guid.cache

[2012/09/19 12:11:11 | 000,010,185 | ---- | C] () -- C:\Users\admin\Desktop\concordia registration.htm

[2012/09/19 11:28:43 | 000,018,009 | ---- | C] () -- C:\Users\admin\Desktop\pt survey.htm

[2012/03/05 14:40:16 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll

[2011/09/01 10:36:47 | 000,061,440 | ---- | C] () -- C:\Windows\System32\IMG32MM.DLL

[2011/05/24 08:35:24 | 000,001,849 | ---- | C] () -- C:\Users\admin\AppData\Roaming\GhostObjGAFix.xml

[2011/04/12 11:52:24 | 000,000,093 | ---- | C] () -- C:\Users\admin\AppData\Local\fusioncache.dat

[2011/04/12 11:52:05 | 000,725,311 | ---- | C] () -- C:\Users\admin\AppData\Local\TempPresentation_Length_Chart.pdf

[2011/04/12 11:51:20 | 000,137,733 | ---- | C] () -- C:\Users\admin\AppData\Local\TempEnterprise_checklist.pdf

[2011/03/14 16:54:04 | 000,162,304 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE

[2011/03/14 16:54:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\PadCom8810Serial.dll

[2011/03/14 16:54:00 | 000,684,032 | ---- | C] () -- C:\Windows\System32\libeay32.dll

[2011/03/14 16:54:00 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ssleay32.dll

[2011/03/14 16:53:55 | 009,990,144 | ---- | C] () -- C:\Windows\System32\XCClient.dll

[2011/03/14 14:48:58 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI

[2011/03/14 14:22:43 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2011/03/04 12:29:29 | 012,867,584 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

< End of report >

Link to post
Share on other sites

  • Staff

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word Code

    :OTL
    FF - user.js - File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

Link to post
Share on other sites

Hi Gringo,

I did ran the costum script and got a log. However, I made a mistake. I copied the content to this forum and deleted the notepad log. Then I don't know why I ran the script again, I guess I wanted to see the difference between the first run and the second run. This time the log has everything zeroed out. The worst thing is my firefox browser is closed before I post my reply and I lost the log from the first run.

I'm sorry that I didn't follow extactly what you have told me. I ran the fix but don't have the log for you. Here is the second log I ran. Please continue help me. I won't make this kind of mistake anymore. Thank you very much.

========== OTL ==========

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

========== COMMANDS ==========

[EMPTYJAVA]

User: admin

->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: admin

->Flash cache emptied: 0 bytes

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10142012_214029

Link to post
Share on other sites

Hi Gringo,

I found the first log file from running the costum script. Thank you very much.

========== OTL ==========

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\Windows\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

========== COMMANDS ==========

[EMPTYJAVA]

User: admin

->Java cache emptied: 5258330 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 5.00 mb

[EMPTYFLASH]

User: admin

->Flash cache emptied: 885 bytes

User: All Users

User: Default

->Flash cache emptied: 56502 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10142012_212628

Link to post
Share on other sites

Hi Gringo,

The warnings happen only when we are on the internet. This morning it was fine until we opened firefox and hotmail.

I can see that all the infected files are mostly in one location which is C:\users\admin\AppData\local\SSCService\Tmpupdates\. SSCService is a company's (Transworld) software that we are using to collect unpaid invoice. Can we just uninstall this software and reinstall it?

Thank you,

Wei

Link to post
Share on other sites

Hi Gringo,

Do you mean the exact location of the infect files? Here is three infected files from the result page of Symantec AntiVirus. There are more, but I didn't list them all for you here. Thank you, Wei

C:\Users\admin\AppData\Local\SSCService\TmpUpdates\0.943862276125635tmp

C:\Users\admin\AppData\Local\SSCService\TmpUpdates\0.101266453555444tmp

C:\Users\admin\AppData\Local\SSCService\TmpUpdates\0.642455555332105tmp

Link to post
Share on other sites

  • Staff

Please go to http://virscan.org/

  • Navigate the following file path into the "Suspicious files to scan" box on the top of the page:
    C:\Users\admin\AppData\Local\SSCService\TmpUpdates\0.943862276125635tmp

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Please do this with each of these files also

C:\Users\admin\AppData\Local\SSCService\TmpUpdates\0.101266453555444tmp

Link to post
Share on other sites

Hi Gringo,

Here is the scan result for the first file. I used ReScan for the second file; however, the web page is just hanging for a long time. So, I decide to send you the first one now. If I get the second scan result, I will send it to you later. Thanks, Wei

VirSCAN.org Scanned Report :

Scanned time : 2012/10/16 05:57:58 (CST)

Scanner results: 24% Scanner(s) (9/37) found malware!

File Name : 0.943862276125635tmp.zix

File Size : 129777 byte

File Type : Zip64 archive data, at least v3.0 to extract

MD5 : c78641e046a6729c33f138d1fba9c46f

SHA1 : 42cc9cf3d3072a91abd55c8182b6128343c3d686

Online report : http://r.virscan.org/275ceba04935ac6ee680fdea1069b589

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 5.1.0.4 20121016043050 2012-10-16 12.28 Win32.SuspectCrc!IK

AhnLab V3 2012.10.16.00 2012.10.16 2012-10-16 2.67 -

AntiVir 8.2.10.150 7.11.41.132 2012-09-01 0.17 -

Antiy 2.0.18 2.0.18. 0002-18-00 0.31 -

Arcavir 2011 201210111335 2012-10-11 2.47 -

Authentium 5.1.1 201209090949 2012-09-09 1.46 -

AVAST! 4.7.4 121015-0 2012-10-15 0.20 Win32:Trojan-gen

AVG 12.0.1794 2441/5333 2012-10-15 0.26 Dropper.Generic6.CGUJ

BitDefender 7.90123.7621810 7.43729 2012-10-16 4.78 Gen:Variant.Barys.2069

ClamAV 0.97.5 15464 2012-10-16 0.36 -

Comodo 5.1 13872 2012-10-15 2.07 -

CP Secure 1.3.0.5 2012.10.16 2012-10-16 0.22 -

Dr.Web 7.0.3.7130 2012.10.15 2012-10-15 14.84 -

F-Prot 4.6.2.117 20121015 2012-10-15 0.84 -

F-Secure 7.02.73807 2012.10.15.04 2012-10-15 2.28 Gen:Variant.Barys.2069 [Aquarius]

Fortinet 4.3.392 16.542 2012-10-15 0.14 -

GData 22.6439 20121016 2012-10-16 5.71 Gen:Variant.Barys.2069 [Engine:A]

ViRobot 20121015 2012.10.15 2012-10-15 0.36 -

Ikarus T3.1.32.20.0 2012.10.15.82507 2012-10-15 6.89 Win32.SuspectCrc

JiangMin 13.0.900 2012.10.15 2012-10-15 2.25 -

Kaspersky 5.5.10 2012.10.15 2012-10-15 0.32 -

KingSoft 2009.2.5.15 2012.10.15.9 2012-10-15 0.94 -

McAfee 5400.1158 6866 2012-10-15 9.66 -

Microsoft 1.8800 2012.10.15 2012-10-15 5.90 -

NOD32 3.0.21 7588 2012-10-15 0.20 -

Norman 6.8.3 201208311030 2012-08-31 0.00 -

Panda 9.05.01 2012.10.15 2012-10-15 2.74 -

Trend Micro 9.500-1005 9.462.01 2012-10-14 0.20 -

Quick Heal 11.00 2012.10.15 2012-10-15 1.10 -

Rising 20.0 24.31.04.01 2012-10-12 2.85 -

Sophos 3.35.1 4.81 2012-10-16 4.92 -

Sunbelt 3.9.2550.2 13538 2012-10-15 0.83 Trojan.Win32.Generic!BT

Symantec 1.3.0.24 20121014.006 2012-10-14 0.51 Trojan.Gen.2

nProtect 20121015.01 12162412 2012-10-15 1.52 -

The Hacker 6.8.0.0 v00109 2012-10-15 0.63 -

VBA32 3.12.18.1 20121015.0917 2012-10-15 3.76 -

VirusBuster 5.5.2.13 15.0.225.0/100549132012-10-14 0.19 -

Link to post
Share on other sites

  • Staff

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word Code


    :Files
    C:\Users\admin\AppData\Local\SSCService\TmpUpdates\
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

Link to post
Share on other sites

Hi Gringo,

I ran the costum script. It went very very fast. OTL didn't ask me to reboot the machine either. Here is the report. Thank you, Wei

========== FILES ==========

C:\Users\admin\AppData\Local\SSCService\TmpUpdates folder moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\admin\Desktop\SecurityTools\cmd.bat deleted successfully.

C:\Users\admin\Desktop\SecurityTools\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: admin

->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: admin

->Flash cache emptied: 492 bytes

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10152012_174857

Link to post
Share on other sites

Hi Gringo,

After I ran the costum script, the TmpUpdates folder disapeared for a short while. Then the attack warning came up again. I tried to run the infected file using VirScan.org; however, the screen is hanging up on me again since it's a rescan. Thought you might want to know this.

Thank you,

Wei

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.