Jump to content

winrscmde Trojan detected by MBAM


Recommended Posts

winrscmde (through system process svchost.exe) Trojan has been detected on my computer by MBAM, however, after I have restarted my computer winrscmde can again be found on my computer.

I have never posted before, so please let me know if anything is incorrect.

Here are my logs:

dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2

Run by Orender Clan at 12:32:29 on 2012-11-25

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4293 [GMT -5:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe

C:\Windows\system32\dleacoms.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe

C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe

C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe

C:\Windows\System32\rundll32.exe

C:\Users\Orender Clan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Orender Clan\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Users\Orender Clan\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://myhomepage.genieo.com/

uURLSearchHooks: {a8864317-e18b-4292-99d9-e6e65ab905d3} - <orphaned>

uURLSearchHooks: Mapit Toolbar: {46a21652-3f93-437d-aac0-caa1f6713da0} - C:\Program Files (x86)\Mapit\prxtbMapi.dll

uURLSearchHooks: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - <orphaned>

mURLSearchHooks: Mapit Toolbar: {46a21652-3f93-437d-aac0-caa1f6713da0} - C:\Program Files (x86)\Mapit\prxtbMapi.dll

mWinlogon: Userinit = userinit.exe,

BHO: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll

BHO: Mapit Toolbar: {46a21652-3f93-437d-aac0-caa1f6713da0} - C:\Program Files (x86)\Mapit\prxtbMapi.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Mapit Toolbar: {46A21652-3F93-437D-AAC0-CAA1F6713DA0} - C:\Program Files (x86)\Mapit\prxtbMapi.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll

TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll

TB: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll

TB: Mapit Toolbar: {46a21652-3f93-437d-aac0-caa1f6713da0} - C:\Program Files (x86)\Mapit\prxtbMapi.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll

TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll

uRun: [Google Update] "C:\Users\Orender Clan\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Apps] rundll32.exe "C:\Users\Orender Clan\AppData\Local\CRE\Apps\jkuzrfrtz.dll",RANDOMW

uRun: [spotify Web Helper] "C:\Users\Orender Clan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

dRun: [Apps] rundll32.exe "C:\Users\Orender Clan\AppData\Local\CRE\Apps\jkuzrfrtz.dll",RANDOMW

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{516D7D44-142B-41DB-B0F8-19EF8C88D465} : DHCPNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe"

x64-Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe"

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Orender Clan\AppData\Roaming\Mozilla\Firefox\Profiles\f8we4oe0.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Orender Clan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\Orender Clan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Orender Clan\AppData\Roaming\Mozilla\Firefox\Profiles\f8we4oe0.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll

FF - plugin: C:\Users\Orender Clan\AppData\Roaming\Mozilla\Firefox\Profiles\f8we4oe0.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-22 55856]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0604000.009\symds64.sys [2012-10-1 451192]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0604000.009\symefa64.sys [2012-10-1 1129120]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]

R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\0604000.009\ccsetx64.sys [2012-10-1 167072]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20121123.001\IDSviA64.sys [2012-11-23 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0604000.009\ironx64.sys [2012-10-1 190072]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0604000.009\symnets.sys [2012-10-1 405624]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 dlea_device;dlea_device;C:\Windows\System32\dleacoms.exe -service --> C:\Windows\System32\dleacoms.exe -service [?]

R2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe [2010-7-19 33448]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe [2012-10-1 138272]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-22 1692480]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-6-22 320040]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-23 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 TridVid;USB TV Tuner;C:\Windows\System32\drivers\tridvid6010.sys [2011-1-21 411648]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-26 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-11-25 16:28:11 20480 ----a-r- C:\Windows\svchost.exe

2012-11-25 16:25:06 -------- d-sh--w- C:\found.000

2012-11-25 01:53:51 -------- d-----w- C:\Users\Orender Clan\AppData\Roaming\Malwarebytes

2012-11-25 01:53:33 -------- d-----w- C:\ProgramData\Malwarebytes

2012-11-25 01:53:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-11-25 01:53:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-16 04:34:36 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-16 04:34:36 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-16 04:34:36 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-16 04:34:36 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-16 04:26:10 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-16 04:26:10 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-11-16 04:26:08 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-11-16 04:26:08 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-11-16 04:26:07 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-11-16 04:26:07 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-11-16 04:26:07 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-11-02 01:26:30 212204 ----a-w- C:\ProgramData\SPL9974.tmp

.

==================== Find3M ====================

.

2012-11-14 03:18:27 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-14 03:18:27 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-09-04 18:40:25 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-04 18:40:25 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-09-04 18:40:25 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

.

============= FINISH: 12:33:15.09 ===============

attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/25/2010 5:48:07 PM

System Uptime: 11/25/2012 11:26:27 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 04GJJT

Processor: AMD Athlon™ II X2 240 Processor | CPU 1 | 2800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 689 GiB total, 574.151 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP186: 11/24/2012 5:47:04 PM - Removed RuneScape Launcher 1.2

RP187: 11/24/2012 5:47:55 PM - Removed RuneScape Launcher 1.2.2

RP188: 11/24/2012 8:23:03 PM - Installed RuneScape Launcher 1.2.2

.

==== Installed Programs ======================

.

ABBYY FineReader 6.0 Sprint

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Age of Empires III: Complete Collection

Age of Empires III: The Asian Dynasties

Age of Empires III: The War Chiefs

Amazon Kindle

Amazon MP3 Downloader 1.0.17

Amazon Music Importer

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

Consumer In-Home Service Agreement

ConvertHelper 2.2

Coupon Printer for Windows

D3DX10

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Dock

Dell Edoc Viewer

Dell Getting Started Guide

Dell Toolbar

Dell V310-V510 Series

Driver Setup

GameStop App

GEAR driver installer for x86 and x64

Google Chrome

GoToAssist 8.0.0.514

iTunes

Java 7 Update 7

Java Auto Updater

JavaFX 2.1.1

Junk Mail filter update

LG United Mobile Drivers

Malwarebytes Anti-Malware version 1.65.1.1000

Mapit Toolbar

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

Norton 360

NVIDIA Drivers

Power2Go 5.0

PowerDirector

PowerDVD DX

PowerProducer

QuickTime

Realtek High Definition Audio Driver

Roxio Burn

RuneScape Launcher 1.2.2

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Skype Toolbars

Skype™ 5.10

Sony Pictures Download Manager

Spotify

Star Wars Empire at War

Star Wars Empire at War Forces of Corruption

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VoiceOver Kit

Winamp

Winamp Detector Plug-in

Winamp Toolbar

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

11/25/2012 11:08:40 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.

11/25/2012 11:08:14 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

11/25/2012 11:01:00 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff8000310e16a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112512-71089-01.

11/25/2012 10:41:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect.

11/25/2012 10:41:41 AM, Error: Service Control Manager [7000] - The Client Virtualization Handler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/25/2012 10:41:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

11/24/2012 8:24:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800030bb16a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112412-44444-01.

11/24/2012 6:10:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

11/23/2012 8:29:41 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.

11/23/2012 8:29:38 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

11/23/2012 8:29:38 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

11/23/2012 8:29:38 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

11/23/2012 8:29:38 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.

11/23/2012 8:29:38 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.

11/23/2012 8:29:38 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.

11/23/2012 8:29:37 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The operation completed successfully.

11/23/2012 8:29:35 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

11/23/2012 8:28:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033bf63a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-42104-01.

11/23/2012 8:23:00 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

11/23/2012 8:21:43 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8006ad6bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-46129-01.

11/23/2012 8:17:15 AM, Error: Service Control Manager [7034] - The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).

11/23/2012 6:05:10 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

11/23/2012 1:11:02 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033be63a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112312-44195-01.

11/22/2012 10:15:31 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: A specified authentication package is unknown.

11/22/2012 10:13:35 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

.

==== End Of File ===========================

Link to post
Share on other sites

Thanks Kevin -

Here is my most recent Malwarebytes log:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.24.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Orender Clan :: ORENDERCLAN-PC [administrator]

11/25/2012 11:14:32 AM

mbam-log-2012-11-25 (11-14-32).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 203511

Time elapsed: 4 minute(s), 45 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 4188 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

I should note that I changed the svchost.exe to a Read-only file and that has temporarily stopped it from restarting itself under the list of processes listed by the Task Manager.

Link to post
Share on other sites

OK, thanks for the log, continue as follows please:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

Combofix

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

Link to post
Share on other sites

ComboFix Log:

ComboFix 12-11-25.01 - Orender Clan 11/25/2012 14:25:26.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4514 [GMT -5:00]

Running from: c:\users\Orender Clan\Desktop\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\SPL6FFE.tmp

c:\programdata\SPL9974.tmp

c:\users\Orender Clan\AppData\Local\CRE\Apps\jkuzrfrtz.dll

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-25 to 2012-11-25 )))))))))))))))))))))))))))))))

.

.

2012-11-25 19:32 . 2012-11-25 19:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-25 16:25 . 2012-11-25 16:25 -------- d-----w- C:\found.000

2012-11-25 01:53 . 2012-11-25 01:53 -------- d-----w- c:\users\Orender Clan\AppData\Roaming\Malwarebytes

2012-11-25 01:53 . 2012-11-25 01:53 -------- d-----w- c:\programdata\Malwarebytes

2012-11-25 01:53 . 2012-11-25 01:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-25 01:53 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-16 04:34 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-16 04:34 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-16 04:34 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-16 04:34 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-16 04:26 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-16 04:26 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-16 04:26 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-16 04:26 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-16 04:26 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-16 04:26 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-16 04:26 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-16 04:26 . 2010-06-26 22:40 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-14 03:18 . 2012-04-05 11:46 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-14 03:18 . 2011-05-19 11:51 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-13 11:01 . 2012-10-13 11:01 98304 ----a-w- c:\users\Orender Clan\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll

2012-10-13 11:01 . 2012-10-13 11:01 24576 ----a-w- c:\users\Orender Clan\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll

2012-10-13 11:01 . 2012-10-13 11:01 1347584 ----a-w- c:\users\Orender Clan\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe

2012-09-21 22:41 . 2011-05-16 14:38 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-09-21 22:41 . 2011-05-16 14:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-09-14 19:19 . 2012-10-10 15:23 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 15:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-04 18:40 . 2012-09-04 18:40 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-04 18:40 . 2012-05-18 22:32 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-04 18:40 . 2010-06-22 06:05 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-31 18:19 . 2012-10-10 15:24 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 22:45 . 2012-08-30 22:45 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-08-30 22:45 . 2012-08-30 22:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-08-30 18:03 . 2012-10-10 15:24 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 15:24 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 15:24 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{46a21652-3f93-437d-aac0-caa1f6713da0}"= "c:\program files (x86)\Mapit\prxtbMapi.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{46a21652-3f93-437d-aac0-caa1f6713da0}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{46a21652-3f93-437d-aac0-caa1f6713da0}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Mapit\prxtbMapi.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{46a21652-3f93-437d-aac0-caa1f6713da0}"= "c:\program files (x86)\Mapit\prxtbMapi.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{46a21652-3f93-437d-aac0-caa1f6713da0}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\users\Orender Clan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-28 1199576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-06 559616]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 TridVid;USB TV Tuner;c:\windows\system32\DRIVERS\tridvid6010.sys [2011-01-21 411648]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS [2011-08-16 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS [2012-05-22 1129120]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]

S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [2012-06-07 167072]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20121123.001\IDSvia64.sys [2012-09-06 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [2011-11-17 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [2011-11-17 405624]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-01-07 1052328]

S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-01-07 33448]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe [2012-06-16 138272]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 03:18]

.

2012-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2509198050-1799770259-3595075597-1000Core.job

- c:\users\Orender Clan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-23 13:42]

.

2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2509198050-1799770259-3595075597-1000UA.job

- c:\users\Orender Clan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-23 13:42]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]

"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2010-01-18 770728]

"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2010-01-18 139944]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://myhomepage.genieo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Orender Clan\AppData\Roaming\Mozilla\Firefox\Profiles\f8we4oe0.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{a8864317-e18b-4292-99d9-e6e65ab905d3} - (no file)

URLSearchHooks-{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-Apps - c:\users\Orender Clan\AppData\Local\CRE\Apps\jkuzrfrtz.dll

Wow6432Node-HKU-Default-Run-Apps - c:\users\Orender Clan\AppData\Local\CRE\Apps\jkuzrfrtz.dll

Toolbar-Locked - (no file)

WebBrowser-{A8864317-E18B-4292-99D9-E6E65AB905D3} - (no file)

WebBrowser-{46A21652-3F93-437D-AAC0-CAA1F6713DA0} - (no file)

WebBrowser-{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{09B71986-2AC5-482D-B6CB-42EA34F4F85B}"=hex:51,66,7a,6c,4c,1d,38,12,e8,1a,a4,

0d,f7,64,43,0d,c9,dd,01,aa,31,aa,bc,4f

"{A8864317-E18B-4292-99D9-E6E65AB905D3}"=hex:51,66,7a,6c,4c,1d,38,12,79,40,95,

ac,b9,af,fc,07,e6,cf,a5,a6,5f,e7,41,c7

"{46A21652-3F93-437D-AAC0-CAA1F6713DA0}"=hex:51,66,7a,6c,4c,1d,38,12,3c,15,b1,

42,a1,71,13,06,d5,d6,89,e1,f3,2f,79,b4

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}"=hex:51,66,7a,6c,4c,1d,38,12,52,5d,bf,

b2,d9,12,1c,0b,cb,47,b3,a1,bf,c6,78,00

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"=hex:51,66,7a,6c,4c,1d,38,12,6c,b9,e1,

ef,a6,de,34,09,fa,9d,f8,59,8a,63,c9,f6

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}"=hex:51,66,7a,6c,4c,1d,38,12,82,eb,dd,

21,02,19,d2,04,f4,4e,61,9d,cd,f5,c8,34

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,

6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:53,c0,24,e2,fd,c9,cd,01

.

[HKEY_USERS\S-1-5-21-2509198050-1799770259-3595075597-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2509198050-1799770259-3595075597-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-25 14:35:14

ComboFix-quarantined-files.txt 2012-11-25 19:35

.

Pre-Run: 613,294,837,760 bytes free

Post-Run: 613,198,045,184 bytes free

.

- - End Of File - - 9A36A741651871CEC67C2F4ADC489910

Link to post
Share on other sites

Thanks for the log, do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:


ClearJavaCache::
Killall::
Folder::
c:\program files (x86)\Mapit
Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
[-HKEY_CLASSES_ROOT\clsid\{46a21652-3f93-437d-aac0-caa1f6713da0}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{46a21652-3f93-437d-aac0-caa1f6713da0}]
"{46a21652-3f93-437d-aac0-caa1f6713da0}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{46a21652-3f93-437d-aac0-caa1f6713da0}"=-
[-HKEY_CLASSES_ROOT\clsid\{46a21652-3f93-437d-aac0-caa1f6713da0}]

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

Run Malwarebytes, check for updates then run a Full scan. Deal with anything it finds....

Let me see those two logs, also give an update on any improvement or if still issues...

Kevin

Link to post
Share on other sites

I've been having some problems running ComboFix successfully. The first time, my computer shutdown and started up on the black screen asking for Safe Mode or normal startup (no ComboFix log in my C:\ directory). I tried going through the process again, and ComboFox has been stuck on the same blue screen that says "Preparing Log Report. Do not run any programs until ComboFix has finished", meanwhile svchost.exe (winrscmde) is running at ~600k in the background, so I decided to write a quick update/post. Any suggestions?

Link to post
Share on other sites

Sorry for the delay, had to go through the motions a second time. winrscmde is still running on my computer after going through everything, using a lot of memory - though my blue error screen problems have stopped, which is nice!

ComboFix.txt:

ComboFix 12-11-25.01 - Orender Clan 11/25/2012 17:01:18.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4771 [GMT -5:00]

Running from: c:\users\Orender Clan\Desktop\ComboFix.exe

Command switches used :: c:\users\Orender Clan\Desktop\CFScript.txt

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Mapit

c:\program files (x86)\Mapit\GottenAppsContextMenu.xml

c:\program files (x86)\Mapit\ldrtbMapi.dll

c:\program files (x86)\Mapit\MapitToolbarHelper.exe

c:\program files (x86)\Mapit\OtherAppsContextMenu.xml

c:\program files (x86)\Mapit\prxtbMapi.dll

c:\program files (x86)\Mapit\SharedAppsContextMenu.xml

c:\program files (x86)\Mapit\tbMapi.dll

c:\program files (x86)\Mapit\toolbar.cfg

c:\program files (x86)\Mapit\ToolbarContextMenu.xml

c:\program files (x86)\Mapit\uninstall.exe

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-25 to 2012-11-25 )))))))))))))))))))))))))))))))

.

.

2012-11-25 16:25 . 2012-11-25 16:25 -------- d-----w- C:\found.000

2012-11-25 01:53 . 2012-11-25 01:53 -------- d-----w- c:\users\Orender Clan\AppData\Roaming\Malwarebytes

2012-11-25 01:53 . 2012-11-25 01:53 -------- d-----w- c:\programdata\Malwarebytes

2012-11-25 01:53 . 2012-11-25 01:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-25 01:53 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-16 04:34 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-16 04:34 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-16 04:34 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-16 04:34 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-16 04:26 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-16 04:26 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-16 04:26 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-16 04:26 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-16 04:26 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-16 04:26 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-16 04:26 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-16 04:26 . 2010-06-26 22:40 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-14 03:18 . 2012-04-05 11:46 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-14 03:18 . 2011-05-19 11:51 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-13 11:01 . 2012-10-13 11:01 98304 ----a-w- c:\users\Orender Clan\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll

2012-10-13 11:01 . 2012-10-13 11:01 24576 ----a-w- c:\users\Orender Clan\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll

2012-10-13 11:01 . 2012-10-13 11:01 1347584 ----a-w- c:\users\Orender Clan\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe

2012-09-21 22:41 . 2011-05-16 14:38 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-09-21 22:41 . 2011-05-16 14:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-09-14 19:19 . 2012-10-10 15:23 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 15:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-04 18:40 . 2012-09-04 18:40 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-04 18:40 . 2012-05-18 22:32 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-04 18:40 . 2010-06-22 06:05 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-31 18:19 . 2012-10-10 15:24 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 22:45 . 2012-08-30 22:45 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-08-30 22:45 . 2012-08-30 22:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-08-30 18:03 . 2012-10-10 15:24 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 15:24 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 15:24 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\users\Orender Clan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-28 1199576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-06 559616]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 TridVid;USB TV Tuner;c:\windows\system32\DRIVERS\tridvid6010.sys [2011-01-21 411648]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS [2011-08-16 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS [2012-05-22 1129120]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]

S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [2012-06-07 167072]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20121123.001\IDSvia64.sys [2012-09-06 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [2011-11-17 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [2011-11-17 405624]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-01-07 1052328]

S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-01-07 33448]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe [2012-06-16 138272]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 03:18]

.

2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2509198050-1799770259-3595075597-1000Core.job

- c:\users\Orender Clan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-23 13:42]

.

2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2509198050-1799770259-3595075597-1000UA.job

- c:\users\Orender Clan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-23 13:42]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]

"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2010-01-18 770728]

"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2010-01-18 139944]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://myhomepage.genieo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Orender Clan\AppData\Roaming\Mozilla\Firefox\Profiles\f8we4oe0.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{46a21652-3f93-437d-aac0-caa1f6713da0} - c:\program files (x86)\Mapit\prxtbMapi.dll

Toolbar-Locked - (no file)

WebBrowser-{46A21652-3F93-437D-AAC0-CAA1F6713DA0} - (no file)

AddRemove-Mapit Toolbar - c:\program files (x86)\Mapit\uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{09B71986-2AC5-482D-B6CB-42EA34F4F85B}"=hex:51,66,7a,6c,4c,1d,38,12,e8,1a,a4,

0d,f7,64,43,0d,c9,dd,01,aa,31,aa,bc,4f

"{A8864317-E18B-4292-99D9-E6E65AB905D3}"=hex:51,66,7a,6c,4c,1d,38,12,79,40,95,

ac,b9,af,fc,07,e6,cf,a5,a6,5f,e7,41,c7

"{46A21652-3F93-437D-AAC0-CAA1F6713DA0}"=hex:51,66,7a,6c,4c,1d,38,12,3c,15,b1,

42,a1,71,13,06,d5,d6,89,e1,f3,2f,79,b4

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}"=hex:51,66,7a,6c,4c,1d,38,12,52,5d,bf,

b2,d9,12,1c,0b,cb,47,b3,a1,bf,c6,78,00

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"=hex:51,66,7a,6c,4c,1d,38,12,6c,b9,e1,

ef,a6,de,34,09,fa,9d,f8,59,8a,63,c9,f6

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}"=hex:51,66,7a,6c,4c,1d,38,12,82,eb,dd,

21,02,19,d2,04,f4,4e,61,9d,cd,f5,c8,34

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,

6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:53,c0,24,e2,fd,c9,cd,01

.

[HKEY_USERS\S-1-5-21-2509198050-1799770259-3595075597-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2509198050-1799770259-3595075597-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Orender Clan\AppData\Local\Google\Chrome\Application\chrome.exe

.

**************************************************************************

.

Completion time: 2012-11-25 17:51:21 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-25 22:51

ComboFix2.txt 2012-11-25 19:35

.

Pre-Run: 611,662,405,632 bytes free

Post-Run: 612,852,359,168 bytes free

.

- - End Of File - - 9E74330D786699F2F90716237ADE41CD

Malwarebytes log:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.24.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Orender Clan :: ORENDERCLAN-PC [administrator]

11/25/2012 5:54:53 PM

mbam-log-2012-11-25 (17-54-53).txt

Scan type: Full scan (C:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 401304

Time elapsed: 56 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Yes I see MB has also removed it again after Combofix, looks like a hidden rootkit is re-loading the file each time, OK run TDSSKiller see if that will find the rootkit:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on tdssk.jpg to run the application.
  • The "Ready to scan" window will open, Click on "Change parameters"
    tda.png
  • Place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.
    td1.png
  • Select "Start Scan"
    tdb.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    td2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    td3.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    td4.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

TDSSKiller produced 2 logs, here is the 2nd/more recent log:

20:12:27.0539 2908 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

20:12:28.0007 2908 ============================================================

20:12:28.0007 2908 Current date / time: 2012/11/25 20:12:28.0007

20:12:28.0007 2908 SystemInfo:

20:12:28.0007 2908

20:12:28.0007 2908 OS Version: 6.1.7601 ServicePack: 1.0

20:12:28.0007 2908 Product type: Workstation

20:12:28.0007 2908 ComputerName: ORENDERCLAN-PC

20:12:28.0007 2908 UserName: Orender Clan

20:12:28.0007 2908 Windows directory: C:\Windows

20:12:28.0007 2908 System windows directory: C:\Windows

20:12:28.0007 2908 Running under WOW64

20:12:28.0007 2908 Processor architecture: Intel x64

20:12:28.0007 2908 Number of processors: 2

20:12:28.0007 2908 Page size: 0x1000

20:12:28.0007 2908 Boot type: Normal boot

20:12:28.0007 2908 ============================================================

20:12:29.0832 2908 BG loaded

20:12:30.0206 2908 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:12:30.0237 2908 ============================================================

20:12:30.0237 2908 \Device\Harddisk0\DR0:

20:12:30.0237 2908 MBR partitions:

20:12:30.0237 2908 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x13C3000

20:12:30.0237 2908 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13D7000, BlocksNum 0x5616E800

20:12:30.0237 2908 ============================================================

20:12:30.0269 2908 C: <-> \Device\Harddisk0\DR0\Partition2

20:12:30.0269 2908 ============================================================

20:12:30.0269 2908 Initialize success

20:12:30.0269 2908 ============================================================

I don't see svchost.exe (winrscmde) running as a system process anymore, thats encouraging.

Link to post
Share on other sites

Full log:

20:02:19.0310 6772 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

20:02:19.0720 6772 ============================================================

20:02:19.0720 6772 Current date / time: 2012/11/25 20:02:19.0720

20:02:19.0720 6772 SystemInfo:

20:02:19.0720 6772

20:02:19.0720 6772 OS Version: 6.1.7601 ServicePack: 1.0

20:02:19.0720 6772 Product type: Workstation

20:02:19.0721 6772 ComputerName: ORENDERCLAN-PC

20:02:19.0721 6772 UserName: Orender Clan

20:02:19.0721 6772 Windows directory: C:\Windows

20:02:19.0721 6772 System windows directory: C:\Windows

20:02:19.0721 6772 Running under WOW64

20:02:19.0721 6772 Processor architecture: Intel x64

20:02:19.0721 6772 Number of processors: 2

20:02:19.0721 6772 Page size: 0x1000

20:02:19.0721 6772 Boot type: Normal boot

20:02:19.0721 6772 ============================================================

20:02:21.0095 6772 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:02:21.0204 6772 ============================================================

20:02:21.0204 6772 \Device\Harddisk0\DR0:

20:02:21.0205 6772 MBR partitions:

20:02:21.0205 6772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x13C3000

20:02:21.0205 6772 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13D7000, BlocksNum 0x5616E800

20:02:21.0205 6772 ============================================================

20:02:21.0226 6772 C: <-> \Device\Harddisk0\DR0\Partition2

20:02:21.0226 6772 ============================================================

20:02:21.0226 6772 Initialize success

20:02:21.0226 6772 ============================================================

20:04:34.0089 6988 ============================================================

20:04:34.0089 6988 Scan started

20:04:34.0089 6988 Mode: Manual; SigCheck; TDLFS;

20:04:34.0089 6988 ============================================================

20:04:34.0743 6988 ================ Scan system memory ========================

20:04:34.0743 6988 System memory - ok

20:04:34.0743 6988 ================ Scan services =============================

20:04:34.0899 6988 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

20:04:35.0040 6988 1394ohci - ok

20:04:35.0087 6988 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

20:04:35.0102 6988 ACPI - ok

20:04:35.0133 6988 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

20:04:35.0227 6988 AcpiPmi - ok

20:04:35.0321 6988 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

20:04:35.0352 6988 AdobeARMservice - ok

20:04:35.0477 6988 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:04:35.0508 6988 AdobeFlashPlayerUpdateSvc - ok

20:04:35.0555 6988 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

20:04:35.0586 6988 adp94xx - ok

20:04:35.0601 6988 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

20:04:35.0617 6988 adpahci - ok

20:04:35.0633 6988 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

20:04:35.0648 6988 adpu320 - ok

20:04:35.0679 6988 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

20:04:35.0820 6988 AeLookupSvc - ok

20:04:35.0882 6988 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

20:04:35.0976 6988 AFD - ok

20:04:35.0991 6988 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

20:04:36.0023 6988 agp440 - ok

20:04:36.0038 6988 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

20:04:36.0101 6988 ALG - ok

20:04:36.0116 6988 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

20:04:36.0132 6988 aliide - ok

20:04:36.0147 6988 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

20:04:36.0163 6988 amdide - ok

20:04:36.0179 6988 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

20:04:36.0210 6988 AmdK8 - ok

20:04:36.0225 6988 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

20:04:36.0272 6988 AmdPPM - ok

20:04:36.0303 6988 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

20:04:36.0303 6988 amdsata - ok

20:04:36.0319 6988 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

20:04:36.0335 6988 amdsbs - ok

20:04:36.0350 6988 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

20:04:36.0366 6988 amdxata - ok

20:04:36.0397 6988 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

20:04:36.0569 6988 AppID - ok

20:04:36.0569 6988 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

20:04:36.0615 6988 AppIDSvc - ok

20:04:36.0647 6988 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

20:04:36.0709 6988 Appinfo - ok

20:04:36.0803 6988 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:04:36.0834 6988 Apple Mobile Device - ok

20:04:36.0865 6988 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

20:04:36.0912 6988 arc - ok

20:04:36.0912 6988 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

20:04:36.0927 6988 arcsas - ok

20:04:36.0943 6988 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

20:04:36.0974 6988 AsyncMac - ok

20:04:37.0005 6988 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

20:04:37.0021 6988 atapi - ok

20:04:37.0052 6988 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys

20:04:37.0068 6988 AtiPcie - ok

20:04:37.0115 6988 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

20:04:37.0224 6988 AudioEndpointBuilder - ok

20:04:37.0224 6988 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

20:04:37.0255 6988 AudioSrv - ok

20:04:37.0286 6988 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

20:04:37.0395 6988 AxInstSV - ok

20:04:37.0411 6988 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

20:04:37.0473 6988 b06bdrv - ok

20:04:37.0489 6988 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

20:04:37.0520 6988 b57nd60a - ok

20:04:37.0551 6988 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

20:04:37.0598 6988 BDESVC - ok

20:04:37.0614 6988 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

20:04:37.0676 6988 Beep - ok

20:04:37.0739 6988 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

20:04:37.0801 6988 BFE - ok

20:04:38.0019 6988 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20121106.001\BHDrvx64.sys

20:04:38.0066 6988 BHDrvx64 - ok

20:04:38.0097 6988 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

20:04:38.0175 6988 BITS - ok

20:04:38.0191 6988 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

20:04:38.0238 6988 blbdrive - ok

20:04:38.0316 6988 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

20:04:38.0347 6988 Bonjour Service - ok

20:04:38.0378 6988 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

20:04:38.0441 6988 bowser - ok

20:04:38.0441 6988 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:04:38.0472 6988 BrFiltLo - ok

20:04:38.0487 6988 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:04:38.0503 6988 BrFiltUp - ok

20:04:38.0519 6988 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

20:04:38.0597 6988 BridgeMP - ok

20:04:38.0659 6988 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

20:04:38.0721 6988 Browser - ok

20:04:38.0737 6988 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

20:04:38.0768 6988 Brserid - ok

20:04:38.0784 6988 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

20:04:38.0815 6988 BrSerWdm - ok

20:04:38.0815 6988 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

20:04:38.0846 6988 BrUsbMdm - ok

20:04:38.0862 6988 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

20:04:38.0862 6988 BrUsbSer - ok

20:04:38.0877 6988 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

20:04:38.0909 6988 BTHMODEM - ok

20:04:38.0924 6988 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

20:04:38.0987 6988 bthserv - ok

20:04:38.0987 6988 catchme - ok

20:04:39.0080 6988 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys

20:04:39.0111 6988 ccSet_N360 - ok

20:04:39.0127 6988 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

20:04:39.0205 6988 cdfs - ok

20:04:39.0252 6988 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

20:04:39.0299 6988 cdrom - ok

20:04:39.0330 6988 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

20:04:39.0377 6988 CertPropSvc - ok

20:04:39.0392 6988 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

20:04:39.0408 6988 circlass - ok

20:04:39.0423 6988 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

20:04:39.0455 6988 CLFS - ok

20:04:39.0501 6988 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:04:39.0533 6988 clr_optimization_v2.0.50727_32 - ok

20:04:39.0564 6988 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:04:39.0595 6988 clr_optimization_v2.0.50727_64 - ok

20:04:39.0657 6988 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:04:39.0689 6988 clr_optimization_v4.0.30319_32 - ok

20:04:39.0720 6988 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:04:39.0720 6988 clr_optimization_v4.0.30319_64 - ok

20:04:39.0735 6988 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

20:04:39.0782 6988 CmBatt - ok

20:04:39.0813 6988 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

20:04:39.0845 6988 cmdide - ok

20:04:39.0876 6988 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

20:04:39.0923 6988 CNG - ok

20:04:39.0923 6988 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

20:04:39.0923 6988 Compbatt - ok

20:04:39.0954 6988 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

20:04:40.0032 6988 CompositeBus - ok

20:04:40.0032 6988 COMSysApp - ok

20:04:40.0047 6988 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

20:04:40.0063 6988 crcdisk - ok

20:04:40.0094 6988 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

20:04:40.0157 6988 CryptSvc - ok

20:04:40.0250 6988 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

20:04:40.0266 6988 cvhsvc - ok

20:04:40.0313 6988 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

20:04:40.0344 6988 DcomLaunch - ok

20:04:40.0375 6988 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

20:04:40.0437 6988 defragsvc - ok

20:04:40.0469 6988 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

20:04:40.0531 6988 DfsC - ok

20:04:40.0562 6988 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

20:04:40.0640 6988 Dhcp - ok

20:04:40.0656 6988 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

20:04:40.0687 6988 discache - ok

20:04:40.0718 6988 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

20:04:40.0734 6988 Disk - ok

20:04:40.0781 6988 [ E0D525515537E60ABA8F3E29209F02E8 ] dleaCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe

20:04:40.0812 6988 dleaCATSCustConnectService - ok

20:04:40.0812 6988 dlea_device - ok

20:04:40.0859 6988 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

20:04:40.0905 6988 Dnscache - ok

20:04:40.0937 6988 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe

20:04:40.0983 6988 DockLoginService ( UnsignedFile.Multi.Generic ) - warning

20:04:40.0983 6988 DockLoginService - detected UnsignedFile.Multi.Generic (1)

20:04:41.0015 6988 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

20:04:41.0061 6988 dot3svc - ok

20:04:41.0093 6988 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

20:04:41.0155 6988 DPS - ok

20:04:41.0171 6988 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

20:04:41.0217 6988 drmkaud - ok

20:04:41.0280 6988 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

20:04:41.0311 6988 DXGKrnl - ok

20:04:41.0342 6988 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

20:04:41.0405 6988 EapHost - ok

20:04:41.0498 6988 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

20:04:41.0592 6988 ebdrv - ok

20:04:41.0670 6988 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

20:04:41.0701 6988 eeCtrl - ok

20:04:41.0732 6988 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

20:04:41.0795 6988 EFS - ok

20:04:41.0841 6988 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

20:04:41.0935 6988 ehRecvr - ok

20:04:41.0951 6988 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

20:04:41.0982 6988 ehSched - ok

20:04:42.0013 6988 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

20:04:42.0029 6988 elxstor - ok

20:04:42.0029 6988 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

20:04:42.0060 6988 ErrDev - ok

20:04:42.0107 6988 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

20:04:42.0153 6988 EventSystem - ok

20:04:42.0169 6988 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

20:04:42.0216 6988 exfat - ok

20:04:42.0231 6988 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

20:04:42.0278 6988 fastfat - ok

20:04:42.0325 6988 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

20:04:42.0387 6988 Fax - ok

20:04:42.0403 6988 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

20:04:42.0434 6988 fdc - ok

20:04:42.0450 6988 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

20:04:42.0481 6988 fdPHost - ok

20:04:42.0497 6988 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

20:04:42.0528 6988 FDResPub - ok

20:04:42.0543 6988 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

20:04:42.0559 6988 FileInfo - ok

20:04:42.0575 6988 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

20:04:42.0606 6988 Filetrace - ok

20:04:42.0637 6988 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

20:04:42.0668 6988 flpydisk - ok

20:04:42.0699 6988 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

20:04:42.0731 6988 FltMgr - ok

20:04:42.0777 6988 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

20:04:42.0840 6988 FontCache - ok

20:04:42.0933 6988 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:04:42.0949 6988 FontCache3.0.0.0 - ok

20:04:42.0965 6988 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

20:04:43.0027 6988 FsDepends - ok

20:04:43.0058 6988 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

20:04:43.0105 6988 fssfltr - ok

20:04:43.0214 6988 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

20:04:43.0292 6988 fsssvc - ok

20:04:43.0323 6988 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

20:04:43.0355 6988 Fs_Rec - ok

20:04:43.0386 6988 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

20:04:43.0417 6988 fvevol - ok

20:04:43.0433 6988 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

20:04:43.0433 6988 gagp30kx - ok

20:04:43.0495 6988 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:04:43.0526 6988 GEARAspiWDM - ok

20:04:43.0557 6988 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

20:04:43.0589 6988 GoToAssist - ok

20:04:43.0635 6988 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

20:04:43.0682 6988 gpsvc - ok

20:04:43.0698 6988 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

20:04:43.0745 6988 hcw85cir - ok

20:04:43.0776 6988 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

20:04:43.0791 6988 HDAudBus - ok

20:04:43.0807 6988 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

20:04:43.0838 6988 HidBatt - ok

20:04:43.0854 6988 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

20:04:43.0916 6988 HidBth - ok

20:04:43.0932 6988 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

20:04:43.0979 6988 HidIr - ok

20:04:43.0994 6988 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

20:04:44.0041 6988 hidserv - ok

20:04:44.0072 6988 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

20:04:44.0119 6988 HidUsb - ok

20:04:44.0166 6988 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

20:04:44.0259 6988 hkmsvc - ok

20:04:44.0291 6988 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

20:04:44.0337 6988 HomeGroupListener - ok

20:04:44.0369 6988 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

20:04:44.0415 6988 HomeGroupProvider - ok

20:04:44.0447 6988 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

20:04:44.0462 6988 HpSAMD - ok

20:04:44.0509 6988 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

20:04:44.0571 6988 HTTP - ok

20:04:44.0587 6988 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

20:04:44.0587 6988 hwpolicy - ok

20:04:44.0634 6988 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

20:04:44.0681 6988 i8042prt - ok

20:04:44.0696 6988 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

20:04:44.0743 6988 iaStorV - ok

20:04:44.0774 6988 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:04:44.0805 6988 idsvc - ok

20:04:44.0883 6988 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20121123.001\IDSvia64.sys

20:04:44.0915 6988 IDSVia64 - ok

20:04:44.0946 6988 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

20:04:44.0993 6988 iirsp - ok

20:04:45.0024 6988 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

20:04:45.0071 6988 IKEEXT - ok

20:04:45.0133 6988 [ 9526F32B8A76F8DC25A1587400E30084 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

20:04:45.0180 6988 IntcAzAudAddService - ok

20:04:45.0195 6988 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

20:04:45.0227 6988 intelide - ok

20:04:45.0258 6988 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

20:04:45.0289 6988 intelppm - ok

20:04:45.0320 6988 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

20:04:45.0383 6988 IPBusEnum - ok

20:04:45.0414 6988 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:04:45.0461 6988 IpFilterDriver - ok

20:04:45.0507 6988 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

20:04:45.0539 6988 iphlpsvc - ok

20:04:45.0554 6988 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

20:04:45.0601 6988 IPMIDRV - ok

20:04:45.0601 6988 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

20:04:45.0648 6988 IPNAT - ok

20:04:45.0710 6988 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

20:04:45.0741 6988 iPod Service - ok

20:04:45.0773 6988 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

20:04:45.0788 6988 IRENUM - ok

20:04:45.0804 6988 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

20:04:45.0835 6988 isapnp - ok

20:04:45.0851 6988 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

20:04:45.0882 6988 iScsiPrt - ok

20:04:45.0897 6988 [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys

20:04:45.0913 6988 k57nd60a - ok

20:04:45.0913 6988 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

20:04:45.0929 6988 kbdclass - ok

20:04:45.0960 6988 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

20:04:46.0007 6988 kbdhid - ok

20:04:46.0038 6988 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

20:04:46.0069 6988 KeyIso - ok

20:04:46.0100 6988 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

20:04:46.0131 6988 KSecDD - ok

20:04:46.0147 6988 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

20:04:46.0163 6988 KSecPkg - ok

20:04:46.0163 6988 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

20:04:46.0241 6988 ksthunk - ok

20:04:46.0272 6988 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

20:04:46.0303 6988 KtmRm - ok

20:04:46.0350 6988 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

20:04:46.0397 6988 LanmanServer - ok

20:04:46.0412 6988 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

20:04:46.0475 6988 LanmanWorkstation - ok

20:04:46.0506 6988 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

20:04:46.0537 6988 lltdio - ok

20:04:46.0568 6988 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

20:04:46.0599 6988 lltdsvc - ok

20:04:46.0615 6988 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

20:04:46.0646 6988 lmhosts - ok

20:04:46.0677 6988 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

20:04:46.0693 6988 LSI_FC - ok

20:04:46.0693 6988 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

20:04:46.0709 6988 LSI_SAS - ok

20:04:46.0709 6988 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:04:46.0724 6988 LSI_SAS2 - ok

20:04:46.0740 6988 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:04:46.0755 6988 LSI_SCSI - ok

20:04:46.0755 6988 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

20:04:46.0802 6988 luafv - ok

20:04:46.0833 6988 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

20:04:46.0849 6988 Mcx2Svc - ok

20:04:46.0865 6988 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

20:04:46.0880 6988 megasas - ok

20:04:46.0880 6988 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

20:04:46.0896 6988 MegaSR - ok

20:04:46.0911 6988 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

20:04:46.0943 6988 MMCSS - ok

20:04:46.0958 6988 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

20:04:47.0021 6988 Modem - ok

20:04:47.0067 6988 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

20:04:47.0114 6988 monitor - ok

20:04:47.0130 6988 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys

20:04:47.0161 6988 mouclass - ok

20:04:47.0177 6988 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

20:04:47.0192 6988 mouhid - ok

20:04:47.0223 6988 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

20:04:47.0239 6988 mountmgr - ok

20:04:47.0286 6988 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

20:04:47.0317 6988 MozillaMaintenance - ok

20:04:47.0348 6988 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

20:04:47.0379 6988 mpio - ok

20:04:47.0395 6988 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

20:04:47.0411 6988 mpsdrv - ok

20:04:47.0457 6988 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

20:04:47.0489 6988 MpsSvc - ok

20:04:47.0520 6988 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

20:04:47.0582 6988 MRxDAV - ok

20:04:47.0598 6988 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

20:04:47.0660 6988 mrxsmb - ok

20:04:47.0707 6988 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:04:47.0754 6988 mrxsmb10 - ok

20:04:47.0769 6988 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:04:47.0785 6988 mrxsmb20 - ok

20:04:47.0785 6988 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

20:04:47.0801 6988 msahci - ok

20:04:47.0832 6988 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

20:04:47.0847 6988 msdsm - ok

20:04:47.0879 6988 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

20:04:47.0925 6988 MSDTC - ok

20:04:47.0957 6988 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

20:04:48.0003 6988 Msfs - ok

20:04:48.0035 6988 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

20:04:48.0066 6988 mshidkmdf - ok

20:04:48.0097 6988 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

20:04:48.0113 6988 msisadrv - ok

20:04:48.0144 6988 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

20:04:48.0175 6988 MSiSCSI - ok

20:04:48.0175 6988 msiserver - ok

20:04:48.0206 6988 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

20:04:48.0269 6988 MSKSSRV - ok

20:04:48.0284 6988 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

20:04:48.0331 6988 MSPCLOCK - ok

20:04:48.0362 6988 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

20:04:48.0393 6988 MSPQM - ok

20:04:48.0440 6988 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

20:04:48.0456 6988 MsRPC - ok

20:04:48.0487 6988 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

20:04:48.0503 6988 mssmbios - ok

20:04:48.0503 6988 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

20:04:48.0549 6988 MSTEE - ok

20:04:48.0549 6988 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

20:04:48.0581 6988 MTConfig - ok

20:04:48.0612 6988 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

20:04:48.0643 6988 Mup - ok

20:04:48.0721 6988 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe

20:04:48.0752 6988 N360 - ok

20:04:48.0768 6988 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

20:04:48.0815 6988 napagent - ok

20:04:48.0830 6988 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

20:04:48.0877 6988 NativeWifiP - ok

20:04:48.0971 6988 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121124.005\ENG64.SYS

20:04:49.0002 6988 NAVENG - ok

20:04:49.0080 6988 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121124.005\EX64.SYS

20:04:49.0127 6988 NAVEX15 - ok

20:04:49.0189 6988 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

20:04:49.0236 6988 NDIS - ok

20:04:49.0251 6988 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

20:04:49.0283 6988 NdisCap - ok

20:04:49.0298 6988 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

20:04:49.0329 6988 NdisTapi - ok

20:04:49.0345 6988 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

20:04:49.0392 6988 Ndisuio - ok

20:04:49.0423 6988 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

20:04:49.0485 6988 NdisWan - ok

20:04:49.0501 6988 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

20:04:49.0532 6988 NDProxy - ok

20:04:49.0548 6988 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

20:04:49.0595 6988 NetBIOS - ok

20:04:49.0626 6988 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

20:04:49.0673 6988 NetBT - ok

20:04:49.0673 6988 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

20:04:49.0688 6988 Netlogon - ok

20:04:49.0735 6988 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

20:04:49.0766 6988 Netman - ok

20:04:49.0797 6988 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

20:04:49.0829 6988 netprofm - ok

20:04:49.0860 6988 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:04:49.0891 6988 NetTcpPortSharing - ok

20:04:49.0907 6988 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

20:04:49.0922 6988 nfrd960 - ok

20:04:49.0953 6988 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

20:04:49.0985 6988 NlaSvc - ok

20:04:50.0000 6988 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

20:04:50.0031 6988 Npfs - ok

20:04:50.0031 6988 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

20:04:50.0078 6988 nsi - ok

20:04:50.0094 6988 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

20:04:50.0141 6988 nsiproxy - ok

20:04:50.0203 6988 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

20:04:50.0281 6988 Ntfs - ok

20:04:50.0281 6988 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

20:04:50.0312 6988 Null - ok

20:04:50.0343 6988 [ CDDD4478757288DF4BB1494BFD084259 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys

20:04:50.0359 6988 NVHDA - ok

20:04:50.0562 6988 [ A5D0603CAE6C334B1386204D94393C04 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:04:50.0702 6988 nvlddmkm - ok

20:04:50.0749 6988 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

20:04:50.0765 6988 nvraid - ok

20:04:50.0780 6988 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

20:04:50.0796 6988 nvstor - ok

20:04:50.0811 6988 [ 268D382FCC6A8A568AAB7C6DC8C71BB3 ] nvsvc C:\Windows\system32\nvvsvc.exe

20:04:50.0827 6988 nvsvc - ok

20:04:50.0843 6988 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

20:04:50.0889 6988 nv_agp - ok

20:04:50.0921 6988 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

20:04:50.0952 6988 ohci1394 - ok

20:04:50.0999 6988 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:04:51.0045 6988 ose - ok

20:04:51.0186 6988 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

20:04:51.0326 6988 osppsvc - ok

20:04:51.0357 6988 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

20:04:51.0389 6988 p2pimsvc - ok

20:04:51.0435 6988 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

20:04:51.0467 6988 p2psvc - ok

20:04:51.0482 6988 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

20:04:51.0498 6988 Parport - ok

20:04:51.0545 6988 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

20:04:51.0576 6988 partmgr - ok

20:04:51.0591 6988 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

20:04:51.0623 6988 PcaSvc - ok

20:04:51.0669 6988 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

20:04:51.0716 6988 pci - ok

20:04:51.0763 6988 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

20:04:51.0794 6988 pciide - ok

20:04:51.0810 6988 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

20:04:51.0825 6988 pcmcia - ok

20:04:51.0825 6988 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

20:04:51.0857 6988 pcw - ok

20:04:51.0872 6988 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

20:04:51.0919 6988 PEAUTH - ok

20:04:51.0981 6988 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

20:04:52.0044 6988 PerfHost - ok

20:04:52.0122 6988 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

20:04:52.0231 6988 pla - ok

20:04:52.0278 6988 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

20:04:52.0340 6988 PlugPlay - ok

20:04:52.0371 6988 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

20:04:52.0387 6988 PNRPAutoReg - ok

20:04:52.0403 6988 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

20:04:52.0418 6988 PNRPsvc - ok

20:04:52.0434 6988 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

20:04:52.0465 6988 PolicyAgent - ok

20:04:52.0481 6988 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

20:04:52.0543 6988 Power - ok

20:04:52.0574 6988 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

20:04:52.0637 6988 PptpMiniport - ok

20:04:52.0652 6988 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

20:04:52.0668 6988 Processor - ok

20:04:52.0715 6988 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

20:04:52.0777 6988 ProfSvc - ok

20:04:52.0793 6988 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

20:04:52.0808 6988 ProtectedStorage - ok

20:04:52.0839 6988 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

20:04:52.0871 6988 Psched - ok

20:04:52.0902 6988 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

20:04:52.0917 6988 PxHlpa64 - ok

20:04:52.0980 6988 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

20:04:53.0058 6988 ql2300 - ok

20:04:53.0073 6988 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

20:04:53.0089 6988 ql40xx - ok

20:04:53.0089 6988 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

20:04:53.0120 6988 QWAVE - ok

20:04:53.0136 6988 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

20:04:53.0151 6988 QWAVEdrv - ok

20:04:53.0167 6988 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

20:04:53.0198 6988 RasAcd - ok

20:04:53.0229 6988 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

20:04:53.0292 6988 RasAgileVpn - ok

20:04:53.0323 6988 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

20:04:53.0354 6988 RasAuto - ok

20:04:53.0385 6988 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

20:04:53.0432 6988 Rasl2tp - ok

20:04:53.0479 6988 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

20:04:53.0541 6988 RasMan - ok

20:04:53.0541 6988 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

20:04:53.0588 6988 RasPppoe - ok

20:04:53.0604 6988 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

20:04:53.0651 6988 RasSstp - ok

20:04:53.0666 6988 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

20:04:53.0697 6988 rdbss - ok

20:04:53.0713 6988 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

20:04:53.0713 6988 rdpbus - ok

20:04:53.0729 6988 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

20:04:53.0760 6988 RDPCDD - ok

20:04:53.0791 6988 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

20:04:53.0853 6988 RDPENCDD - ok

20:04:53.0885 6988 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

20:04:53.0916 6988 RDPREFMP - ok

20:04:53.0947 6988 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

20:04:53.0978 6988 RDPWD - ok

20:04:54.0009 6988 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

20:04:54.0041 6988 rdyboost - ok

20:04:54.0056 6988 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

20:04:54.0103 6988 RemoteAccess - ok

20:04:54.0103 6988 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

20:04:54.0134 6988 RemoteRegistry - ok

20:04:54.0212 6988 [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe

20:04:54.0228 6988 RichVideo - ok

20:04:54.0243 6988 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

20:04:54.0306 6988 RpcEptMapper - ok

20:04:54.0337 6988 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

20:04:54.0353 6988 RpcLocator - ok

20:04:54.0368 6988 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

20:04:54.0415 6988 RpcSs - ok

20:04:54.0415 6988 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

20:04:54.0446 6988 rspndr - ok

20:04:54.0477 6988 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

20:04:54.0477 6988 SamSs - ok

20:04:54.0509 6988 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

20:04:54.0555 6988 sbp2port - ok

20:04:54.0571 6988 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

20:04:54.0618 6988 SCardSvr - ok

20:04:54.0633 6988 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

20:04:54.0727 6988 scfilter - ok

20:04:54.0774 6988 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

20:04:54.0852 6988 Schedule - ok

20:04:54.0883 6988 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

20:04:54.0914 6988 SCPolicySvc - ok

20:04:54.0945 6988 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

20:04:54.0977 6988 SDRSVC - ok

20:04:55.0039 6988 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

20:04:55.0086 6988 SeaPort - ok

20:04:55.0101 6988 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

20:04:55.0164 6988 secdrv - ok

20:04:55.0179 6988 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

20:04:55.0211 6988 seclogon - ok

20:04:55.0226 6988 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

20:04:55.0257 6988 SENS - ok

20:04:55.0273 6988 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

20:04:55.0289 6988 SensrSvc - ok

20:04:55.0304 6988 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

20:04:55.0320 6988 Serenum - ok

20:04:55.0335 6988 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

20:04:55.0398 6988 Serial - ok

20:04:55.0429 6988 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

20:04:55.0476 6988 sermouse - ok

20:04:55.0507 6988 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

20:04:55.0538 6988 SessionEnv - ok

20:04:55.0569 6988 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

20:04:55.0585 6988 sffdisk - ok

20:04:55.0616 6988 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

20:04:55.0663 6988 sffp_mmc - ok

20:04:55.0679 6988 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

20:04:55.0710 6988 sffp_sd - ok

20:04:55.0725 6988 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

20:04:55.0741 6988 sfloppy - ok

20:04:55.0788 6988 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

20:04:55.0835 6988 Sftfs - ok

20:04:55.0881 6988 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

20:04:55.0928 6988 sftlist - ok

20:04:55.0944 6988 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

20:04:55.0959 6988 Sftplay - ok

20:04:55.0975 6988 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

20:04:55.0975 6988 Sftredir - ok

20:04:56.0037 6988 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

20:04:56.0084 6988 SftService - ok

20:04:56.0100 6988 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

20:04:56.0100 6988 Sftvol - ok

20:04:56.0115 6988 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

20:04:56.0147 6988 sftvsa - ok

20:04:56.0178 6988 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

20:04:56.0240 6988 SharedAccess - ok

20:04:56.0271 6988 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

20:04:56.0334 6988 ShellHWDetection - ok

20:04:56.0349 6988 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:04:56.0365 6988 SiSRaid2 - ok

20:04:56.0381 6988 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

20:04:56.0381 6988 SiSRaid4 - ok

20:04:56.0412 6988 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

20:04:56.0427 6988 SkypeUpdate - ok

20:04:56.0443 6988 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

20:04:56.0474 6988 Smb - ok

20:04:56.0490 6988 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

20:04:56.0537 6988 SNMPTRAP - ok

20:04:56.0552 6988 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

20:04:56.0568 6988 spldr - ok

20:04:56.0599 6988 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

20:04:56.0646 6988 Spooler - ok

20:04:56.0771 6988 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

20:04:56.0880 6988 sppsvc - ok

20:04:56.0895 6988 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

20:04:56.0942 6988 sppuinotify - ok

20:04:57.0036 6988 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS

20:04:57.0067 6988 SRTSP - ok

20:04:57.0083 6988 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS

20:04:57.0098 6988 SRTSPX - ok

20:04:57.0129 6988 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

20:04:57.0207 6988 srv - ok

20:04:57.0254 6988 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

20:04:57.0285 6988 srv2 - ok

20:04:57.0301 6988 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

20:04:57.0317 6988 srvnet - ok

20:04:57.0348 6988 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

20:04:57.0379 6988 SSDPSRV - ok

20:04:57.0379 6988 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

20:04:57.0410 6988 SstpSvc - ok

20:04:57.0441 6988 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

20:04:57.0457 6988 stexstor - ok

20:04:57.0504 6988 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

20:04:57.0535 6988 stisvc - ok

20:04:57.0566 6988 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

20:04:57.0597 6988 swenum - ok

20:04:57.0629 6988 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

20:04:57.0675 6988 swprv - ok

20:04:57.0722 6988 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS

20:04:57.0753 6988 SymDS - ok

20:04:57.0800 6988 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS

20:04:57.0878 6988 SymEFA - ok

20:04:57.0909 6988 [ 894579207E39C465737E850A252CE4F2 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

20:04:57.0925 6988 SymEvent - ok

20:04:57.0941 6988 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS

20:04:57.0956 6988 SymIRON - ok

20:04:57.0972 6988 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS

20:04:57.0987 6988 SymNetS - ok

20:04:58.0050 6988 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

20:04:58.0175 6988 SysMain - ok

20:04:58.0206 6988 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

20:04:58.0221 6988 TabletInputService - ok

20:04:58.0268 6988 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

20:04:58.0315 6988 TapiSrv - ok

20:04:58.0331 6988 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

20:04:58.0362 6988 TBS - ok

20:04:58.0409 6988 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

20:04:58.0487 6988 Tcpip - ok

20:04:58.0549 6988 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

20:04:58.0580 6988 TCPIP6 - ok

20:04:58.0611 6988 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

20:04:58.0643 6988 tcpipreg - ok

20:04:58.0674 6988 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

20:04:58.0705 6988 TDPIPE - ok

20:04:58.0736 6988 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

20:04:58.0783 6988 TDTCP - ok

20:04:58.0814 6988 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

20:04:58.0861 6988 tdx - ok

20:04:58.0877 6988 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

20:04:58.0892 6988 TermDD - ok

20:04:58.0939 6988 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

20:04:59.0001 6988 TermService - ok

20:04:59.0017 6988 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

20:04:59.0048 6988 Themes - ok

20:04:59.0079 6988 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

20:04:59.0111 6988 THREADORDER - ok

20:04:59.0157 6988 [ 0B345FB8427D0DAAD7D82C74B9961C87 ] TridVid C:\Windows\system32\DRIVERS\tridvid6010.sys

20:04:59.0220 6988 TridVid - ok

20:04:59.0235 6988 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

20:04:59.0282 6988 TrkWks - ok

20:04:59.0329 6988 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

20:04:59.0391 6988 TrustedInstaller - ok

20:04:59.0423 6988 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

20:04:59.0485 6988 tssecsrv - ok

20:04:59.0501 6988 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

20:04:59.0563 6988 TsUsbFlt - ok

20:04:59.0625 6988 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

20:04:59.0672 6988 tunnel - ok

20:04:59.0688 6988 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

20:04:59.0703 6988 uagp35 - ok

20:04:59.0750 6988 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

20:04:59.0781 6988 udfs - ok

20:04:59.0797 6988 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

20:04:59.0828 6988 UI0Detect - ok

20:04:59.0844 6988 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

20:04:59.0859 6988 uliagpkx - ok

20:04:59.0906 6988 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

20:04:59.0937 6988 umbus - ok

20:04:59.0953 6988 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

20:05:00.0000 6988 UmPass - ok

20:05:00.0031 6988 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

20:05:00.0093 6988 upnphost - ok

20:05:00.0125 6988 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

20:05:00.0187 6988 USBAAPL64 - ok

20:05:00.0218 6988 [ C85B8247FADD432FA54FE11667C8D97D ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys

20:05:00.0296 6988 usbbus - ok

20:05:00.0312 6988 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

20:05:00.0359 6988 usbccgp - ok

20:05:00.0390 6988 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

20:05:00.0405 6988 usbcir - ok

20:05:00.0421 6988 [ D8CDC12F5429878F23DDB3785A0FDF95 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys

20:05:00.0468 6988 UsbDiag - ok

20:05:00.0483 6988 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

20:05:00.0499 6988 usbehci - ok

20:05:00.0515 6988 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

20:05:00.0546 6988 usbhub - ok

20:05:00.0577 6988 [ 79FA7A22B0F6F0082F640CBC82A00FCE ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys

20:05:00.0593 6988 USBModem - ok

20:05:00.0608 6988 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

20:05:00.0624 6988 usbohci - ok

20:05:00.0655 6988 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

20:05:00.0702 6988 usbprint - ok

20:05:00.0717 6988 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

20:05:00.0780 6988 usbscan - ok

20:05:00.0795 6988 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:05:00.0873 6988 USBSTOR - ok

20:05:00.0873 6988 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

20:05:00.0905 6988 usbuhci - ok

20:05:00.0920 6988 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

20:05:00.0983 6988 UxSms - ok

20:05:00.0983 6988 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

20:05:00.0998 6988 VaultSvc - ok

20:05:01.0029 6988 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

20:05:01.0045 6988 vdrvroot - ok

20:05:01.0076 6988 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

20:05:01.0107 6988 vds - ok

20:05:01.0123 6988 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

20:05:01.0139 6988 vga - ok

20:05:01.0139 6988 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

20:05:01.0185 6988 VgaSave - ok

20:05:01.0217 6988 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

20:05:01.0263 6988 vhdmp - ok

20:05:01.0279 6988 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

20:05:01.0279 6988 viaide - ok

20:05:01.0310 6988 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

20:05:01.0341 6988 volmgr - ok

20:05:01.0373 6988 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

20:05:01.0419 6988 volmgrx - ok

20:05:01.0435 6988 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

20:05:01.0451 6988 volsnap - ok

20:05:01.0482 6988 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

20:05:01.0482 6988 vsmraid - ok

20:05:01.0544 6988 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

20:05:01.0622 6988 VSS - ok

20:05:01.0638 6988 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

20:05:01.0653 6988 vwifibus - ok

20:05:01.0685 6988 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

20:05:01.0716 6988 W32Time - ok

20:05:01.0731 6988 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

20:05:01.0747 6988 WacomPen - ok

20:05:01.0763 6988 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

20:05:01.0809 6988 WANARP - ok

20:05:01.0809 6988 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

20:05:01.0841 6988 Wanarpv6 - ok

20:05:01.0887 6988 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

20:05:01.0965 6988 WatAdminSvc - ok

20:05:01.0997 6988 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

20:05:02.0059 6988 wbengine - ok

20:05:02.0075 6988 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

20:05:02.0121 6988 WbioSrvc - ok

20:05:02.0153 6988 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

20:05:02.0168 6988 wcncsvc - ok

20:05:02.0184 6988 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

20:05:02.0215 6988 WcsPlugInService - ok

20:05:02.0231 6988 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

20:05:02.0262 6988 Wd - ok

20:05:02.0324 6988 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

20:05:02.0355 6988 Wdf01000 - ok

20:05:02.0371 6988 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

20:05:02.0449 6988 WdiServiceHost - ok

20:05:02.0465 6988 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

20:05:02.0480 6988 WdiSystemHost - ok

20:05:02.0511 6988 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

20:05:02.0558 6988 WebClient - ok

20:05:02.0574 6988 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

20:05:02.0621 6988 Wecsvc - ok

20:05:02.0636 6988 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

20:05:02.0667 6988 wercplsupport - ok

20:05:02.0699 6988 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

20:05:02.0730 6988 WerSvc - ok

20:05:02.0745 6988 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

20:05:02.0761 6988 WfpLwf - ok

20:05:02.0808 6988 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

20:05:02.0855 6988 WimFltr - ok

20:05:02.0855 6988 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

20:05:02.0870 6988 WIMMount - ok

20:05:02.0886 6988 WinDefend - ok

20:05:02.0886 6988 WinHttpAutoProxySvc - ok

20:05:02.0917 6988 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

20:05:02.0948 6988 Winmgmt - ok

20:05:03.0011 6988 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

20:05:03.0120 6988 WinRM - ok

20:05:03.0182 6988 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

20:05:03.0245 6988 WinUsb - ok

20:05:03.0260 6988 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

20:05:03.0291 6988 Wlansvc - ok

20:05:03.0354 6988 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

20:05:03.0385 6988 wlcrasvc - ok

20:05:03.0479 6988 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:05:03.0541 6988 wlidsvc - ok

20:05:03.0572 6988 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

20:05:03.0588 6988 WmiAcpi - ok

20:05:03.0588 6988 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

20:05:03.0619 6988 wmiApSrv - ok

20:05:03.0619 6988 WMPNetworkSvc - ok

20:05:03.0635 6988 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

20:05:03.0681 6988 WPCSvc - ok

20:05:03.0713 6988 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

20:05:03.0759 6988 WPDBusEnum - ok

20:05:03.0775 6988 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

20:05:03.0806 6988 ws2ifsl - ok

20:05:03.0822 6988 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

20:05:03.0853 6988 wscsvc - ok

20:05:03.0869 6988 WSearch - ok

20:05:03.0978 6988 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

20:05:04.0071 6988 wuauserv - ok

20:05:04.0103 6988 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

20:05:04.0181 6988 WudfPf - ok

20:05:04.0196 6988 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

20:05:04.0243 6988 WUDFRd - ok

20:05:04.0274 6988 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

20:05:04.0305 6988 wudfsvc - ok

20:05:04.0321 6988 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

20:05:04.0352 6988 WwanSvc - ok

20:05:04.0352 6988 ================ Scan global ===============================

20:05:04.0383 6988 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

20:05:04.0415 6988 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

20:05:04.0430 6988 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

20:05:04.0461 6988 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

20:05:04.0477 6988 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

20:05:04.0493 6988 [Global] - ok

20:05:04.0493 6988 ================ Scan MBR ==================================

20:05:04.0493 6988 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0

20:05:04.0493 6988 Suspicious mbr (Forged): \Device\Harddisk0\DR0

20:05:04.0539 6988 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

20:05:04.0539 6988 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

20:05:04.0633 6988 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

20:05:04.0633 6988 \Device\Harddisk0\DR0 - detected TDSS File System (1)

20:05:04.0633 6988 ================ Scan VBR ==================================

20:05:04.0633 6988 [ 713A049E5C8278152DC1C28B2C7D051D ] \Device\Harddisk0\DR0\Partition1

20:05:04.0649 6988 \Device\Harddisk0\DR0\Partition1 - ok

20:05:04.0664 6988 [ BA0AB65005EB9E61827AC20B0BF5BF9B ] \Device\Harddisk0\DR0\Partition2

20:05:04.0664 6988 \Device\Harddisk0\DR0\Partition2 - ok

20:05:04.0664 6988 ============================================================

20:05:04.0664 6988 Scan finished

20:05:04.0664 6988 ============================================================

20:05:04.0680 2468 Detected object count: 3

20:05:04.0680 2468 Actual detected object count: 3

20:09:50.0722 2468 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user

20:09:50.0722 2468 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:09:51.0294 2468 \Device\Harddisk0\DR0\# - copied to quarantine

20:09:51.0296 2468 \Device\Harddisk0\DR0 - copied to quarantine

20:09:51.0348 2468 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

20:09:51.0351 2468 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

20:09:51.0373 2468 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

20:09:51.0383 2468 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

20:09:51.0385 2468 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

20:09:51.0386 2468 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

20:09:51.0388 2468 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

20:09:51.0391 2468 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

20:09:51.0394 2468 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

20:09:51.0396 2468 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

20:09:51.0398 2468 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

20:09:51.0399 2468 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

20:09:51.0426 2468 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

20:09:51.0430 2468 \Device\Harddisk0\DR0 - ok

20:09:51.0789 2468 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

20:09:51.0790 2468 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

20:09:51.0790 2468 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

20:10:41.0360 5004 Deinitialize success

Link to post
Share on other sites

Results from the unfinished Full Scan:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.24.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Orender Clan :: ORENDERCLAN-PC [administrator]

11/25/2012 8:22:38 PM

mbam-log-2012-11-25 (20-22-38).txt

Scan type: Full scan (C:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 86422

Time elapsed: 17 minute(s), 45 second(s) [aborted]

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\TDSSKiller_Quarantine\25.11.2012_20.02.19\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

results from quick scan:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.24.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Orender Clan :: ORENDERCLAN-PC [administrator]

11/25/2012 8:46:31 PM

mbam-log-2012-11-25 (20-46-31).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 206884

Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

I see MB has dealt with the same issue, that will have been created by the rootkit before the successful run of TDSSKiller removed it. OK do the following:

Ok run a scan with TDSSKiller one more time, when you see reference to this entry \Device\Harddisk0\DR0 ( TDSS File System ) Select cure this time.

Next,

We need to run an online scan with ESET to ensure we`ve missed nothing, this is very thorough so may take several hours to complete:

Run ESET Online Scan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

You can refer to this animation by neomage if needed.

Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Link to post
Share on other sites

ESET threats found text:

C:\Qoobox\Quarantine\C\Users\Orender Clan\AppData\Local\CRE\Apps\jkuzrfrtz.dll.vir a variant of Win32/Kryptik.APAF trojan

C:\TDSSKiller_Quarantine\25.11.2012_21.04.12\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan

C:\Users\Orender Clan\AppData\Roaming\Mozilla\Firefox\Profiles\f8we4oe0.default\extensions\wyhdyjvgsc@wyhdyjvgsc.org.xpi JS/Redirector.NCI trojan

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZN67ZVN\submit-a-video[1].htm HTML/Iframe.B.Gen virus

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZN67ZVN\submit-a-video[1].htm HTML/Iframe.B.Gen virus

ESET Log:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=c5de0abf261c8543995519dae2523159

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-11-26 04:52:55

# local_time=2012-11-25 11:52:55 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=3589 16777213 100 71 0 104475093 0 0

# compatibility_mode=5893 16776574 66 85 41355377 105442447 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=202333

# found=5

# cleaned=0

# scan_time=6578

C:\Qoobox\Quarantine\C\Users\Orender Clan\AppData\Local\CRE\Apps\jkuzrfrtz.dll.vir a variant of Win32/Kryptik.APAF trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\25.11.2012_21.04.12\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\Orender Clan\AppData\Roaming\Mozilla\Firefox\Profiles\f8we4oe0.default\extensions\wyhdyjvgsc@wyhdyjvgsc.org.xpi JS/Redirector.NCI trojan (unable to clean) 00000000000000000000000000000000 I

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZN67ZVN\submit-a-video[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZN67ZVN\submit-a-video[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

Run the following:

Please download OTM by OldTimer.

Alternative Mirror 1

Alternative Mirror 2

Save it to your desktop.

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Files
    ipconfig /flushdns /c
    C:\Users\Orender Clan\AppData\Roaming\Mozilla\Firefox\Profiles\f8we4oe0.default\extensions\wyhdyjvgsc@wyhdyjvgsc.org.xpi
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZN67ZVN\submit-a-video[1].htm
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZN67ZVN\submit-a-video[1].htm
    :Commands
    [EmptyTemp]
    [CreateRestorePoint]


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Let me see that log, give update on how system is responding, also if any issues or concerns...

Kevin

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.